@lucern/contracts 0.3.0-alpha.9 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/dist/api-enums.contract.d.ts +5 -3
- package/dist/api-enums.contract.js +14 -12
- package/dist/api-enums.contract.js.map +1 -1
- package/dist/auth-context.contract.js +14 -2
- package/dist/auth-context.contract.js.map +1 -1
- package/dist/auth-session.contract.js +14 -2
- package/dist/auth-session.contract.js.map +1 -1
- package/dist/auth.contract.d.ts +1 -1
- package/dist/auth.contract.js +14 -2
- package/dist/auth.contract.js.map +1 -1
- package/dist/component-boundary.contract.d.ts +1 -1
- package/dist/component-boundary.contract.js +46 -26
- package/dist/component-boundary.contract.js.map +1 -1
- package/dist/component-host-boundary.contract.d.ts +10 -5
- package/dist/component-host-boundary.contract.js +10 -4
- package/dist/component-host-boundary.contract.js.map +1 -1
- package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
- package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
- package/dist/dsl.d.ts +2 -2
- package/dist/dsl.js.map +1 -1
- package/dist/function-registry/beliefs.d.ts +23 -10
- package/dist/function-registry/beliefs.js +467 -36
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +15 -6
- package/dist/function-registry/coding.js +531 -22
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +9 -3
- package/dist/function-registry/context.js +464 -21
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +9 -3
- package/dist/function-registry/contracts.js +464 -21
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +21 -9
- package/dist/function-registry/coordination.js +464 -21
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +167 -2
- package/dist/function-registry/edges.js +619 -28
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +19 -8
- package/dist/function-registry/evidence.js +469 -36
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +33 -15
- package/dist/function-registry/graph.js +464 -21
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +6 -3
- package/dist/function-registry/helpers.js +465 -22
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +62 -16
- package/dist/function-registry/identity.js +487 -27
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +4 -2
- package/dist/function-registry/index.js +468 -22
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +7 -2
- package/dist/function-registry/judgments.js +464 -21
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +5 -1
- package/dist/function-registry/legacy.js +464 -21
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +11 -4
- package/dist/function-registry/lenses.js +464 -21
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +4 -4
- package/dist/function-registry/manifest.js +16 -1
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +412 -0
- package/dist/function-registry/nodes.js +5354 -0
- package/dist/function-registry/nodes.js.map +1 -0
- package/dist/function-registry/ontologies.d.ts +25 -11
- package/dist/function-registry/ontologies.js +464 -21
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +9 -3
- package/dist/function-registry/pipeline.js +464 -21
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +27 -12
- package/dist/function-registry/questions.js +466 -26
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +11 -4
- package/dist/function-registry/tasks.js +497 -30
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +93 -5
- package/dist/function-registry/topics.js +534 -24
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +7 -3
- package/dist/function-registry/worktrees.d.ts +25 -11
- package/dist/function-registry/worktrees.js +480 -21
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/gateway.contract.d.ts +4 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.d.ts +3 -3
- package/dist/generated/convexSchemas.js +37 -17
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
- package/dist/generated/infisicalRuntimeEnv.js +27585 -0
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
- package/dist/generated/lucernGatewayEnv.d.ts +17 -0
- package/dist/generated/lucernGatewayEnv.js +38 -0
- package/dist/generated/lucernGatewayEnv.js.map +1 -0
- package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
- package/dist/generated/lucernWebPublicEnv.js +32 -0
- package/dist/generated/lucernWebPublicEnv.js.map +1 -0
- package/dist/generated/lucernWebServerEnv.d.ts +33 -0
- package/dist/generated/lucernWebServerEnv.js +51 -0
- package/dist/generated/lucernWebServerEnv.js.map +1 -0
- package/dist/generated/schema-manifest.json +1221 -114
- package/dist/generated/tableOwnership.d.ts +48 -28
- package/dist/generated/tableOwnership.js +66 -26
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +64 -9
- package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
- package/dist/index.d.ts +11 -6
- package/dist/index.js +32838 -413
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +1763 -6
- package/dist/infisical-runtime.contract.js +2994 -15
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +1689 -6
- package/dist/manifests/infisical-runtime-manifest.js +2847 -12
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/manifests/tenant-client-manifest.d.ts +19 -14
- package/dist/manifests/tenant-client-manifest.js +29 -12
- package/dist/manifests/tenant-client-manifest.js.map +1 -1
- package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
- package/dist/mcp-gateway-boundary.contract.js +2 -0
- package/dist/mcp-gateway-boundary.contract.js.map +1 -1
- package/dist/permit-principal-projection.contract.d.ts +74 -0
- package/dist/permit-principal-projection.contract.js +167 -0
- package/dist/permit-principal-projection.contract.js.map +1 -0
- package/dist/projections/check-convex-args-shape.js +10 -6
- package/dist/projections/check-convex-args-shape.js.map +1 -1
- package/dist/projections/create-evidence.projection.d.ts +6 -6
- package/dist/projections/create-evidence.projection.js +2 -3
- package/dist/projections/create-evidence.projection.js.map +1 -1
- package/dist/projections/index.d.ts +3 -3
- package/dist/projections/index.js +10 -6
- package/dist/projections/index.js.map +1 -1
- package/dist/projections/list-tasks.projection.d.ts +20 -8
- package/dist/projections/list-tasks.projection.js +8 -3
- package/dist/projections/list-tasks.projection.js.map +1 -1
- package/dist/proof-attestation.json +45 -0
- package/dist/schemas/component-table-manifest.d.ts +6 -6
- package/dist/schemas/component-table-manifest.js +2 -2
- package/dist/schemas/component-table-manifest.js.map +1 -1
- package/dist/schemas/index.d.ts +2 -2
- package/dist/schemas/index.js +1123 -137
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +2102 -132
- package/dist/schemas/manifest.js +1121 -135
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
- package/dist/schemas/tables/controlPlane/accessControl.js +658 -0
- package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
- package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
- package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
- package/dist/schemas/tables/controlPlane/model.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
- package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
- package/dist/schemas/tables/controlPlane/project.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
- package/dist/schemas/tables/controlPlane/user.js.map +1 -0
- package/dist/schemas/tables/kernel/config.d.ts +1 -1
- package/dist/schemas/tables/kernel/config.js.map +1 -1
- package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
- package/dist/schemas/tables/kernel/coordination.js.map +1 -1
- package/dist/schemas/tables/kernel/decision.d.ts +1 -1
- package/dist/schemas/tables/kernel/decision.js.map +1 -1
- package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
- package/dist/schemas/tables/kernel/embedding.js.map +1 -1
- package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
- package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
- package/dist/schemas/tables/kernel/events.d.ts +21 -0
- package/dist/schemas/tables/kernel/events.js +43 -0
- package/dist/schemas/tables/kernel/events.js.map +1 -0
- package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
- package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
- package/dist/schemas/tables/kernel/infra.d.ts +1 -1
- package/dist/schemas/tables/kernel/infra.js.map +1 -1
- package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
- package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
- package/dist/schemas/tables/kernel/lens.d.ts +1 -1
- package/dist/schemas/tables/kernel/lens.js.map +1 -1
- package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
- package/dist/schemas/tables/kernel/ontology.js.map +1 -1
- package/dist/schemas/tables/kernel/platform.d.ts +1 -1
- package/dist/schemas/tables/kernel/platform.js.map +1 -1
- package/dist/schemas/tables/kernel/spine.d.ts +2 -1
- package/dist/schemas/tables/kernel/spine.js +1 -0
- package/dist/schemas/tables/kernel/spine.js.map +1 -1
- package/dist/schemas/tables/kernel/task.d.ts +1 -1
- package/dist/schemas/tables/kernel/task.js.map +1 -1
- package/dist/schemas/tables/kernel/topic.d.ts +1 -1
- package/dist/schemas/tables/kernel/topic.js +1 -0
- package/dist/schemas/tables/kernel/topic.js.map +1 -1
- package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
- package/dist/schemas/tables/kernel/workflow.js.map +1 -1
- package/dist/schemas/tables/kernel/worktree.d.ts +17 -17
- package/dist/schemas/tables/kernel/worktree.js.map +1 -1
- package/dist/schemas/tables/mc/identity.d.ts +19 -2
- package/dist/schemas/tables/mc/identity.js +32 -1
- package/dist/schemas/tables/mc/identity.js.map +1 -1
- package/dist/schemas/tables/mc/methodology.d.ts +1 -1
- package/dist/schemas/tables/mc/methodology.js.map +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +1 -1
- package/dist/schemas/tables/mc/pack.js.map +1 -1
- package/dist/schemas/tables/mc/policy.d.ts +2 -2
- package/dist/schemas/tables/mc/policy.js +1 -1
- package/dist/schemas/tables/mc/policy.js.map +1 -1
- package/dist/schemas/tables/mc/registry.d.ts +1 -1
- package/dist/schemas/tables/mc/registry.js.map +1 -1
- package/dist/schemas/tables/mc/runtime.d.ts +109 -3
- package/dist/schemas/tables/mc/runtime.js +330 -104
- package/dist/schemas/tables/mc/runtime.js.map +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +4 -2
- package/dist/schemas/tables/mc/tenant.js +3 -1
- package/dist/schemas/tables/mc/tenant.js.map +1 -1
- package/dist/schemas/tables/mc/workspace.d.ts +22 -5
- package/dist/schemas/tables/mc/workspace.js +34 -2
- package/dist/schemas/tables/mc/workspace.js.map +1 -1
- package/dist/{sdk-tools.contract-Ci8bkoai.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +417 -13
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +244 -56
- package/dist/tenant-bootstrap-seed.contract.js +139 -28
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.defaults.d.ts +2 -2
- package/dist/tenant-bootstrap-seed.defaults.js +31 -13
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
- package/dist/tenant-client.contract.d.ts +20 -15
- package/dist/tenant-client.contract.js +29 -12
- package/dist/tenant-client.contract.js.map +1 -1
- package/dist/{tool-contracts-B4iWhejG.d.ts → tool-contracts-C_xvM9q2.d.ts} +32 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +418 -14
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +22 -1
- package/dist/schemas/tables/identity/agent.js.map +0 -1
- package/dist/schemas/tables/identity/epistemic.js.map +0 -1
- package/dist/schemas/tables/identity/model.js.map +0 -1
- package/dist/schemas/tables/identity/platform.js.map +0 -1
- package/dist/schemas/tables/identity/project.js.map +0 -1
- package/dist/schemas/tables/identity/user.js.map +0 -1
|
@@ -13,16 +13,20 @@ var TENANT_BOOTSTRAP_SEED_COMPONENTS = {
|
|
|
13
13
|
kernel: {
|
|
14
14
|
componentName: "lucern",
|
|
15
15
|
migrationModule: "adapters/migration",
|
|
16
|
+
templateMigrationModule: "dist/adapters/migration",
|
|
17
|
+
tenantMigrationModule: "adapters/migration",
|
|
16
18
|
templateService: "services/kernel-template",
|
|
17
19
|
templateDeployments: {
|
|
18
20
|
staging: "kindly-goldfish-162",
|
|
19
21
|
prod: "cool-badger-368"
|
|
20
22
|
}
|
|
21
23
|
},
|
|
22
|
-
|
|
23
|
-
componentName: "
|
|
24
|
+
"control-plane": {
|
|
25
|
+
componentName: "controlPlane",
|
|
24
26
|
migrationModule: "migration",
|
|
25
|
-
|
|
27
|
+
templateMigrationModule: "dist/migration",
|
|
28
|
+
tenantMigrationModule: "migration",
|
|
29
|
+
templateService: "services/control-plane-template",
|
|
26
30
|
templateDeployments: {
|
|
27
31
|
staging: "industrious-cheetah-864",
|
|
28
32
|
prod: "combative-beagle-879"
|
|
@@ -182,6 +186,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
182
186
|
copyMode: "none",
|
|
183
187
|
description: "Deliberation sessions are created by tenant workflows."
|
|
184
188
|
},
|
|
189
|
+
{
|
|
190
|
+
component: "kernel",
|
|
191
|
+
table: "domainEvents",
|
|
192
|
+
prepopulation: "runtime_log",
|
|
193
|
+
copyMode: "none",
|
|
194
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
195
|
+
},
|
|
185
196
|
{
|
|
186
197
|
component: "kernel",
|
|
187
198
|
table: "epistemicAudit",
|
|
@@ -431,14 +442,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
431
442
|
description: "Worktrees are tenant/runtime planning data."
|
|
432
443
|
},
|
|
433
444
|
{
|
|
434
|
-
component: "
|
|
445
|
+
component: "control-plane",
|
|
435
446
|
table: "agents",
|
|
436
447
|
prepopulation: "runtime_bootstrap",
|
|
437
448
|
copyMode: "none",
|
|
438
449
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
439
450
|
},
|
|
440
451
|
{
|
|
441
|
-
component: "
|
|
452
|
+
component: "control-plane",
|
|
442
453
|
table: "mcpWritePolicy",
|
|
443
454
|
prepopulation: "required_template",
|
|
444
455
|
copyMode: "template_global",
|
|
@@ -447,14 +458,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
447
458
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
448
459
|
},
|
|
449
460
|
{
|
|
450
|
-
component: "
|
|
461
|
+
component: "control-plane",
|
|
451
462
|
table: "modelCallLogs",
|
|
452
463
|
prepopulation: "runtime_log",
|
|
453
464
|
copyMode: "none",
|
|
454
465
|
description: "Model call logs are runtime telemetry."
|
|
455
466
|
},
|
|
456
467
|
{
|
|
457
|
-
component: "
|
|
468
|
+
component: "control-plane",
|
|
458
469
|
table: "modelFunctionSlots",
|
|
459
470
|
prepopulation: "required_template",
|
|
460
471
|
copyMode: "template_global",
|
|
@@ -463,7 +474,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
463
474
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
464
475
|
},
|
|
465
476
|
{
|
|
466
|
-
component: "
|
|
477
|
+
component: "control-plane",
|
|
467
478
|
table: "modelRegistry",
|
|
468
479
|
prepopulation: "required_template",
|
|
469
480
|
copyMode: "template_global",
|
|
@@ -472,7 +483,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
472
483
|
description: "Model catalog defaults are required by model runtime clients."
|
|
473
484
|
},
|
|
474
485
|
{
|
|
475
|
-
component: "
|
|
486
|
+
component: "control-plane",
|
|
476
487
|
table: "modelSlotConfigs",
|
|
477
488
|
prepopulation: "required_template",
|
|
478
489
|
copyMode: "template_global",
|
|
@@ -481,14 +492,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
481
492
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
482
493
|
},
|
|
483
494
|
{
|
|
484
|
-
component: "
|
|
495
|
+
component: "control-plane",
|
|
496
|
+
table: "permitAccessReviewItems",
|
|
497
|
+
prepopulation: "runtime_data",
|
|
498
|
+
copyMode: "none",
|
|
499
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
500
|
+
},
|
|
501
|
+
{
|
|
502
|
+
component: "control-plane",
|
|
503
|
+
table: "permitAccessReviews",
|
|
504
|
+
prepopulation: "runtime_data",
|
|
505
|
+
copyMode: "none",
|
|
506
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
507
|
+
},
|
|
508
|
+
{
|
|
509
|
+
component: "control-plane",
|
|
510
|
+
table: "permitAttributeBindings",
|
|
511
|
+
prepopulation: "runtime_data",
|
|
512
|
+
copyMode: "none",
|
|
513
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
514
|
+
},
|
|
515
|
+
{
|
|
516
|
+
component: "control-plane",
|
|
517
|
+
table: "permitGroups",
|
|
518
|
+
prepopulation: "runtime_data",
|
|
519
|
+
copyMode: "none",
|
|
520
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
521
|
+
},
|
|
522
|
+
{
|
|
523
|
+
component: "control-plane",
|
|
524
|
+
table: "permitGroupMemberships",
|
|
525
|
+
prepopulation: "runtime_data",
|
|
526
|
+
copyMode: "none",
|
|
527
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
528
|
+
},
|
|
529
|
+
{
|
|
530
|
+
component: "control-plane",
|
|
531
|
+
table: "permitPolicyBundles",
|
|
532
|
+
prepopulation: "runtime_derived",
|
|
533
|
+
copyMode: "none",
|
|
534
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
535
|
+
},
|
|
536
|
+
{
|
|
537
|
+
component: "control-plane",
|
|
538
|
+
table: "permitPolicyDecisionReceipts",
|
|
539
|
+
prepopulation: "runtime_log",
|
|
540
|
+
copyMode: "none",
|
|
541
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
542
|
+
},
|
|
543
|
+
{
|
|
544
|
+
component: "control-plane",
|
|
545
|
+
table: "permitPrincipalAliases",
|
|
546
|
+
prepopulation: "runtime_data",
|
|
547
|
+
copyMode: "none",
|
|
548
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
549
|
+
},
|
|
550
|
+
{
|
|
551
|
+
component: "control-plane",
|
|
552
|
+
table: "permitPrincipals",
|
|
553
|
+
prepopulation: "runtime_data",
|
|
554
|
+
copyMode: "none",
|
|
555
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
556
|
+
},
|
|
557
|
+
{
|
|
558
|
+
component: "control-plane",
|
|
559
|
+
table: "permitProjectionOutbox",
|
|
560
|
+
prepopulation: "runtime_queue",
|
|
561
|
+
copyMode: "none",
|
|
562
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
563
|
+
},
|
|
564
|
+
{
|
|
565
|
+
component: "control-plane",
|
|
566
|
+
table: "permitRelationshipTuples",
|
|
567
|
+
prepopulation: "runtime_data",
|
|
568
|
+
copyMode: "none",
|
|
569
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
570
|
+
},
|
|
571
|
+
{
|
|
572
|
+
component: "control-plane",
|
|
573
|
+
table: "permitResourceInstances",
|
|
574
|
+
prepopulation: "runtime_data",
|
|
575
|
+
copyMode: "none",
|
|
576
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
577
|
+
},
|
|
578
|
+
{
|
|
579
|
+
component: "control-plane",
|
|
580
|
+
table: "permitRoleAssignments",
|
|
581
|
+
prepopulation: "runtime_data",
|
|
582
|
+
copyMode: "none",
|
|
583
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
584
|
+
},
|
|
585
|
+
{
|
|
586
|
+
component: "control-plane",
|
|
485
587
|
table: "platformAudienceGrants",
|
|
486
588
|
prepopulation: "runtime_data",
|
|
487
589
|
copyMode: "none",
|
|
488
590
|
description: "Audience grants are principal/group-specific access rows."
|
|
489
591
|
},
|
|
490
592
|
{
|
|
491
|
-
component: "
|
|
593
|
+
component: "control-plane",
|
|
492
594
|
table: "platformAudiences",
|
|
493
595
|
prepopulation: "required_template",
|
|
494
596
|
copyMode: "template_tenant_rewrite",
|
|
@@ -497,35 +599,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
497
599
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
498
600
|
},
|
|
499
601
|
{
|
|
500
|
-
component: "
|
|
602
|
+
component: "control-plane",
|
|
501
603
|
table: "platformPolicyDecisionLogs",
|
|
502
604
|
prepopulation: "runtime_log",
|
|
503
605
|
copyMode: "none",
|
|
504
606
|
description: "Policy decisions are runtime audit logs."
|
|
505
607
|
},
|
|
506
608
|
{
|
|
507
|
-
component: "
|
|
609
|
+
component: "control-plane",
|
|
508
610
|
table: "projectGrants",
|
|
509
611
|
prepopulation: "runtime_data",
|
|
510
612
|
copyMode: "none",
|
|
511
613
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
512
614
|
},
|
|
513
615
|
{
|
|
514
|
-
component: "
|
|
616
|
+
component: "control-plane",
|
|
515
617
|
table: "reasoningPermissions",
|
|
516
618
|
prepopulation: "runtime_data",
|
|
517
619
|
copyMode: "none",
|
|
518
620
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
519
621
|
},
|
|
520
622
|
{
|
|
521
|
-
component: "
|
|
623
|
+
component: "control-plane",
|
|
522
624
|
table: "tenantApiKeys",
|
|
523
625
|
prepopulation: "runtime_secret",
|
|
524
626
|
copyMode: "none",
|
|
525
627
|
description: "API keys are tenant credentials and must never be copied."
|
|
526
628
|
},
|
|
527
629
|
{
|
|
528
|
-
component: "
|
|
630
|
+
component: "control-plane",
|
|
529
631
|
table: "tenantConfig",
|
|
530
632
|
prepopulation: "required_template",
|
|
531
633
|
copyMode: "template_tenant_rewrite",
|
|
@@ -534,7 +636,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
534
636
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
535
637
|
},
|
|
536
638
|
{
|
|
537
|
-
component: "
|
|
639
|
+
component: "control-plane",
|
|
538
640
|
table: "tenantIntegrations",
|
|
539
641
|
prepopulation: "required_template",
|
|
540
642
|
copyMode: "template_tenant_rewrite",
|
|
@@ -543,14 +645,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
543
645
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
544
646
|
},
|
|
545
647
|
{
|
|
546
|
-
component: "
|
|
648
|
+
component: "control-plane",
|
|
547
649
|
table: "tenantModelSlotBindings",
|
|
548
650
|
prepopulation: "runtime_secret",
|
|
549
651
|
copyMode: "none",
|
|
550
652
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
551
653
|
},
|
|
552
654
|
{
|
|
553
|
-
component: "
|
|
655
|
+
component: "control-plane",
|
|
656
|
+
table: "tenantPermitSyncStates",
|
|
657
|
+
prepopulation: "runtime_derived",
|
|
658
|
+
copyMode: "none",
|
|
659
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
660
|
+
},
|
|
661
|
+
{
|
|
662
|
+
component: "control-plane",
|
|
554
663
|
table: "tenantPolicies",
|
|
555
664
|
prepopulation: "required_template",
|
|
556
665
|
copyMode: "template_tenant_rewrite",
|
|
@@ -559,42 +668,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
559
668
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
560
669
|
},
|
|
561
670
|
{
|
|
562
|
-
component: "
|
|
671
|
+
component: "control-plane",
|
|
563
672
|
table: "tenantProviderSecrets",
|
|
564
673
|
prepopulation: "runtime_secret",
|
|
565
674
|
copyMode: "none",
|
|
566
675
|
description: "Provider secrets are credentials and must never be copied."
|
|
567
676
|
},
|
|
568
677
|
{
|
|
569
|
-
component: "
|
|
678
|
+
component: "control-plane",
|
|
570
679
|
table: "tenantProxyGatewayUsage",
|
|
571
680
|
prepopulation: "runtime_log",
|
|
572
681
|
copyMode: "none",
|
|
573
682
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
574
683
|
},
|
|
575
684
|
{
|
|
576
|
-
component: "
|
|
685
|
+
component: "control-plane",
|
|
577
686
|
table: "tenantProxyTokenMints",
|
|
578
687
|
prepopulation: "runtime_secret",
|
|
579
688
|
copyMode: "none",
|
|
580
689
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
581
690
|
},
|
|
582
691
|
{
|
|
583
|
-
component: "
|
|
692
|
+
component: "control-plane",
|
|
584
693
|
table: "tenantSandboxAuditEvents",
|
|
585
694
|
prepopulation: "runtime_log",
|
|
586
695
|
copyMode: "none",
|
|
587
696
|
description: "Sandbox audit rows are runtime security logs."
|
|
588
697
|
},
|
|
589
698
|
{
|
|
590
|
-
component: "
|
|
699
|
+
component: "control-plane",
|
|
591
700
|
table: "tenantSecrets",
|
|
592
701
|
prepopulation: "runtime_secret",
|
|
593
702
|
copyMode: "none",
|
|
594
703
|
description: "Tenant secrets are credentials and must never be copied."
|
|
595
704
|
},
|
|
596
705
|
{
|
|
597
|
-
component: "
|
|
706
|
+
component: "control-plane",
|
|
598
707
|
table: "toolAcls",
|
|
599
708
|
prepopulation: "required_template",
|
|
600
709
|
copyMode: "template_global",
|
|
@@ -603,7 +712,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
603
712
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
604
713
|
},
|
|
605
714
|
{
|
|
606
|
-
component: "
|
|
715
|
+
component: "control-plane",
|
|
607
716
|
table: "toolRegistry",
|
|
608
717
|
prepopulation: "required_template",
|
|
609
718
|
copyMode: "template_global",
|
|
@@ -612,7 +721,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
612
721
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
613
722
|
},
|
|
614
723
|
{
|
|
615
|
-
component: "
|
|
724
|
+
component: "control-plane",
|
|
616
725
|
table: "users",
|
|
617
726
|
prepopulation: "runtime_bootstrap",
|
|
618
727
|
copyMode: "none",
|
|
@@ -645,7 +754,9 @@ function isTenantBootstrapSeedTable(table) {
|
|
|
645
754
|
return Boolean(findTenantBootstrapSeedTable(table));
|
|
646
755
|
}
|
|
647
756
|
function isTenantBootstrapForbiddenSeedTable(table) {
|
|
648
|
-
return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some(
|
|
757
|
+
return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some(
|
|
758
|
+
(entry) => entry === table
|
|
759
|
+
);
|
|
649
760
|
}
|
|
650
761
|
|
|
651
762
|
export { TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/tenant-bootstrap-seed.contract.ts"],"names":[],"mappings":";AAUO,IAAM,sCAAA,GAAyC;AAE/C,IAAM,0CAAA,GAA6C;AAAA,EACxD,UAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,MAAA,EAAQ;AAAA,IACN,aAAA,EAAe,QAAA;AAAA,IACf,eAAA,EAAiB,oBAAA;AAAA,IACjB,eAAA,EAAiB,0BAAA;AAAA,IACjB,mBAAA,EAAqB;AAAA,MACnB,OAAA,EAAS,qBAAA;AAAA,MACT,IAAA,EAAM;AAAA;AACR,GACF;AAAA,EACA,QAAA,EAAU;AAAA,IACR,aAAA,EAAe,UAAA;AAAA,IACf,eAAA,EAAiB,WAAA;AAAA,IACjB,eAAA,EAAiB,4BAAA;AAAA,IACjB,mBAAA,EAAqB;AAAA,MACnB,OAAA,EAAS,yBAAA;AAAA,MACT,IAAA,EAAM;AAAA;AACR;AAEJ;AA0CA,SAAS,0BACP,KAAA,EACmC;AACnC,EAAA,OAAA,CACG,KAAA,CAAM,aAAa,iBAAA,IAClB,KAAA,CAAM,aAAa,yBAAA,IACnB,KAAA,CAAM,aAAa,0BAAA,KACrB,OAAA,CAAQ,MAAM,KAAK,CAAA,IACnB,MAAM,OAAA,CAAQ,KAAA,CAAM,SAAS,CAAA,IAC7B,KAAA,CAAM,UAAU,MAAA,GAAS,CAAA;AAE7B;AAEO,IAAM,mCAAA,GAAsC;AAAA,EACjD;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,IACpB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,iBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,aAAa,CAAA;AAAA,IACzB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,0BAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,aAAA,EAAe,SAAS,CAAA;AAAA,IACpC,SAAA,EAAW,CAAC,qBAAqB,CAAA;AAAA,IACjC,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,iCAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mCAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,4BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,MAAM,CAAA;AAAA,IAC7C,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,OAAO,CAAA;AAAA,IAC/B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,YAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,OAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,SAAA,EAAW,CAAC,qBAAqB,CAAA;AAAA,IACjC,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,WAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,SAAA,EAAW,MAAA,EAAQ,cAAc,CAAA;AAAA,IAC7C,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,IAClB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,KAAK,CAAA;AAAA,IACjB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,IAClB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,aAAa,CAAA;AAAA,IACpD,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,4BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,gBAAgB,CAAA;AAAA,IACxC,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,UAAU,CAAA;AAAA,IACjD,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,0BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,UAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAA,EAAQ,UAAU,CAAA;AAAA,IAC9B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,UAAA;AAAA,IACX,KAAA,EAAO,OAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA;AAEjB;AAEO,IAAM,+BACX,mCAAA,CAAoC,MAAA;AAAA,EAClC;AACF;AAKK,IAAM,yCACX,mCAAA,CAAoC,MAAA;AAAA,EAClC,CAAC,KAAA,KAAU,CAAC,yBAAA,CAA0B,KAAK;AAC7C,CAAA,CAAE,GAAA,CAAI,CAAC,KAAA,KAAU,KAAA,CAAM,KAAK;AAIvB,IAAM,8BAAA,GAAiC;AAAA,EAC5C,eAAA,EAAiB,sCAAA;AAAA,EACjB,kBAAA,EAAoB,0CAAA;AAAA,EACpB,UAAA,EAAY,gCAAA;AAAA,EACZ,iBAAA,EAAmB,mCAAA;AAAA,EACnB,MAAA,EAAQ,4BAAA;AAAA,EACR,eAAA,EAAiB;AACnB;AAEO,SAAS,oCACd,KAAA,EAC6C;AAC7C,EAAA,OAAO,mCAAA,CAAoC,IAAA;AAAA,IACzC,CAAC,KAAA,KAAU,KAAA,CAAM,KAAA,KAAU;AAAA,GAC7B;AACF;AAEO,SAAS,6BACd,KAAA,EACsC;AACtC,EAAA,OAAO,6BAA6B,IAAA,CAAK,CAAC,KAAA,KAAU,KAAA,CAAM,UAAU,KAAK,CAAA;AAC3E;AAEO,SAAS,2BAA2B,KAAA,EAAwB;AACjE,EAAA,OAAO,OAAA,CAAQ,4BAAA,CAA6B,KAAK,CAAC,CAAA;AACpD;AAEO,SAAS,oCAAoC,KAAA,EAAwB;AAC1E,EAAA,OAAO,sCAAA,CAAuC,IAAA,CAAK,CAAC,KAAA,KAAU,UAAU,KAAK,CAAA;AAC/E","file":"tenant-bootstrap-seed.contract.js","sourcesContent":["/**\n * Tenant bootstrap seed contract.\n *\n * Fresh tenant deployments install the Lucern kernel and identity components\n * from npm, then copy canonical template rows for non-secret runtime defaults.\n * This contract is intentionally exhaustive for the K/I tables: it separates\n * rows that must be carried by the template deployments from rows that are\n * runtime data, runtime credentials, logs, queues, or derived caches.\n */\n\nexport const TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION = \"2026-04-30\" as const;\n\nexport const TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS = [\n \"tenantId\",\n \"workspaceId\",\n \"principalId\",\n \"role\",\n \"authMode\",\n \"correlationId\",\n \"auditMetadata\",\n] as const;\nexport type TenantBootstrapSeedAuthMetadataField =\n (typeof TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS)[number];\n\nexport const TENANT_BOOTSTRAP_SEED_COMPONENTS = {\n kernel: {\n componentName: \"lucern\",\n migrationModule: \"adapters/migration\",\n templateService: \"services/kernel-template\",\n templateDeployments: {\n staging: \"kindly-goldfish-162\",\n prod: \"cool-badger-368\",\n },\n },\n identity: {\n componentName: \"identity\",\n migrationModule: \"migration\",\n templateService: \"services/identity-template\",\n templateDeployments: {\n staging: \"industrious-cheetah-864\",\n prod: \"combative-beagle-879\",\n },\n },\n} as const;\nexport type TenantBootstrapSeedComponent =\n keyof typeof TENANT_BOOTSTRAP_SEED_COMPONENTS;\n\nexport type TenantBootstrapSeedScope = \"global\" | \"tenant\";\n\nexport type TenantBootstrapPrepopulation =\n | \"required_template\"\n | \"optional_template\"\n | \"runtime_bootstrap\"\n | \"runtime_data\"\n | \"runtime_log\"\n | \"runtime_secret\"\n | \"runtime_derived\"\n | \"runtime_queue\";\n\nexport type TenantBootstrapCopyMode =\n | \"template_global\"\n | \"template_tenant_rewrite\"\n | \"template_reference_remap\"\n | \"none\";\n\nexport type TenantBootstrapTableRequirement = {\n component: TenantBootstrapSeedComponent;\n table: string;\n prepopulation: TenantBootstrapPrepopulation;\n copyMode: TenantBootstrapCopyMode;\n scope?: TenantBootstrapSeedScope;\n uniqueKey?: readonly string[];\n dependsOn?: readonly string[];\n description: string;\n};\n\nexport type TenantBootstrapSeedTable = TenantBootstrapTableRequirement & {\n copyMode:\n | \"template_global\"\n | \"template_tenant_rewrite\"\n | \"template_reference_remap\";\n scope: TenantBootstrapSeedScope;\n uniqueKey: readonly string[];\n};\n\nfunction isCopyableSeedRequirement(\n entry: TenantBootstrapTableRequirement\n): entry is TenantBootstrapSeedTable {\n return (\n (entry.copyMode === \"template_global\" ||\n entry.copyMode === \"template_tenant_rewrite\" ||\n entry.copyMode === \"template_reference_remap\") &&\n Boolean(entry.scope) &&\n Array.isArray(entry.uniqueKey) &&\n entry.uniqueKey.length > 0\n );\n}\n\nexport const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [\n {\n component: \"kernel\",\n table: \"agentMessages\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Agent coordination messages are session data, not template data.\",\n },\n {\n component: \"kernel\",\n table: \"agentSessions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Agent coordination sessions are created by active clients.\",\n },\n {\n component: \"kernel\",\n table: \"autofixJobs\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Autofix work items are runtime queue rows.\",\n },\n {\n component: \"kernel\",\n table: \"backgroundJobRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Background job executions are runtime logs.\",\n },\n {\n component: \"kernel\",\n table: \"backgroundJobSettings\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"jobKey\"],\n description: \"Default job enablement settings must come from the K template.\",\n },\n {\n component: \"kernel\",\n table: \"beliefConfidence\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief confidence rows are created with tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"beliefEvidenceLinks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief-to-evidence links are tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefHistory\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief history is append-only tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefScenarios\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Scenario rows are tenant-authored reasoning data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefVotes\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision belief votes are tenant-authored data.\",\n },\n {\n component: \"kernel\",\n table: \"calibrationScores\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Calibration scores are computed from tenant outcomes.\",\n },\n {\n component: \"kernel\",\n table: \"contractEvaluations\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Contract evaluation rows are runtime computation logs.\",\n },\n {\n component: \"kernel\",\n table: \"contradictions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Contradictions are tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"crossProjectConnections\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Cross-topic connections are tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"decisionComputedSummaries\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Decision summaries are derived tenant outputs.\",\n },\n {\n component: \"kernel\",\n table: \"decisionEvents\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision events are lifecycle data.\",\n },\n {\n component: \"kernel\",\n table: \"decisionParticipants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision participants are tenant-selected actors.\",\n },\n {\n component: \"kernel\",\n table: \"decisionRiskLedger\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision risk rows are tenant decision data.\",\n },\n {\n component: \"kernel\",\n table: \"decisionSnapshots\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Decision snapshots are derived from tenant state.\",\n },\n {\n component: \"kernel\",\n table: \"deliberationContributions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Deliberation contributions are tenant-authored data.\",\n },\n {\n component: \"kernel\",\n table: \"deliberationSessions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Deliberation sessions are created by tenant workflows.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicAudit\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Epistemic audit rows are append-only runtime audit data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicContracts\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Epistemic contracts are tenant-authored governance data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicEdges\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Edges are tenant reasoning graph data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicNodeEmbeddings\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Embeddings are derived from tenant graph nodes.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicNodes\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Nodes are tenant reasoning graph data.\",\n },\n {\n component: \"kernel\",\n table: \"graphAnalysisCache\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph analysis cache rows are derived from tenant graph state.\",\n },\n {\n component: \"kernel\",\n table: \"graphAnalysisResults\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph analysis result rows are derived tenant outputs.\",\n },\n {\n component: \"kernel\",\n table: \"graphSuggestions\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph suggestions are derived recommendations.\",\n },\n {\n component: \"kernel\",\n table: \"harnessReplays\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness replay rows are runtime verification logs.\",\n },\n {\n component: \"kernel\",\n table: \"harnessRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness run rows are runtime verification logs.\",\n },\n {\n component: \"kernel\",\n table: \"idempotencyTokens\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Idempotency tokens are request-scoped runtime guards.\",\n },\n {\n component: \"kernel\",\n table: \"lenses\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n description:\n \"Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot.\",\n },\n {\n component: \"kernel\",\n table: \"lensTopicBindings\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Lens bindings attach runtime topics to runtime/workspace lenses.\",\n },\n {\n component: \"kernel\",\n table: \"neo4jSyncQueue\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Neo4j sync queue rows are runtime work items.\",\n },\n {\n component: \"kernel\",\n table: \"ontologyDefinitions\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"ontologyKey\"],\n description: \"Platform ontology definitions power taxonomy reads and effective ontology resolution.\",\n },\n {\n component: \"kernel\",\n table: \"ontologyVersions\",\n prepopulation: \"required_template\",\n copyMode: \"template_reference_remap\",\n scope: \"global\",\n uniqueKey: [\"ontologyKey\", \"version\"],\n dependsOn: [\"ontologyDefinitions\"],\n description: \"Ontology versions must be copied with ontologyDefinition ID remapping.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunPolicyDecisions\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run policy decisions are audit logs.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunPromptResolutions\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run prompt resolution rows are runtime logs.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent runs are runtime execution records.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunToolCalls\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run tool calls are runtime execution records.\",\n },\n {\n component: \"kernel\",\n table: \"platformHarnessShadowAudit\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness shadow audit rows are runtime audit records.\",\n },\n {\n component: \"kernel\",\n table: \"publicationRules\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"name\"],\n description: \"Default publication policy rules are rewritten into each tenant.\",\n },\n {\n component: \"kernel\",\n table: \"questionEvidenceLinks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Question-to-evidence links are tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"researchJobs\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Research job rows are runtime queue items.\",\n },\n {\n component: \"kernel\",\n table: \"schemaEnumConfig\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"category\", \"value\"],\n description: \"Runtime-extensible enum defaults required by SDK graph APIs.\",\n },\n {\n component: \"kernel\",\n table: \"stakeholderGroups\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Stakeholder groups are tenant decision data.\",\n },\n {\n component: \"kernel\",\n table: \"systemLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"System logs are runtime telemetry.\",\n },\n {\n component: \"kernel\",\n table: \"tasks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Tasks are tenant-authored work items.\",\n },\n {\n component: \"kernel\",\n table: \"topics\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description: \"Default topics are created by tenant provisioning, not copied from templates.\",\n },\n {\n component: \"kernel\",\n table: \"workflowDefinitions\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n description:\n \"Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode.\",\n },\n {\n component: \"kernel\",\n table: \"workflowPullRequests\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Workflow pull requests are tenant workflow data.\",\n },\n {\n component: \"kernel\",\n table: \"workflowStages\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n dependsOn: [\"workflowDefinitions\"],\n description:\n \"Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying.\",\n },\n {\n component: \"kernel\",\n table: \"worktreeBeliefCluster\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Worktree cluster rows link runtime worktrees to runtime beliefs.\",\n },\n {\n component: \"kernel\",\n table: \"worktrees\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Worktrees are tenant/runtime planning data.\",\n },\n {\n component: \"identity\",\n table: \"agents\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description: \"Service agents are provisioned per tenant or service, not copied.\",\n },\n {\n component: \"identity\",\n table: \"mcpWritePolicy\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"topicId\", \"role\", \"toolCategory\"],\n description: \"Global write policy defaults govern service and interactive MCP writes.\",\n },\n {\n component: \"identity\",\n table: \"modelCallLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Model call logs are runtime telemetry.\",\n },\n {\n component: \"identity\",\n table: \"modelFunctionSlots\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"slot\"],\n description: \"Function-to-model slots are required by model runtime resolution.\",\n },\n {\n component: \"identity\",\n table: \"modelRegistry\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"key\"],\n description: \"Model catalog defaults are required by model runtime clients.\",\n },\n {\n component: \"identity\",\n table: \"modelSlotConfigs\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"slot\"],\n description: \"Slot-level defaults are required before tenant overrides exist.\",\n },\n {\n component: \"identity\",\n table: \"platformAudienceGrants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Audience grants are principal/group-specific access rows.\",\n },\n {\n component: \"identity\",\n table: \"platformAudiences\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"audienceKey\"],\n description: \"Default tenant audience taxonomy rows are rewritten into each tenant.\",\n },\n {\n component: \"identity\",\n table: \"platformPolicyDecisionLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Policy decisions are runtime audit logs.\",\n },\n {\n component: \"identity\",\n table: \"projectGrants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Project/topic grants are principal or group-specific access rows.\",\n },\n {\n component: \"identity\",\n table: \"reasoningPermissions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Reasoning permissions are principal-specific policy rows.\",\n },\n {\n component: \"identity\",\n table: \"tenantApiKeys\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"API keys are tenant credentials and must never be copied.\",\n },\n {\n component: \"identity\",\n table: \"tenantConfig\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\"],\n description: \"Tenant-local config defaults are rewritten during bootstrap.\",\n },\n {\n component: \"identity\",\n table: \"tenantIntegrations\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"integrationKey\"],\n description: \"Non-secret integration descriptors are rewritten into each tenant.\",\n },\n {\n component: \"identity\",\n table: \"tenantModelSlotBindings\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Tenant model slot bindings reference provider secrets and are runtime-only.\",\n },\n {\n component: \"identity\",\n table: \"tenantPolicies\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"roleName\"],\n description: \"Default tenant policy roles are rewritten during bootstrap.\",\n },\n {\n component: \"identity\",\n table: \"tenantProviderSecrets\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Provider secrets are credentials and must never be copied.\",\n },\n {\n component: \"identity\",\n table: \"tenantProxyGatewayUsage\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Proxy gateway usage rows are runtime telemetry.\",\n },\n {\n component: \"identity\",\n table: \"tenantProxyTokenMints\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Proxy token mints are ephemeral secret-bearing runtime rows.\",\n },\n {\n component: \"identity\",\n table: \"tenantSandboxAuditEvents\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Sandbox audit rows are runtime security logs.\",\n },\n {\n component: \"identity\",\n table: \"tenantSecrets\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Tenant secrets are credentials and must never be copied.\",\n },\n {\n component: \"identity\",\n table: \"toolAcls\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"role\", \"toolName\"],\n description: \"Default role-to-tool grants are required for SDK/MCP tool access.\",\n },\n {\n component: \"identity\",\n table: \"toolRegistry\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"toolName\"],\n description: \"Core tool catalog rows are required before pack or tenant tools exist.\",\n },\n {\n component: \"identity\",\n table: \"users\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description: \"Users are created from Clerk/MC principal resolution, not copied.\",\n },\n] as const satisfies readonly TenantBootstrapTableRequirement[];\n\nexport const TENANT_BOOTSTRAP_SEED_TABLES =\n TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(\n isCopyableSeedRequirement\n ) as readonly TenantBootstrapSeedTable[];\n\nexport type TenantBootstrapSeedTableName =\n (typeof TENANT_BOOTSTRAP_SEED_TABLES)[number][\"table\"];\n\nexport const TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES =\n TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(\n (entry) => !isCopyableSeedRequirement(entry)\n ).map((entry) => entry.table) as readonly string[];\nexport type TenantBootstrapForbiddenSeedTable =\n (typeof TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES)[number];\n\nexport const TENANT_BOOTSTRAP_SEED_MANIFEST = {\n contractVersion: TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION,\n authMetadataFields: TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS,\n components: TENANT_BOOTSTRAP_SEED_COMPONENTS,\n tableRequirements: TENANT_BOOTSTRAP_TABLE_REQUIREMENTS,\n tables: TENANT_BOOTSTRAP_SEED_TABLES,\n forbiddenTables: TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES,\n} as const;\n\nexport function findTenantBootstrapTableRequirement(\n table: string\n): TenantBootstrapTableRequirement | undefined {\n return TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.find(\n (entry) => entry.table === table\n );\n}\n\nexport function findTenantBootstrapSeedTable(\n table: string\n): TenantBootstrapSeedTable | undefined {\n return TENANT_BOOTSTRAP_SEED_TABLES.find((entry) => entry.table === table);\n}\n\nexport function isTenantBootstrapSeedTable(table: string): boolean {\n return Boolean(findTenantBootstrapSeedTable(table));\n}\n\nexport function isTenantBootstrapForbiddenSeedTable(table: string): boolean {\n return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some((entry) => entry === table);\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/tenant-bootstrap-seed.contract.ts"],"names":[],"mappings":";AAUO,IAAM,sCAAA,GAAyC;AAE/C,IAAM,0CAAA,GAA6C;AAAA,EACxD,UAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,MAAA,EAAQ;AAAA,IACN,aAAA,EAAe,QAAA;AAAA,IACf,eAAA,EAAiB,oBAAA;AAAA,IACjB,uBAAA,EAAyB,yBAAA;AAAA,IACzB,qBAAA,EAAuB,oBAAA;AAAA,IACvB,eAAA,EAAiB,0BAAA;AAAA,IACjB,mBAAA,EAAqB;AAAA,MACnB,OAAA,EAAS,qBAAA;AAAA,MACT,IAAA,EAAM;AAAA;AACR,GACF;AAAA,EACA,eAAA,EAAiB;AAAA,IACf,aAAA,EAAe,cAAA;AAAA,IACf,eAAA,EAAiB,WAAA;AAAA,IACjB,uBAAA,EAAyB,gBAAA;AAAA,IACzB,qBAAA,EAAuB,WAAA;AAAA,IACvB,eAAA,EAAiB,iCAAA;AAAA,IACjB,mBAAA,EAAqB;AAAA,MACnB,OAAA,EAAS,yBAAA;AAAA,MACT,IAAA,EAAM;AAAA;AACR;AAEJ;AA0CA,SAAS,0BACP,KAAA,EACmC;AACnC,EAAA,OAAA,CACG,KAAA,CAAM,aAAa,iBAAA,IAClB,KAAA,CAAM,aAAa,yBAAA,IACnB,KAAA,CAAM,aAAa,0BAAA,KACrB,OAAA,CAAQ,MAAM,KAAK,CAAA,IACnB,MAAM,OAAA,CAAQ,KAAA,CAAM,SAAS,CAAA,IAC7B,KAAA,CAAM,UAAU,MAAA,GAAS,CAAA;AAE7B;AAEO,IAAM,mCAAA,GAAsC;AAAA,EACjD;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,IACpB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,iBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,aAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,aAAa,CAAA;AAAA,IACzB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,0BAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,aAAA,EAAe,SAAS,CAAA;AAAA,IACpC,SAAA,EAAW,CAAC,qBAAqB,CAAA;AAAA,IACjC,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,iCAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mCAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,2BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,4BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,MAAM,CAAA;AAAA,IAC7C,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,OAAO,CAAA;AAAA,IAC/B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,YAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,OAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,SAAA,EAAW,CAAC,qBAAqB,CAAA;AAAA,IACjC,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,QAAA;AAAA,IACX,KAAA,EAAO,WAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,QAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,SAAA,EAAW,MAAA,EAAQ,cAAc,CAAA;AAAA,IAC7C,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,IAClB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,KAAK,CAAA;AAAA,IACjB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,IAClB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,qBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,8BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,kBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,eAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,0BAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,mBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,aAAa,CAAA;AAAA,IACpD,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,4BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,sBAAA;AAAA,IACP,aAAA,EAAe,cAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,oBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,gBAAgB,CAAA;AAAA,IACxC,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,wBAAA;AAAA,IACP,aAAA,EAAe,iBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,gBAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,yBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAA,EAAY,aAAA,EAAe,UAAU,CAAA;AAAA,IACjD,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,yBAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,uBAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,0BAAA;AAAA,IACP,aAAA,EAAe,aAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,eAAA;AAAA,IACP,aAAA,EAAe,gBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,UAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,MAAA,EAAQ,UAAU,CAAA;AAAA,IAC9B,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,cAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,iBAAA;AAAA,IACV,KAAA,EAAO,QAAA;AAAA,IACP,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,IACtB,WAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,SAAA,EAAW,eAAA;AAAA,IACX,KAAA,EAAO,OAAA;AAAA,IACP,aAAA,EAAe,mBAAA;AAAA,IACf,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EACE;AAAA;AAEN;AAEO,IAAM,+BACX,mCAAA,CAAoC,MAAA;AAAA,EAClC;AACF;AAKK,IAAM,yCACX,mCAAA,CAAoC,MAAA;AAAA,EAClC,CAAC,KAAA,KAAU,CAAC,yBAAA,CAA0B,KAAK;AAC7C,CAAA,CAAE,GAAA,CAAI,CAAC,KAAA,KAAU,KAAA,CAAM,KAAK;AAIvB,IAAM,8BAAA,GAAiC;AAAA,EAC5C,eAAA,EAAiB,sCAAA;AAAA,EACjB,kBAAA,EAAoB,0CAAA;AAAA,EACpB,UAAA,EAAY,gCAAA;AAAA,EACZ,iBAAA,EAAmB,mCAAA;AAAA,EACnB,MAAA,EAAQ,4BAAA;AAAA,EACR,eAAA,EAAiB;AACnB;AAEO,SAAS,oCACd,KAAA,EAC6C;AAC7C,EAAA,OAAO,mCAAA,CAAoC,IAAA;AAAA,IACzC,CAAC,KAAA,KAAU,KAAA,CAAM,KAAA,KAAU;AAAA,GAC7B;AACF;AAEO,SAAS,6BACd,KAAA,EACsC;AACtC,EAAA,OAAO,6BAA6B,IAAA,CAAK,CAAC,KAAA,KAAU,KAAA,CAAM,UAAU,KAAK,CAAA;AAC3E;AAEO,SAAS,2BAA2B,KAAA,EAAwB;AACjE,EAAA,OAAO,OAAA,CAAQ,4BAAA,CAA6B,KAAK,CAAC,CAAA;AACpD;AAEO,SAAS,oCAAoC,KAAA,EAAwB;AAC1E,EAAA,OAAO,sCAAA,CAAuC,IAAA;AAAA,IAC5C,CAAC,UAAU,KAAA,KAAU;AAAA,GACvB;AACF","file":"tenant-bootstrap-seed.contract.js","sourcesContent":["/**\n * Tenant bootstrap seed contract.\n *\n * Fresh tenant deployments install the Lucern kernel and control-plane components\n * from npm, then copy canonical template rows for non-secret runtime defaults.\n * This contract is intentionally exhaustive for the K/CP tables: it separates\n * rows that must be carried by the template deployments from rows that are\n * runtime data, runtime credentials, logs, queues, or derived caches.\n */\n\nexport const TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION = \"2026-04-30\" as const;\n\nexport const TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS = [\n \"tenantId\",\n \"workspaceId\",\n \"principalId\",\n \"role\",\n \"authMode\",\n \"correlationId\",\n \"auditMetadata\",\n] as const;\nexport type TenantBootstrapSeedAuthMetadataField =\n (typeof TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS)[number];\n\nexport const TENANT_BOOTSTRAP_SEED_COMPONENTS = {\n kernel: {\n componentName: \"lucern\",\n migrationModule: \"adapters/migration\",\n templateMigrationModule: \"dist/adapters/migration\",\n tenantMigrationModule: \"adapters/migration\",\n templateService: \"services/kernel-template\",\n templateDeployments: {\n staging: \"kindly-goldfish-162\",\n prod: \"cool-badger-368\",\n },\n },\n \"control-plane\": {\n componentName: \"controlPlane\",\n migrationModule: \"migration\",\n templateMigrationModule: \"dist/migration\",\n tenantMigrationModule: \"migration\",\n templateService: \"services/control-plane-template\",\n templateDeployments: {\n staging: \"industrious-cheetah-864\",\n prod: \"combative-beagle-879\",\n },\n },\n} as const;\nexport type TenantBootstrapSeedComponent =\n keyof typeof TENANT_BOOTSTRAP_SEED_COMPONENTS;\n\nexport type TenantBootstrapSeedScope = \"global\" | \"tenant\";\n\nexport type TenantBootstrapPrepopulation =\n | \"required_template\"\n | \"optional_template\"\n | \"runtime_bootstrap\"\n | \"runtime_data\"\n | \"runtime_log\"\n | \"runtime_secret\"\n | \"runtime_derived\"\n | \"runtime_queue\";\n\nexport type TenantBootstrapCopyMode =\n | \"template_global\"\n | \"template_tenant_rewrite\"\n | \"template_reference_remap\"\n | \"none\";\n\nexport type TenantBootstrapTableRequirement = {\n component: TenantBootstrapSeedComponent;\n table: string;\n prepopulation: TenantBootstrapPrepopulation;\n copyMode: TenantBootstrapCopyMode;\n scope?: TenantBootstrapSeedScope;\n uniqueKey?: readonly string[];\n dependsOn?: readonly string[];\n description: string;\n};\n\nexport type TenantBootstrapSeedTable = TenantBootstrapTableRequirement & {\n copyMode:\n | \"template_global\"\n | \"template_tenant_rewrite\"\n | \"template_reference_remap\";\n scope: TenantBootstrapSeedScope;\n uniqueKey: readonly string[];\n};\n\nfunction isCopyableSeedRequirement(\n entry: TenantBootstrapTableRequirement,\n): entry is TenantBootstrapSeedTable {\n return (\n (entry.copyMode === \"template_global\" ||\n entry.copyMode === \"template_tenant_rewrite\" ||\n entry.copyMode === \"template_reference_remap\") &&\n Boolean(entry.scope) &&\n Array.isArray(entry.uniqueKey) &&\n entry.uniqueKey.length > 0\n );\n}\n\nexport const TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [\n {\n component: \"kernel\",\n table: \"agentMessages\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Agent coordination messages are session data, not template data.\",\n },\n {\n component: \"kernel\",\n table: \"agentSessions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Agent coordination sessions are created by active clients.\",\n },\n {\n component: \"kernel\",\n table: \"autofixJobs\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Autofix work items are runtime queue rows.\",\n },\n {\n component: \"kernel\",\n table: \"backgroundJobRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Background job executions are runtime logs.\",\n },\n {\n component: \"kernel\",\n table: \"backgroundJobSettings\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"jobKey\"],\n description:\n \"Default job enablement settings must come from the K template.\",\n },\n {\n component: \"kernel\",\n table: \"beliefConfidence\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief confidence rows are created with tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"beliefEvidenceLinks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief-to-evidence links are tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefHistory\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Belief history is append-only tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefScenarios\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Scenario rows are tenant-authored reasoning data.\",\n },\n {\n component: \"kernel\",\n table: \"beliefVotes\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision belief votes are tenant-authored data.\",\n },\n {\n component: \"kernel\",\n table: \"calibrationScores\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Calibration scores are computed from tenant outcomes.\",\n },\n {\n component: \"kernel\",\n table: \"contractEvaluations\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Contract evaluation rows are runtime computation logs.\",\n },\n {\n component: \"kernel\",\n table: \"contradictions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Contradictions are tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"crossProjectConnections\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Cross-topic connections are tenant graph facts.\",\n },\n {\n component: \"kernel\",\n table: \"decisionComputedSummaries\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Decision summaries are derived tenant outputs.\",\n },\n {\n component: \"kernel\",\n table: \"decisionEvents\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision events are lifecycle data.\",\n },\n {\n component: \"kernel\",\n table: \"decisionParticipants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision participants are tenant-selected actors.\",\n },\n {\n component: \"kernel\",\n table: \"decisionRiskLedger\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Decision risk rows are tenant decision data.\",\n },\n {\n component: \"kernel\",\n table: \"decisionSnapshots\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Decision snapshots are derived from tenant state.\",\n },\n {\n component: \"kernel\",\n table: \"deliberationContributions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Deliberation contributions are tenant-authored data.\",\n },\n {\n component: \"kernel\",\n table: \"deliberationSessions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Deliberation sessions are created by tenant workflows.\",\n },\n {\n component: \"kernel\",\n table: \"domainEvents\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description:\n \"Domain event rows are append-only runtime audit/exhaust data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicAudit\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Epistemic audit rows are append-only runtime audit data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicContracts\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Epistemic contracts are tenant-authored governance data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicEdges\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Edges are tenant reasoning graph data.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicNodeEmbeddings\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Embeddings are derived from tenant graph nodes.\",\n },\n {\n component: \"kernel\",\n table: \"epistemicNodes\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Nodes are tenant reasoning graph data.\",\n },\n {\n component: \"kernel\",\n table: \"graphAnalysisCache\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description:\n \"Graph analysis cache rows are derived from tenant graph state.\",\n },\n {\n component: \"kernel\",\n table: \"graphAnalysisResults\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph analysis result rows are derived tenant outputs.\",\n },\n {\n component: \"kernel\",\n table: \"graphSuggestions\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description: \"Graph suggestions are derived recommendations.\",\n },\n {\n component: \"kernel\",\n table: \"harnessReplays\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness replay rows are runtime verification logs.\",\n },\n {\n component: \"kernel\",\n table: \"harnessRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness run rows are runtime verification logs.\",\n },\n {\n component: \"kernel\",\n table: \"idempotencyTokens\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Idempotency tokens are request-scoped runtime guards.\",\n },\n {\n component: \"kernel\",\n table: \"lenses\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n description:\n \"Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot.\",\n },\n {\n component: \"kernel\",\n table: \"lensTopicBindings\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Lens bindings attach runtime topics to runtime/workspace lenses.\",\n },\n {\n component: \"kernel\",\n table: \"neo4jSyncQueue\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Neo4j sync queue rows are runtime work items.\",\n },\n {\n component: \"kernel\",\n table: \"ontologyDefinitions\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"ontologyKey\"],\n description:\n \"Platform ontology definitions power taxonomy reads and effective ontology resolution.\",\n },\n {\n component: \"kernel\",\n table: \"ontologyVersions\",\n prepopulation: \"required_template\",\n copyMode: \"template_reference_remap\",\n scope: \"global\",\n uniqueKey: [\"ontologyKey\", \"version\"],\n dependsOn: [\"ontologyDefinitions\"],\n description:\n \"Ontology versions must be copied with ontologyDefinition ID remapping.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunPolicyDecisions\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run policy decisions are audit logs.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunPromptResolutions\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run prompt resolution rows are runtime logs.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRuns\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent runs are runtime execution records.\",\n },\n {\n component: \"kernel\",\n table: \"platformAgentRunToolCalls\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Agent-run tool calls are runtime execution records.\",\n },\n {\n component: \"kernel\",\n table: \"platformHarnessShadowAudit\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Harness shadow audit rows are runtime audit records.\",\n },\n {\n component: \"kernel\",\n table: \"publicationRules\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"name\"],\n description:\n \"Default publication policy rules are rewritten into each tenant.\",\n },\n {\n component: \"kernel\",\n table: \"questionEvidenceLinks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Question-to-evidence links are tenant graph data.\",\n },\n {\n component: \"kernel\",\n table: \"researchJobs\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Research job rows are runtime queue items.\",\n },\n {\n component: \"kernel\",\n table: \"schemaEnumConfig\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"category\", \"value\"],\n description: \"Runtime-extensible enum defaults required by SDK graph APIs.\",\n },\n {\n component: \"kernel\",\n table: \"stakeholderGroups\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Stakeholder groups are tenant decision data.\",\n },\n {\n component: \"kernel\",\n table: \"systemLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"System logs are runtime telemetry.\",\n },\n {\n component: \"kernel\",\n table: \"tasks\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Tasks are tenant-authored work items.\",\n },\n {\n component: \"kernel\",\n table: \"topics\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description:\n \"Default topics are created by tenant provisioning, not copied from templates.\",\n },\n {\n component: \"kernel\",\n table: \"workflowDefinitions\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n description:\n \"Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode.\",\n },\n {\n component: \"kernel\",\n table: \"workflowPullRequests\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Workflow pull requests are tenant workflow data.\",\n },\n {\n component: \"kernel\",\n table: \"workflowStages\",\n prepopulation: \"optional_template\",\n copyMode: \"none\",\n dependsOn: [\"workflowDefinitions\"],\n description:\n \"Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying.\",\n },\n {\n component: \"kernel\",\n table: \"worktreeBeliefCluster\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Worktree cluster rows link runtime worktrees to runtime beliefs.\",\n },\n {\n component: \"kernel\",\n table: \"worktrees\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Worktrees are tenant/runtime planning data.\",\n },\n {\n component: \"control-plane\",\n table: \"agents\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description:\n \"Service agents are provisioned per tenant or service, not copied.\",\n },\n {\n component: \"control-plane\",\n table: \"mcpWritePolicy\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"topicId\", \"role\", \"toolCategory\"],\n description:\n \"Global write policy defaults govern service and interactive MCP writes.\",\n },\n {\n component: \"control-plane\",\n table: \"modelCallLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Model call logs are runtime telemetry.\",\n },\n {\n component: \"control-plane\",\n table: \"modelFunctionSlots\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"slot\"],\n description:\n \"Function-to-model slots are required by model runtime resolution.\",\n },\n {\n component: \"control-plane\",\n table: \"modelRegistry\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"key\"],\n description:\n \"Model catalog defaults are required by model runtime clients.\",\n },\n {\n component: \"control-plane\",\n table: \"modelSlotConfigs\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"slot\"],\n description:\n \"Slot-level defaults are required before tenant overrides exist.\",\n },\n {\n component: \"control-plane\",\n table: \"permitAccessReviewItems\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit access-review item rows are tenant review data projected from Permit.\",\n },\n {\n component: \"control-plane\",\n table: \"permitAccessReviews\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit access-review campaigns are tenant review data projected from Permit.\",\n },\n {\n component: \"control-plane\",\n table: \"permitAttributeBindings\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit ABAC attribute bindings are tenant policy projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitGroups\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit groups are tenant-defined policy subjects, not template data.\",\n },\n {\n component: \"control-plane\",\n table: \"permitGroupMemberships\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit group memberships are tenant-specific policy projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitPolicyBundles\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description:\n \"Permit policy bundles are derived from the Permit control plane.\",\n },\n {\n component: \"control-plane\",\n table: \"permitPolicyDecisionReceipts\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description:\n \"Permit decision receipts are runtime authorization audit logs.\",\n },\n {\n component: \"control-plane\",\n table: \"permitPrincipalAliases\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit principal aliases are tenant-specific identity projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitPrincipals\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit principals are projected from Clerk, Permit, and tenant onboarding flows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitProjectionOutbox\",\n prepopulation: \"runtime_queue\",\n copyMode: \"none\",\n description: \"Permit projection outbox rows are runtime sync queue data.\",\n },\n {\n component: \"control-plane\",\n table: \"permitRelationshipTuples\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit ReBAC relationship tuples are tenant policy projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitResourceInstances\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit resource instances are tenant/workspace graph and deployment projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"permitRoleAssignments\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Permit role assignments are tenant-specific policy projection rows.\",\n },\n {\n component: \"control-plane\",\n table: \"platformAudienceGrants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Audience grants are principal/group-specific access rows.\",\n },\n {\n component: \"control-plane\",\n table: \"platformAudiences\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"audienceKey\"],\n description:\n \"Default tenant audience taxonomy rows are rewritten into each tenant.\",\n },\n {\n component: \"control-plane\",\n table: \"platformPolicyDecisionLogs\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Policy decisions are runtime audit logs.\",\n },\n {\n component: \"control-plane\",\n table: \"projectGrants\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description:\n \"Project/topic grants are principal or group-specific access rows.\",\n },\n {\n component: \"control-plane\",\n table: \"reasoningPermissions\",\n prepopulation: \"runtime_data\",\n copyMode: \"none\",\n description: \"Reasoning permissions are principal-specific policy rows.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantApiKeys\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"API keys are tenant credentials and must never be copied.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantConfig\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\"],\n description: \"Tenant-local config defaults are rewritten during bootstrap.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantIntegrations\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"integrationKey\"],\n description:\n \"Non-secret integration descriptors are rewritten into each tenant.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantModelSlotBindings\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description:\n \"Tenant model slot bindings reference provider secrets and are runtime-only.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantPermitSyncStates\",\n prepopulation: \"runtime_derived\",\n copyMode: \"none\",\n description:\n \"Tenant Permit sync state rows are runtime reconciliation state.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantPolicies\",\n prepopulation: \"required_template\",\n copyMode: \"template_tenant_rewrite\",\n scope: \"tenant\",\n uniqueKey: [\"tenantId\", \"workspaceId\", \"roleName\"],\n description: \"Default tenant policy roles are rewritten during bootstrap.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantProviderSecrets\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Provider secrets are credentials and must never be copied.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantProxyGatewayUsage\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Proxy gateway usage rows are runtime telemetry.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantProxyTokenMints\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Proxy token mints are ephemeral secret-bearing runtime rows.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantSandboxAuditEvents\",\n prepopulation: \"runtime_log\",\n copyMode: \"none\",\n description: \"Sandbox audit rows are runtime security logs.\",\n },\n {\n component: \"control-plane\",\n table: \"tenantSecrets\",\n prepopulation: \"runtime_secret\",\n copyMode: \"none\",\n description: \"Tenant secrets are credentials and must never be copied.\",\n },\n {\n component: \"control-plane\",\n table: \"toolAcls\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"role\", \"toolName\"],\n description:\n \"Default role-to-tool grants are required for SDK/MCP tool access.\",\n },\n {\n component: \"control-plane\",\n table: \"toolRegistry\",\n prepopulation: \"required_template\",\n copyMode: \"template_global\",\n scope: \"global\",\n uniqueKey: [\"toolName\"],\n description:\n \"Core tool catalog rows are required before pack or tenant tools exist.\",\n },\n {\n component: \"control-plane\",\n table: \"users\",\n prepopulation: \"runtime_bootstrap\",\n copyMode: \"none\",\n description:\n \"Users are created from Clerk/MC principal resolution, not copied.\",\n },\n] as const satisfies readonly TenantBootstrapTableRequirement[];\n\nexport const TENANT_BOOTSTRAP_SEED_TABLES =\n TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(\n isCopyableSeedRequirement,\n ) as readonly TenantBootstrapSeedTable[];\n\nexport type TenantBootstrapSeedTableName =\n (typeof TENANT_BOOTSTRAP_SEED_TABLES)[number][\"table\"];\n\nexport const TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES =\n TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(\n (entry) => !isCopyableSeedRequirement(entry),\n ).map((entry) => entry.table) as readonly string[];\nexport type TenantBootstrapForbiddenSeedTable =\n (typeof TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES)[number];\n\nexport const TENANT_BOOTSTRAP_SEED_MANIFEST = {\n contractVersion: TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION,\n authMetadataFields: TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS,\n components: TENANT_BOOTSTRAP_SEED_COMPONENTS,\n tableRequirements: TENANT_BOOTSTRAP_TABLE_REQUIREMENTS,\n tables: TENANT_BOOTSTRAP_SEED_TABLES,\n forbiddenTables: TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES,\n} as const;\n\nexport function findTenantBootstrapTableRequirement(\n table: string,\n): TenantBootstrapTableRequirement | undefined {\n return TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.find(\n (entry) => entry.table === table,\n );\n}\n\nexport function findTenantBootstrapSeedTable(\n table: string,\n): TenantBootstrapSeedTable | undefined {\n return TENANT_BOOTSTRAP_SEED_TABLES.find((entry) => entry.table === table);\n}\n\nexport function isTenantBootstrapSeedTable(table: string): boolean {\n return Boolean(findTenantBootstrapSeedTable(table));\n}\n\nexport function isTenantBootstrapForbiddenSeedTable(table: string): boolean {\n return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some(\n (entry) => entry === table,\n );\n}\n"]}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
declare const TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION: "2026-
|
|
1
|
+
declare const TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION: "2026-05-11";
|
|
2
2
|
declare const TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID: "tenant_template";
|
|
3
3
|
declare const TENANT_BOOTSTRAP_TEMPLATE_ACTOR: "system:lucern-template-seed";
|
|
4
4
|
type TenantBootstrapTemplateSeedRows = {
|
|
5
5
|
kernel: Record<string, Array<Record<string, unknown>>>;
|
|
6
|
-
|
|
6
|
+
"control-plane": Record<string, Array<Record<string, unknown>>>;
|
|
7
7
|
};
|
|
8
8
|
type TenantBootstrapTemplateSeedOptions = {
|
|
9
9
|
now?: number;
|