@lucern/contracts 0.3.0-alpha.9 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (253) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/dist/api-enums.contract.d.ts +5 -3
  3. package/dist/api-enums.contract.js +14 -12
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/auth-context.contract.js +14 -2
  6. package/dist/auth-context.contract.js.map +1 -1
  7. package/dist/auth-session.contract.js +14 -2
  8. package/dist/auth-session.contract.js.map +1 -1
  9. package/dist/auth.contract.d.ts +1 -1
  10. package/dist/auth.contract.js +14 -2
  11. package/dist/auth.contract.js.map +1 -1
  12. package/dist/component-boundary.contract.d.ts +1 -1
  13. package/dist/component-boundary.contract.js +46 -26
  14. package/dist/component-boundary.contract.js.map +1 -1
  15. package/dist/component-host-boundary.contract.d.ts +10 -5
  16. package/dist/component-host-boundary.contract.js +10 -4
  17. package/dist/component-host-boundary.contract.js.map +1 -1
  18. package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
  19. package/dist/{dsl-djCRfuWC.d.ts → dsl-DVPthQGY.d.ts} +1 -1
  20. package/dist/dsl.d.ts +2 -2
  21. package/dist/dsl.js.map +1 -1
  22. package/dist/function-registry/beliefs.d.ts +23 -10
  23. package/dist/function-registry/beliefs.js +467 -36
  24. package/dist/function-registry/beliefs.js.map +1 -1
  25. package/dist/function-registry/coding.d.ts +15 -6
  26. package/dist/function-registry/coding.js +531 -22
  27. package/dist/function-registry/coding.js.map +1 -1
  28. package/dist/function-registry/context.d.ts +9 -3
  29. package/dist/function-registry/context.js +464 -21
  30. package/dist/function-registry/context.js.map +1 -1
  31. package/dist/function-registry/contracts.d.ts +9 -3
  32. package/dist/function-registry/contracts.js +464 -21
  33. package/dist/function-registry/contracts.js.map +1 -1
  34. package/dist/function-registry/coordination.d.ts +21 -9
  35. package/dist/function-registry/coordination.js +464 -21
  36. package/dist/function-registry/coordination.js.map +1 -1
  37. package/dist/function-registry/edges.d.ts +167 -2
  38. package/dist/function-registry/edges.js +619 -28
  39. package/dist/function-registry/edges.js.map +1 -1
  40. package/dist/function-registry/evidence.d.ts +19 -8
  41. package/dist/function-registry/evidence.js +469 -36
  42. package/dist/function-registry/evidence.js.map +1 -1
  43. package/dist/function-registry/graph.d.ts +33 -15
  44. package/dist/function-registry/graph.js +464 -21
  45. package/dist/function-registry/graph.js.map +1 -1
  46. package/dist/function-registry/helpers.d.ts +6 -3
  47. package/dist/function-registry/helpers.js +465 -22
  48. package/dist/function-registry/helpers.js.map +1 -1
  49. package/dist/function-registry/identity.d.ts +62 -16
  50. package/dist/function-registry/identity.js +487 -27
  51. package/dist/function-registry/identity.js.map +1 -1
  52. package/dist/function-registry/index.d.ts +4 -2
  53. package/dist/function-registry/index.js +468 -22
  54. package/dist/function-registry/index.js.map +1 -1
  55. package/dist/function-registry/judgments.d.ts +7 -2
  56. package/dist/function-registry/judgments.js +464 -21
  57. package/dist/function-registry/judgments.js.map +1 -1
  58. package/dist/function-registry/legacy.d.ts +5 -1
  59. package/dist/function-registry/legacy.js +464 -21
  60. package/dist/function-registry/legacy.js.map +1 -1
  61. package/dist/function-registry/lenses.d.ts +11 -4
  62. package/dist/function-registry/lenses.js +464 -21
  63. package/dist/function-registry/lenses.js.map +1 -1
  64. package/dist/function-registry/manifest.d.ts +4 -4
  65. package/dist/function-registry/manifest.js +16 -1
  66. package/dist/function-registry/manifest.js.map +1 -1
  67. package/dist/function-registry/nodes.d.ts +412 -0
  68. package/dist/function-registry/nodes.js +5354 -0
  69. package/dist/function-registry/nodes.js.map +1 -0
  70. package/dist/function-registry/ontologies.d.ts +25 -11
  71. package/dist/function-registry/ontologies.js +464 -21
  72. package/dist/function-registry/ontologies.js.map +1 -1
  73. package/dist/function-registry/pipeline.d.ts +9 -3
  74. package/dist/function-registry/pipeline.js +464 -21
  75. package/dist/function-registry/pipeline.js.map +1 -1
  76. package/dist/function-registry/questions.d.ts +27 -12
  77. package/dist/function-registry/questions.js +466 -26
  78. package/dist/function-registry/questions.js.map +1 -1
  79. package/dist/function-registry/tasks.d.ts +11 -4
  80. package/dist/function-registry/tasks.js +497 -30
  81. package/dist/function-registry/tasks.js.map +1 -1
  82. package/dist/function-registry/topics.d.ts +93 -5
  83. package/dist/function-registry/topics.js +534 -24
  84. package/dist/function-registry/topics.js.map +1 -1
  85. package/dist/function-registry/types.d.ts +7 -3
  86. package/dist/function-registry/worktrees.d.ts +25 -11
  87. package/dist/function-registry/worktrees.js +480 -21
  88. package/dist/function-registry/worktrees.js.map +1 -1
  89. package/dist/gateway.contract.d.ts +4 -0
  90. package/dist/gateway.contract.js.map +1 -1
  91. package/dist/generated/convexSchemas.d.ts +3 -3
  92. package/dist/generated/convexSchemas.js +37 -17
  93. package/dist/generated/convexSchemas.js.map +1 -1
  94. package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
  95. package/dist/generated/infisicalRuntimeEnv.js +27585 -0
  96. package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
  97. package/dist/generated/lucernGatewayEnv.d.ts +17 -0
  98. package/dist/generated/lucernGatewayEnv.js +38 -0
  99. package/dist/generated/lucernGatewayEnv.js.map +1 -0
  100. package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
  101. package/dist/generated/lucernWebPublicEnv.js +32 -0
  102. package/dist/generated/lucernWebPublicEnv.js.map +1 -0
  103. package/dist/generated/lucernWebServerEnv.d.ts +33 -0
  104. package/dist/generated/lucernWebServerEnv.js +51 -0
  105. package/dist/generated/lucernWebServerEnv.js.map +1 -0
  106. package/dist/generated/schema-manifest.json +1221 -114
  107. package/dist/generated/tableOwnership.d.ts +48 -28
  108. package/dist/generated/tableOwnership.js +66 -26
  109. package/dist/generated/tableOwnership.js.map +1 -1
  110. package/dist/generated/tier-expectations.json +64 -9
  111. package/dist/{index-O09U2xHk.d.ts → index-CM1Pl_vI.d.ts} +3 -3
  112. package/dist/index.d.ts +11 -6
  113. package/dist/index.js +32838 -413
  114. package/dist/index.js.map +1 -1
  115. package/dist/infisical-runtime.contract.d.ts +1763 -6
  116. package/dist/infisical-runtime.contract.js +2994 -15
  117. package/dist/infisical-runtime.contract.js.map +1 -1
  118. package/dist/manifests/infisical-runtime-manifest.d.ts +1689 -6
  119. package/dist/manifests/infisical-runtime-manifest.js +2847 -12
  120. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  121. package/dist/manifests/tenant-client-manifest.d.ts +19 -14
  122. package/dist/manifests/tenant-client-manifest.js +29 -12
  123. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  124. package/dist/mcp-gateway-boundary.contract.d.ts +23 -3
  125. package/dist/mcp-gateway-boundary.contract.js +2 -0
  126. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  127. package/dist/permit-principal-projection.contract.d.ts +74 -0
  128. package/dist/permit-principal-projection.contract.js +167 -0
  129. package/dist/permit-principal-projection.contract.js.map +1 -0
  130. package/dist/projections/check-convex-args-shape.js +10 -6
  131. package/dist/projections/check-convex-args-shape.js.map +1 -1
  132. package/dist/projections/create-evidence.projection.d.ts +6 -6
  133. package/dist/projections/create-evidence.projection.js +2 -3
  134. package/dist/projections/create-evidence.projection.js.map +1 -1
  135. package/dist/projections/index.d.ts +3 -3
  136. package/dist/projections/index.js +10 -6
  137. package/dist/projections/index.js.map +1 -1
  138. package/dist/projections/list-tasks.projection.d.ts +20 -8
  139. package/dist/projections/list-tasks.projection.js +8 -3
  140. package/dist/projections/list-tasks.projection.js.map +1 -1
  141. package/dist/proof-attestation.json +45 -0
  142. package/dist/schemas/component-table-manifest.d.ts +6 -6
  143. package/dist/schemas/component-table-manifest.js +2 -2
  144. package/dist/schemas/component-table-manifest.js.map +1 -1
  145. package/dist/schemas/index.d.ts +2 -2
  146. package/dist/schemas/index.js +1123 -137
  147. package/dist/schemas/index.js.map +1 -1
  148. package/dist/schemas/manifest.d.ts +2102 -132
  149. package/dist/schemas/manifest.js +1121 -135
  150. package/dist/schemas/manifest.js.map +1 -1
  151. package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
  152. package/dist/schemas/tables/controlPlane/accessControl.js +658 -0
  153. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
  154. package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
  155. package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
  156. package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
  157. package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
  158. package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
  159. package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
  160. package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
  161. package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
  162. package/dist/schemas/tables/controlPlane/model.js.map +1 -0
  163. package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +1 -1
  164. package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
  165. package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
  166. package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
  167. package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
  168. package/dist/schemas/tables/controlPlane/project.js.map +1 -0
  169. package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
  170. package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
  171. package/dist/schemas/tables/controlPlane/user.js.map +1 -0
  172. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  173. package/dist/schemas/tables/kernel/config.js.map +1 -1
  174. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  175. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  176. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  177. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  178. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  179. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  180. package/dist/schemas/tables/kernel/epistemic.d.ts +1 -1
  181. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  182. package/dist/schemas/tables/kernel/events.d.ts +21 -0
  183. package/dist/schemas/tables/kernel/events.js +43 -0
  184. package/dist/schemas/tables/kernel/events.js.map +1 -0
  185. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  186. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  187. package/dist/schemas/tables/kernel/infra.d.ts +1 -1
  188. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  189. package/dist/schemas/tables/kernel/intelligence.d.ts +1 -1
  190. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  191. package/dist/schemas/tables/kernel/lens.d.ts +1 -1
  192. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  193. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  194. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  195. package/dist/schemas/tables/kernel/platform.d.ts +1 -1
  196. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  197. package/dist/schemas/tables/kernel/spine.d.ts +2 -1
  198. package/dist/schemas/tables/kernel/spine.js +1 -0
  199. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  200. package/dist/schemas/tables/kernel/task.d.ts +1 -1
  201. package/dist/schemas/tables/kernel/task.js.map +1 -1
  202. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  203. package/dist/schemas/tables/kernel/topic.js +1 -0
  204. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  205. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  206. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  207. package/dist/schemas/tables/kernel/worktree.d.ts +17 -17
  208. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  209. package/dist/schemas/tables/mc/identity.d.ts +19 -2
  210. package/dist/schemas/tables/mc/identity.js +32 -1
  211. package/dist/schemas/tables/mc/identity.js.map +1 -1
  212. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  213. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  214. package/dist/schemas/tables/mc/pack.d.ts +1 -1
  215. package/dist/schemas/tables/mc/pack.js.map +1 -1
  216. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  217. package/dist/schemas/tables/mc/policy.js +1 -1
  218. package/dist/schemas/tables/mc/policy.js.map +1 -1
  219. package/dist/schemas/tables/mc/registry.d.ts +1 -1
  220. package/dist/schemas/tables/mc/registry.js.map +1 -1
  221. package/dist/schemas/tables/mc/runtime.d.ts +109 -3
  222. package/dist/schemas/tables/mc/runtime.js +330 -104
  223. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  224. package/dist/schemas/tables/mc/tenant.d.ts +4 -2
  225. package/dist/schemas/tables/mc/tenant.js +3 -1
  226. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  227. package/dist/schemas/tables/mc/workspace.d.ts +22 -5
  228. package/dist/schemas/tables/mc/workspace.js +34 -2
  229. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  230. package/dist/{sdk-tools.contract-Ci8bkoai.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
  231. package/dist/sdk-tools.contract.d.ts +2 -2
  232. package/dist/sdk-tools.contract.js +417 -13
  233. package/dist/sdk-tools.contract.js.map +1 -1
  234. package/dist/tenant-bootstrap-seed.contract.d.ts +244 -56
  235. package/dist/tenant-bootstrap-seed.contract.js +139 -28
  236. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  237. package/dist/tenant-bootstrap-seed.defaults.d.ts +2 -2
  238. package/dist/tenant-bootstrap-seed.defaults.js +31 -13
  239. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  240. package/dist/tenant-client.contract.d.ts +20 -15
  241. package/dist/tenant-client.contract.js +29 -12
  242. package/dist/tenant-client.contract.js.map +1 -1
  243. package/dist/{tool-contracts-B4iWhejG.d.ts → tool-contracts-C_xvM9q2.d.ts} +32 -2
  244. package/dist/tool-contracts.d.ts +1 -1
  245. package/dist/tool-contracts.js +418 -14
  246. package/dist/tool-contracts.js.map +1 -1
  247. package/package.json +22 -1
  248. package/dist/schemas/tables/identity/agent.js.map +0 -1
  249. package/dist/schemas/tables/identity/epistemic.js.map +0 -1
  250. package/dist/schemas/tables/identity/model.js.map +0 -1
  251. package/dist/schemas/tables/identity/platform.js.map +0 -1
  252. package/dist/schemas/tables/identity/project.js.map +0 -1
  253. package/dist/schemas/tables/identity/user.js.map +0 -1
@@ -203,7 +203,7 @@ var toolRegistryEntries = defineTable({
203
203
  });
204
204
  var agents = defineTable({
205
205
  name: "agents",
206
- component: "identity",
206
+ component: "control-plane",
207
207
  category: "agent",
208
208
  shape: z.object({
209
209
  "slug": z.string(),
@@ -234,6 +234,8 @@ var apiKeys = defineTable({
234
234
  category: "tenant",
235
235
  shape: z.object({
236
236
  "tenantId": idOf("tenants"),
237
+ "workspaceId": idOf("workspaces").optional(),
238
+ "environment": z.enum(["dev", "staging", "prod"]).optional(),
237
239
  "keyPrefix": z.enum(["luc", "stk"]),
238
240
  "keyHash": z.string(),
239
241
  "keyHint": z.string(),
@@ -261,7 +263,7 @@ var auditLog = defineTable({
261
263
  shape: z.object({
262
264
  "tenantId": idOf("tenants").optional(),
263
265
  "apiKeyId": idOf("apiKeys").optional(),
264
- "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
266
+ "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
265
267
  "actorClerkId": z.string(),
266
268
  "details": z.any().optional(),
267
269
  "createdAt": z.number()
@@ -485,6 +487,35 @@ var systemLogs = defineTable({
485
487
  { kind: "index", name: "by_source", columns: ["source"] }
486
488
  ]
487
489
  });
490
+ var domainEvents = defineTable({
491
+ name: "domainEvents",
492
+ component: "kernel",
493
+ category: "events",
494
+ shape: z.object({
495
+ "eventId": z.string(),
496
+ "type": z.string(),
497
+ "version": z.string(),
498
+ "timestamp": z.number(),
499
+ "tenantId": z.string().optional(),
500
+ "workspaceId": z.string().optional(),
501
+ "topicId": z.string(),
502
+ "resourceId": z.string(),
503
+ "resourceType": z.string(),
504
+ "actorId": z.string(),
505
+ "actorType": z.enum(["human", "agent", "service"]),
506
+ "data": z.record(z.any()),
507
+ "correlationId": z.string().optional(),
508
+ "expiresAt": z.number()
509
+ }),
510
+ indices: [
511
+ { kind: "index", name: "by_eventId", columns: ["eventId"] },
512
+ { kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
513
+ { kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
514
+ { kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
515
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
516
+ { kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
517
+ ]
518
+ });
488
519
  var beliefConfidence = defineTable({
489
520
  name: "beliefConfidence",
490
521
  component: "kernel",
@@ -1140,29 +1171,37 @@ var compatibilityShims = defineTable({
1140
1171
  component: "mc",
1141
1172
  category: "runtime",
1142
1173
  shape: z.object({
1143
- "shimId": z.string(),
1144
- "gateId": z.string(),
1145
- "removalDate": z.string(),
1146
- "removalPriority": z.enum(["P1", "P2", "P3"]),
1147
- "description": z.string(),
1148
- "owner": z.string(),
1149
- "createdAt": z.string(),
1150
- "status": z.enum(["active", "overdue", "removed"]),
1151
- "bridgeType": z.enum(["tool", "agent"]),
1152
- "bridgeTarget": z.object({
1153
- "type": z.enum(["tool", "agent"]),
1154
- "legacyPath": z.string(),
1155
- "harnessPath": z.string()
1174
+ shimId: z.string(),
1175
+ gateId: z.string(),
1176
+ removalDate: z.string(),
1177
+ removalPriority: z.enum(["P1", "P2", "P3"]),
1178
+ description: z.string(),
1179
+ owner: z.string(),
1180
+ createdAt: z.string(),
1181
+ status: z.enum(["active", "overdue", "removed"]),
1182
+ bridgeType: z.enum(["tool", "agent"]),
1183
+ bridgeTarget: z.object({
1184
+ type: z.enum(["tool", "agent"]),
1185
+ legacyPath: z.string(),
1186
+ harnessPath: z.string()
1156
1187
  }),
1157
- "shimBehavior": z.enum(["passthrough_with_logging", "adapter", "feature_flag_gate"]),
1158
- "producesLedgerEntries": z.boolean(),
1159
- "lastAuditedAt": z.number(),
1160
- "metadata": z.record(z.any()).optional()
1188
+ shimBehavior: z.enum([
1189
+ "passthrough_with_logging",
1190
+ "adapter",
1191
+ "feature_flag_gate"
1192
+ ]),
1193
+ producesLedgerEntries: z.boolean(),
1194
+ lastAuditedAt: z.number(),
1195
+ metadata: z.record(z.any()).optional()
1161
1196
  }),
1162
1197
  indices: [
1163
1198
  { kind: "index", name: "by_shimId", columns: ["shimId"] },
1164
1199
  { kind: "index", name: "by_status", columns: ["status"] },
1165
- { kind: "index", name: "by_bridgeType_status", columns: ["bridgeType", "status"] }
1200
+ {
1201
+ kind: "index",
1202
+ name: "by_bridgeType_status",
1203
+ columns: ["bridgeType", "status"]
1204
+ }
1166
1205
  ]
1167
1206
  });
1168
1207
  var cutoverFlags = defineTable({
@@ -1170,12 +1209,23 @@ var cutoverFlags = defineTable({
1170
1209
  component: "mc",
1171
1210
  category: "runtime",
1172
1211
  shape: z.object({
1173
- "domain": z.enum(["graph", "schema", "identity", "policy", "audit", "admin", "agent", "tool", "prompt", "intelligence"]),
1174
- "state": z.enum(["legacy", "cutover", "disabled"]),
1175
- "metadata": z.record(z.any()).optional(),
1176
- "updatedBy": z.string(),
1177
- "createdAt": z.number(),
1178
- "updatedAt": z.number()
1212
+ domain: z.enum([
1213
+ "graph",
1214
+ "schema",
1215
+ "identity",
1216
+ "policy",
1217
+ "audit",
1218
+ "admin",
1219
+ "agent",
1220
+ "tool",
1221
+ "prompt",
1222
+ "intelligence"
1223
+ ]),
1224
+ state: z.enum(["legacy", "cutover", "disabled"]),
1225
+ metadata: z.record(z.any()).optional(),
1226
+ updatedBy: z.string(),
1227
+ createdAt: z.number(),
1228
+ updatedAt: z.number()
1179
1229
  }),
1180
1230
  indices: [
1181
1231
  { kind: "index", name: "by_domain", columns: ["domain"] },
@@ -1187,57 +1237,193 @@ var tenantDeploymentCredentials = defineTable({
1187
1237
  component: "mc",
1188
1238
  category: "runtime",
1189
1239
  shape: z.object({
1190
- "credentialRef": z.string(),
1191
- "tenantId": idOf("tenants"),
1192
- "target": z.enum(["kernelDeployment", "appDeployment"]),
1193
- "environment": z.enum(["dev", "staging", "prod"]),
1194
- "encryptedDeployKey": z.string(),
1195
- "encryptionVersion": z.string(),
1196
- "keyFingerprint": z.string(),
1197
- "keyHint": z.string(),
1198
- "status": z.enum(["active", "revoked"]),
1199
- "rotatedFromCredentialRef": z.string().optional(),
1200
- "revokedAt": z.number().optional(),
1201
- "revokedBy": z.string().optional(),
1202
- "lastUsedAt": z.number().optional(),
1203
- "metadata": z.record(z.any()).optional(),
1204
- "createdBy": z.string(),
1205
- "createdAt": z.number(),
1206
- "updatedAt": z.number()
1240
+ credentialRef: z.string(),
1241
+ tenantId: idOf("tenants"),
1242
+ workspaceId: idOf("workspaces").optional(),
1243
+ target: z.enum(["kernelDeployment", "appDeployment"]),
1244
+ environment: z.enum(["dev", "staging", "prod"]),
1245
+ encryptedDeployKey: z.string(),
1246
+ encryptionVersion: z.string(),
1247
+ keyFingerprint: z.string(),
1248
+ keyHint: z.string(),
1249
+ status: z.enum(["active", "revoked"]),
1250
+ rotatedFromCredentialRef: z.string().optional(),
1251
+ revokedAt: z.number().optional(),
1252
+ revokedBy: z.string().optional(),
1253
+ lastUsedAt: z.number().optional(),
1254
+ metadata: z.record(z.any()).optional(),
1255
+ createdBy: z.string(),
1256
+ createdAt: z.number(),
1257
+ updatedAt: z.number()
1207
1258
  }),
1208
1259
  indices: [
1209
1260
  { kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
1210
1261
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1211
- { kind: "index", name: "by_tenant_target", columns: ["tenantId", "target"] },
1212
- { kind: "index", name: "by_tenant_target_environment", columns: ["tenantId", "target", "environment"] },
1213
- { kind: "index", name: "by_tenant_target_environment_status", columns: ["tenantId", "target", "environment", "status"] },
1262
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
1263
+ {
1264
+ kind: "index",
1265
+ name: "by_tenant_target",
1266
+ columns: ["tenantId", "target"]
1267
+ },
1268
+ {
1269
+ kind: "index",
1270
+ name: "by_tenant_target_environment",
1271
+ columns: ["tenantId", "target", "environment"]
1272
+ },
1273
+ {
1274
+ kind: "index",
1275
+ name: "by_tenant_target_environment_status",
1276
+ columns: ["tenantId", "target", "environment", "status"]
1277
+ },
1278
+ {
1279
+ kind: "index",
1280
+ name: "by_tenant_workspace_target_environment_status",
1281
+ columns: ["tenantId", "workspaceId", "target", "environment", "status"]
1282
+ },
1214
1283
  { kind: "index", name: "by_status", columns: ["status"] }
1215
1284
  ]
1216
1285
  });
1286
+ var permitSyncStates = defineTable({
1287
+ name: "permitSyncStates",
1288
+ component: "mc",
1289
+ category: "runtime",
1290
+ shape: z.object({
1291
+ syncKey: z.string(),
1292
+ objectType: z.enum([
1293
+ "resource",
1294
+ "role",
1295
+ "resource_role",
1296
+ "resource_relation",
1297
+ "tenant",
1298
+ "workspace",
1299
+ "principal",
1300
+ "membership",
1301
+ "group",
1302
+ "resource_instance",
1303
+ "relationship_tuple",
1304
+ "role_assignment"
1305
+ ]),
1306
+ objectId: z.string(),
1307
+ tenantId: idOf("tenants").optional(),
1308
+ workspaceId: idOf("workspaces").optional(),
1309
+ principalId: z.string().optional(),
1310
+ permitTenantKey: z.string().optional(),
1311
+ permitResourceType: z.string().optional(),
1312
+ permitResourceKey: z.string().optional(),
1313
+ desiredPayload: z.record(z.any()),
1314
+ lastAppliedPayloadHash: z.string().optional(),
1315
+ status: z.enum(["pending", "synced", "error", "skipped"]),
1316
+ attemptCount: z.number(),
1317
+ lastError: z.string().optional(),
1318
+ nextAttemptAt: z.number().optional(),
1319
+ lastSyncedAt: z.number().optional(),
1320
+ createdBy: z.string(),
1321
+ updatedBy: z.string().optional(),
1322
+ createdAt: z.number(),
1323
+ updatedAt: z.number()
1324
+ }),
1325
+ indices: [
1326
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
1327
+ { kind: "index", name: "by_status", columns: ["status"] },
1328
+ {
1329
+ kind: "index",
1330
+ name: "by_tenant_status",
1331
+ columns: ["tenantId", "status"]
1332
+ },
1333
+ {
1334
+ kind: "index",
1335
+ name: "by_workspace_status",
1336
+ columns: ["workspaceId", "status"]
1337
+ },
1338
+ {
1339
+ kind: "index",
1340
+ name: "by_principal_status",
1341
+ columns: ["principalId", "status"]
1342
+ }
1343
+ ]
1344
+ });
1345
+ var secretSyncDriftReports = defineTable({
1346
+ name: "secretSyncDriftReports",
1347
+ component: "mc",
1348
+ category: "runtime",
1349
+ shape: z.object({
1350
+ reportId: z.string(),
1351
+ source: z.enum(["infisical_manifest", "manual", "ci"]),
1352
+ generatedAt: z.number(),
1353
+ recordedAt: z.number(),
1354
+ recordedBy: z.string(),
1355
+ status: z.enum([
1356
+ "in_sync",
1357
+ "drift",
1358
+ "exception",
1359
+ "blocked",
1360
+ "not_observed"
1361
+ ]),
1362
+ reportHash: z.string(),
1363
+ manifestHash: z.string().optional(),
1364
+ dryRunReceiptId: z.string().optional(),
1365
+ appliedReceiptId: z.string().optional(),
1366
+ summary: z.object({
1367
+ totalPipelines: z.number(),
1368
+ inSync: z.number(),
1369
+ drift: z.number(),
1370
+ exception: z.number(),
1371
+ blocked: z.number(),
1372
+ notObserved: z.number(),
1373
+ missingKeys: z.number(),
1374
+ valueDriftKeys: z.number(),
1375
+ extraKeys: z.number(),
1376
+ deniedConvexLeakage: z.number(),
1377
+ approvedExceptions: z.number()
1378
+ }),
1379
+ redactedReport: z.record(z.any()),
1380
+ metadata: z.record(z.any()).optional()
1381
+ }),
1382
+ indices: [
1383
+ { kind: "index", name: "by_reportId", columns: ["reportId"] },
1384
+ { kind: "index", name: "by_reportHash", columns: ["reportHash"] },
1385
+ { kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
1386
+ {
1387
+ kind: "index",
1388
+ name: "by_status_generatedAt",
1389
+ columns: ["status", "generatedAt"]
1390
+ }
1391
+ ]
1392
+ });
1217
1393
  var controlPlaneTenantModelSlotBindings = defineTable({
1218
1394
  name: "controlPlaneTenantModelSlotBindings",
1219
1395
  component: "mc",
1220
1396
  category: "runtime",
1221
1397
  shape: z.object({
1222
- "bindingId": z.string(),
1223
- "tenantId": idOf("tenants"),
1224
- "providerId": z.string(),
1225
- "modelSlotId": z.string(),
1226
- "secretRef": z.string(),
1227
- "status": z.enum(["active", "revoked"]),
1228
- "passThroughOnly": z.boolean(),
1229
- "revokedAt": z.number().optional(),
1230
- "revokedBy": z.string().optional(),
1231
- "metadata": z.record(z.any()).optional(),
1232
- "createdBy": z.string(),
1233
- "createdAt": z.number(),
1234
- "updatedAt": z.number()
1398
+ bindingId: z.string(),
1399
+ tenantId: idOf("tenants"),
1400
+ workspaceId: idOf("workspaces").optional(),
1401
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1402
+ providerId: z.string(),
1403
+ modelSlotId: z.string(),
1404
+ secretRef: z.string(),
1405
+ status: z.enum(["active", "revoked"]),
1406
+ passThroughOnly: z.boolean(),
1407
+ revokedAt: z.number().optional(),
1408
+ revokedBy: z.string().optional(),
1409
+ metadata: z.record(z.any()).optional(),
1410
+ createdBy: z.string(),
1411
+ createdAt: z.number(),
1412
+ updatedAt: z.number()
1235
1413
  }),
1236
1414
  indices: [
1237
1415
  { kind: "index", name: "by_bindingId", columns: ["bindingId"] },
1238
1416
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1239
- { kind: "index", name: "by_tenant_slot", columns: ["tenantId", "modelSlotId"] },
1240
- { kind: "index", name: "by_tenant_provider_slot", columns: ["tenantId", "providerId", "modelSlotId"] },
1417
+ {
1418
+ kind: "index",
1419
+ name: "by_tenant_slot",
1420
+ columns: ["tenantId", "modelSlotId"]
1421
+ },
1422
+ {
1423
+ kind: "index",
1424
+ name: "by_tenant_provider_slot",
1425
+ columns: ["tenantId", "providerId", "modelSlotId"]
1426
+ },
1241
1427
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1242
1428
  { kind: "index", name: "by_status", columns: ["status"] }
1243
1429
  ]
@@ -1247,29 +1433,42 @@ var controlPlaneTenantProviderSecrets = defineTable({
1247
1433
  component: "mc",
1248
1434
  category: "runtime",
1249
1435
  shape: z.object({
1250
- "secretRef": z.string(),
1251
- "tenantId": idOf("tenants"),
1252
- "providerId": z.string(),
1253
- "label": z.string().optional(),
1254
- "encryptedSecret": z.string(),
1255
- "encryptionVersion": z.string(),
1256
- "secretFingerprint": z.string(),
1257
- "keyHint": z.string(),
1258
- "status": z.enum(["active", "revoked"]),
1259
- "rotatedFromSecretRef": z.string().optional(),
1260
- "revokedAt": z.number().optional(),
1261
- "revokedBy": z.string().optional(),
1262
- "lastUsedAt": z.number().optional(),
1263
- "metadata": z.record(z.any()).optional(),
1264
- "createdBy": z.string(),
1265
- "createdAt": z.number(),
1266
- "updatedAt": z.number()
1436
+ secretRef: z.string(),
1437
+ tenantId: idOf("tenants"),
1438
+ workspaceId: idOf("workspaces").optional(),
1439
+ environment: z.enum(["dev", "staging", "prod"]).optional(),
1440
+ providerId: z.string(),
1441
+ label: z.string().optional(),
1442
+ encryptedSecret: z.string().optional(),
1443
+ infisicalPath: z.string().optional(),
1444
+ infisicalSecretKey: z.string().optional(),
1445
+ infisicalProjectId: z.string().optional(),
1446
+ encryptionVersion: z.string(),
1447
+ secretFingerprint: z.string(),
1448
+ keyHint: z.string(),
1449
+ status: z.enum(["active", "revoked"]),
1450
+ rotatedFromSecretRef: z.string().optional(),
1451
+ revokedAt: z.number().optional(),
1452
+ revokedBy: z.string().optional(),
1453
+ lastUsedAt: z.number().optional(),
1454
+ metadata: z.record(z.any()).optional(),
1455
+ createdBy: z.string(),
1456
+ createdAt: z.number(),
1457
+ updatedAt: z.number()
1267
1458
  }),
1268
1459
  indices: [
1269
1460
  { kind: "index", name: "by_secretRef", columns: ["secretRef"] },
1270
1461
  { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
1271
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId"] },
1272
- { kind: "index", name: "by_tenant_provider_status", columns: ["tenantId", "providerId", "status"] },
1462
+ {
1463
+ kind: "index",
1464
+ name: "by_tenant_provider",
1465
+ columns: ["tenantId", "providerId"]
1466
+ },
1467
+ {
1468
+ kind: "index",
1469
+ name: "by_tenant_provider_status",
1470
+ columns: ["tenantId", "providerId", "status"]
1471
+ },
1273
1472
  { kind: "index", name: "by_status", columns: ["status"] }
1274
1473
  ]
1275
1474
  });
@@ -1278,35 +1477,93 @@ var controlPlaneTenantProxyGatewayUsage = defineTable({
1278
1477
  component: "mc",
1279
1478
  category: "runtime",
1280
1479
  shape: z.object({
1281
- "usageId": z.string(),
1282
- "tenantId": idOf("tenants"),
1283
- "providerId": z.string(),
1284
- "modelSlotId": z.string(),
1285
- "secretRef": z.string(),
1286
- "proxyTokenId": z.string(),
1287
- "sessionId": z.string(),
1288
- "principalId": z.string(),
1289
- "workspaceId": z.string().optional(),
1290
- "modelId": z.string().optional(),
1291
- "requestPath": z.string(),
1292
- "status": z.enum(["success", "error"]),
1293
- "responseStatus": z.number().optional(),
1294
- "inputTokens": z.number().optional(),
1295
- "outputTokens": z.number().optional(),
1296
- "tokenCount": z.number().optional(),
1297
- "latencyMs": z.number(),
1298
- "estimatedCostUsd": z.number().optional(),
1299
- "failureCode": z.string().optional(),
1300
- "metadata": z.record(z.any()).optional(),
1301
- "createdAt": z.number(),
1302
- "updatedAt": z.number()
1480
+ usageId: z.string(),
1481
+ tenantId: idOf("tenants"),
1482
+ providerId: z.string(),
1483
+ modelSlotId: z.string(),
1484
+ secretRef: z.string(),
1485
+ proxyTokenId: z.string(),
1486
+ sessionId: z.string(),
1487
+ principalId: z.string(),
1488
+ workspaceId: z.string().optional(),
1489
+ modelId: z.string().optional(),
1490
+ requestPath: z.string(),
1491
+ status: z.enum(["success", "error"]),
1492
+ responseStatus: z.number().optional(),
1493
+ inputTokens: z.number().optional(),
1494
+ outputTokens: z.number().optional(),
1495
+ tokenCount: z.number().optional(),
1496
+ latencyMs: z.number(),
1497
+ estimatedCostUsd: z.number().optional(),
1498
+ failureCode: z.string().optional(),
1499
+ metadata: z.record(z.any()).optional(),
1500
+ createdAt: z.number(),
1501
+ updatedAt: z.number()
1303
1502
  }),
1304
1503
  indices: [
1305
1504
  { kind: "index", name: "by_usageId", columns: ["usageId"] },
1306
1505
  { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1307
- { kind: "index", name: "by_tenant_provider", columns: ["tenantId", "providerId", "createdAt"] },
1308
- { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId", "createdAt"] },
1309
- { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] }
1506
+ {
1507
+ kind: "index",
1508
+ name: "by_tenant_provider",
1509
+ columns: ["tenantId", "providerId", "createdAt"]
1510
+ },
1511
+ {
1512
+ kind: "index",
1513
+ name: "by_proxyTokenId",
1514
+ columns: ["proxyTokenId", "createdAt"]
1515
+ },
1516
+ {
1517
+ kind: "index",
1518
+ name: "by_sessionId",
1519
+ columns: ["sessionId", "createdAt"]
1520
+ }
1521
+ ]
1522
+ });
1523
+ var controlPlaneTenantProxyTokenLeases = defineTable({
1524
+ name: "controlPlaneTenantProxyTokenLeases",
1525
+ component: "mc",
1526
+ category: "runtime",
1527
+ shape: z.object({
1528
+ leaseId: z.string(),
1529
+ proxyTokenId: z.string(),
1530
+ tenantId: idOf("tenants"),
1531
+ workspaceId: idOf("workspaces").optional(),
1532
+ environment: z.enum(["dev", "staging", "prod"]),
1533
+ providerId: z.string(),
1534
+ modelSlotId: z.string(),
1535
+ bindingId: z.string(),
1536
+ secretRef: z.string(),
1537
+ sessionId: z.string(),
1538
+ principalId: z.string(),
1539
+ agentSessionId: z.string().optional(),
1540
+ status: z.enum(["active", "revoked"]),
1541
+ expiresAt: z.number(),
1542
+ renewedAt: z.number().optional(),
1543
+ revokedAt: z.number().optional(),
1544
+ revokedBy: z.string().optional(),
1545
+ revokeReason: z.string().optional(),
1546
+ permitDecisionLogId: idOf("policyDecisionLogs").optional(),
1547
+ permitTraceId: z.string().optional(),
1548
+ metadata: z.record(z.any()).optional(),
1549
+ createdAt: z.number(),
1550
+ updatedAt: z.number()
1551
+ }),
1552
+ indices: [
1553
+ { kind: "index", name: "by_leaseId", columns: ["leaseId"] },
1554
+ { kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
1555
+ { kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
1556
+ { kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
1557
+ {
1558
+ kind: "index",
1559
+ name: "by_principalId",
1560
+ columns: ["principalId", "createdAt"]
1561
+ },
1562
+ {
1563
+ kind: "index",
1564
+ name: "by_status_expiresAt",
1565
+ columns: ["status", "expiresAt"]
1566
+ }
1310
1567
  ]
1311
1568
  });
1312
1569
  var crossProjectConnections = defineTable({
@@ -1648,6 +1905,7 @@ var epistemicNodes = defineTable({
1648
1905
  "questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
1649
1906
  "questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
1650
1907
  "answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
1908
+ "themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
1651
1909
  "themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
1652
1910
  "decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
1653
1911
  "decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
@@ -1798,6 +2056,7 @@ var memberships = defineTable({
1798
2056
  indices: [
1799
2057
  { kind: "index", name: "by_principalId", columns: ["principalId"] },
1800
2058
  { kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
2059
+ { kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
1801
2060
  { kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
1802
2061
  { kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
1803
2062
  { kind: "index", name: "by_status", columns: ["status"] }
@@ -1829,6 +2088,36 @@ var principals = defineTable({
1829
2088
  { kind: "index", name: "by_status", columns: ["status"] }
1830
2089
  ]
1831
2090
  });
2091
+ var principalIdentityAliases = defineTable({
2092
+ name: "principalIdentityAliases",
2093
+ component: "mc",
2094
+ category: "identity",
2095
+ shape: z.object({
2096
+ "principalId": z.string(),
2097
+ "principalRefId": idOf("principals").optional(),
2098
+ "provider": z.string(),
2099
+ "providerProjectId": z.string().optional(),
2100
+ "externalSubjectId": z.string(),
2101
+ "tenantId": idOf("tenants").optional(),
2102
+ "workspaceId": idOf("workspaces").optional(),
2103
+ "email": z.string().optional(),
2104
+ "status": z.enum(["active", "revoked"]),
2105
+ "metadata": z.record(z.any()).optional(),
2106
+ "createdBy": z.string(),
2107
+ "revokedAt": z.number().optional(),
2108
+ "revokedBy": z.string().optional(),
2109
+ "createdAt": z.number(),
2110
+ "updatedAt": z.number()
2111
+ }),
2112
+ indices: [
2113
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
2114
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
2115
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
2116
+ { kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
2117
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
2118
+ { kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
2119
+ ]
2120
+ });
1832
2121
  var rateLimitWindows = defineTable({
1833
2122
  name: "rateLimitWindows",
1834
2123
  component: "mc",
@@ -2418,7 +2707,7 @@ var lensTopicBindings = defineTable({
2418
2707
  });
2419
2708
  var mcpWritePolicy = defineTable({
2420
2709
  name: "mcpWritePolicy",
2421
- component: "identity",
2710
+ component: "control-plane",
2422
2711
  category: "platform",
2423
2712
  shape: z.object({
2424
2713
  "topicId": z.string().optional(),
@@ -2441,7 +2730,7 @@ var mcpWritePolicy = defineTable({
2441
2730
  });
2442
2731
  var platformAudienceGrants = defineTable({
2443
2732
  name: "platformAudienceGrants",
2444
- component: "identity",
2733
+ component: "control-plane",
2445
2734
  category: "platform",
2446
2735
  shape: z.object({
2447
2736
  "tenantId": z.string(),
@@ -2467,7 +2756,7 @@ var platformAudienceGrants = defineTable({
2467
2756
  });
2468
2757
  var platformAudiences = defineTable({
2469
2758
  name: "platformAudiences",
2470
- component: "identity",
2759
+ component: "control-plane",
2471
2760
  category: "platform",
2472
2761
  shape: z.object({
2473
2762
  "tenantId": z.string(),
@@ -2492,7 +2781,7 @@ var platformAudiences = defineTable({
2492
2781
  });
2493
2782
  var platformPolicyDecisionLogs = defineTable({
2494
2783
  name: "platformPolicyDecisionLogs",
2495
- component: "identity",
2784
+ component: "control-plane",
2496
2785
  category: "platform",
2497
2786
  shape: z.object({
2498
2787
  "principalId": z.string(),
@@ -2528,7 +2817,7 @@ var platformPolicyDecisionLogs = defineTable({
2528
2817
  });
2529
2818
  var tenantApiKeys = defineTable({
2530
2819
  name: "tenantApiKeys",
2531
- component: "identity",
2820
+ component: "control-plane",
2532
2821
  category: "platform",
2533
2822
  shape: z.object({
2534
2823
  "tenantId": z.string(),
@@ -2555,7 +2844,7 @@ var tenantApiKeys = defineTable({
2555
2844
  });
2556
2845
  var tenantConfig = defineTable({
2557
2846
  name: "tenantConfig",
2558
- component: "identity",
2847
+ component: "control-plane",
2559
2848
  category: "platform",
2560
2849
  shape: z.object({
2561
2850
  "tenantId": z.string(),
@@ -2574,7 +2863,7 @@ var tenantConfig = defineTable({
2574
2863
  });
2575
2864
  var tenantIntegrations = defineTable({
2576
2865
  name: "tenantIntegrations",
2577
- component: "identity",
2866
+ component: "control-plane",
2578
2867
  category: "platform",
2579
2868
  shape: z.object({
2580
2869
  "tenantId": z.string(),
@@ -2629,7 +2918,7 @@ var tenantIntegrations = defineTable({
2629
2918
  });
2630
2919
  var tenantModelSlotBindings = defineTable({
2631
2920
  name: "tenantModelSlotBindings",
2632
- component: "identity",
2921
+ component: "control-plane",
2633
2922
  category: "platform",
2634
2923
  shape: z.object({
2635
2924
  "bindingId": z.string(),
@@ -2657,7 +2946,7 @@ var tenantModelSlotBindings = defineTable({
2657
2946
  });
2658
2947
  var tenantPolicies = defineTable({
2659
2948
  name: "tenantPolicies",
2660
- component: "identity",
2949
+ component: "control-plane",
2661
2950
  category: "platform",
2662
2951
  shape: z.object({
2663
2952
  "tenantId": z.string(),
@@ -2682,7 +2971,7 @@ var tenantPolicies = defineTable({
2682
2971
  });
2683
2972
  var tenantProviderSecrets = defineTable({
2684
2973
  name: "tenantProviderSecrets",
2685
- component: "identity",
2974
+ component: "control-plane",
2686
2975
  category: "platform",
2687
2976
  shape: z.object({
2688
2977
  "secretRef": z.string(),
@@ -2713,7 +3002,7 @@ var tenantProviderSecrets = defineTable({
2713
3002
  });
2714
3003
  var tenantProxyGatewayUsage = defineTable({
2715
3004
  name: "tenantProxyGatewayUsage",
2716
- component: "identity",
3005
+ component: "control-plane",
2717
3006
  category: "platform",
2718
3007
  shape: z.object({
2719
3008
  "usageId": z.string(),
@@ -2748,7 +3037,7 @@ var tenantProxyGatewayUsage = defineTable({
2748
3037
  });
2749
3038
  var tenantProxyTokenMints = defineTable({
2750
3039
  name: "tenantProxyTokenMints",
2751
- component: "identity",
3040
+ component: "control-plane",
2752
3041
  category: "platform",
2753
3042
  shape: z.object({
2754
3043
  "proxyTokenId": z.string(),
@@ -2771,7 +3060,7 @@ var tenantProxyTokenMints = defineTable({
2771
3060
  });
2772
3061
  var tenantSandboxAuditEvents = defineTable({
2773
3062
  name: "tenantSandboxAuditEvents",
2774
- component: "identity",
3063
+ component: "control-plane",
2775
3064
  category: "platform",
2776
3065
  shape: z.object({
2777
3066
  "eventId": z.string(),
@@ -2805,7 +3094,7 @@ var tenantSandboxAuditEvents = defineTable({
2805
3094
  });
2806
3095
  var tenantSecrets = defineTable({
2807
3096
  name: "tenantSecrets",
2808
- component: "identity",
3097
+ component: "control-plane",
2809
3098
  category: "platform",
2810
3099
  shape: z.object({
2811
3100
  "tenantId": z.string(),
@@ -2827,7 +3116,7 @@ var tenantSecrets = defineTable({
2827
3116
  });
2828
3117
  var toolAcls = defineTable({
2829
3118
  name: "toolAcls",
2830
- component: "identity",
3119
+ component: "control-plane",
2831
3120
  category: "platform",
2832
3121
  shape: z.object({
2833
3122
  "role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
@@ -2842,7 +3131,7 @@ var toolAcls = defineTable({
2842
3131
  });
2843
3132
  var toolRegistry = defineTable({
2844
3133
  name: "toolRegistry",
2845
- component: "identity",
3134
+ component: "control-plane",
2846
3135
  category: "platform",
2847
3136
  shape: z.object({
2848
3137
  "toolName": z.string(),
@@ -2923,7 +3212,7 @@ var tenantMethodologyAssignments = defineTable({
2923
3212
  });
2924
3213
  var modelCallLogs = defineTable({
2925
3214
  name: "modelCallLogs",
2926
- component: "identity",
3215
+ component: "control-plane",
2927
3216
  category: "model",
2928
3217
  shape: z.object({
2929
3218
  "slot": z.string(),
@@ -2949,7 +3238,7 @@ var modelCallLogs = defineTable({
2949
3238
  });
2950
3239
  var modelFunctionSlots = defineTable({
2951
3240
  name: "modelFunctionSlots",
2952
- component: "identity",
3241
+ component: "control-plane",
2953
3242
  category: "model",
2954
3243
  shape: z.object({
2955
3244
  "slot": z.string(),
@@ -2974,7 +3263,7 @@ var modelFunctionSlots = defineTable({
2974
3263
  });
2975
3264
  var modelRegistry = defineTable({
2976
3265
  name: "modelRegistry",
2977
- component: "identity",
3266
+ component: "control-plane",
2978
3267
  category: "model",
2979
3268
  shape: z.object({
2980
3269
  "key": z.string(),
@@ -3001,7 +3290,7 @@ var modelRegistry = defineTable({
3001
3290
  });
3002
3291
  var modelSlotConfigs = defineTable({
3003
3292
  name: "modelSlotConfigs",
3004
- component: "identity",
3293
+ component: "control-plane",
3005
3294
  category: "model",
3006
3295
  shape: z.object({
3007
3296
  "slot": z.string(),
@@ -3388,7 +3677,7 @@ var policyDecisionLogs = defineTable({
3388
3677
  "workspaceId": idOf("workspaces").optional(),
3389
3678
  "resourceType": z.string(),
3390
3679
  "resourceId": z.string(),
3391
- "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
3680
+ "action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
3392
3681
  "decision": z.enum(["allow", "deny"]),
3393
3682
  "reasonCode": z.string(),
3394
3683
  "policyVersion": z.string(),
@@ -3450,7 +3739,7 @@ var controlPlaneToolAcls = defineTable({
3450
3739
  });
3451
3740
  var projectGrants = defineTable({
3452
3741
  name: "projectGrants",
3453
- component: "identity",
3742
+ component: "control-plane",
3454
3743
  category: "project",
3455
3744
  shape: z.object({
3456
3745
  "projectId": z.string().optional(),
@@ -3482,9 +3771,653 @@ var projectGrants = defineTable({
3482
3771
  { kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
3483
3772
  ]
3484
3773
  });
3774
+ var permitActorType = z.enum([
3775
+ "human",
3776
+ "agent",
3777
+ "service_principal",
3778
+ "external_stakeholder",
3779
+ "system"
3780
+ ]);
3781
+ var permitMembershipStatus = z.enum([
3782
+ "active",
3783
+ "invited",
3784
+ "revoked",
3785
+ "suspended",
3786
+ "disabled"
3787
+ ]);
3788
+ var permitDecision = z.enum(["allow", "deny"]);
3789
+ var permitAccessReviewStatus = z.enum([
3790
+ "open",
3791
+ "in_progress",
3792
+ "approved",
3793
+ "denied",
3794
+ "expired",
3795
+ "cancelled"
3796
+ ]);
3797
+ var permitReviewScope = z.enum([
3798
+ "tenant",
3799
+ "workspace",
3800
+ "resource_instance",
3801
+ "group",
3802
+ "principal",
3803
+ "api_key",
3804
+ "admin_action"
3805
+ ]);
3806
+ var permitRecordStatus = z.enum([
3807
+ "queued",
3808
+ "inflight",
3809
+ "completed",
3810
+ "failed",
3811
+ "skipped",
3812
+ "stale"
3813
+ ]);
3814
+ var permitObjectType = z.enum([
3815
+ "resource",
3816
+ "role",
3817
+ "resource_role",
3818
+ "resource_relation",
3819
+ "tenant",
3820
+ "workspace",
3821
+ "principal",
3822
+ "membership",
3823
+ "group",
3824
+ "resource_instance",
3825
+ "relationship_tuple",
3826
+ "role_assignment",
3827
+ "attribute_binding",
3828
+ "policy_bundle"
3829
+ ]);
3830
+ var permitOutboxOperation = z.enum([
3831
+ "upsert",
3832
+ "delete",
3833
+ "sync",
3834
+ "resync",
3835
+ "delete_sync",
3836
+ "noop"
3837
+ ]);
3838
+ var permitPolicyBundleStatus = z.enum([
3839
+ "draft",
3840
+ "validated",
3841
+ "enforced",
3842
+ "archived"
3843
+ ]);
3844
+ var permitSyncStatus = z.enum([
3845
+ "pending",
3846
+ "synced",
3847
+ "error",
3848
+ "skipped"
3849
+ ]);
3850
+ var permitAccessReviewSubjectType = z.enum([
3851
+ "principal",
3852
+ "group",
3853
+ "role_assignment",
3854
+ "resource_instance"
3855
+ ]);
3856
+ var permitAttributeType = z.enum([
3857
+ "string",
3858
+ "number",
3859
+ "bool",
3860
+ "json",
3861
+ "time"
3862
+ ]);
3863
+ var permitAttributeOperator = z.enum([
3864
+ "eq",
3865
+ "neq",
3866
+ "in",
3867
+ "not_in",
3868
+ "gt",
3869
+ "gte",
3870
+ "lt",
3871
+ "lte",
3872
+ "contains",
3873
+ "not_contains",
3874
+ "matches"
3875
+ ]);
3876
+ var permitRoleBindingTarget = z.enum([
3877
+ "principal",
3878
+ "group"
3879
+ ]);
3880
+ var permitPrincipals = defineTable({
3881
+ name: "permitPrincipals",
3882
+ component: "control-plane",
3883
+ category: "access-control",
3884
+ shape: z.object({
3885
+ principalId: z.string(),
3886
+ tenantId: z.string(),
3887
+ workspaceId: z.optional(z.string()),
3888
+ principalType: permitActorType,
3889
+ status: permitMembershipStatus,
3890
+ displayName: z.string().optional(),
3891
+ metadata: z.record(z.any()).optional(),
3892
+ createdBy: z.string(),
3893
+ createdAt: z.number(),
3894
+ updatedAt: z.number(),
3895
+ updatedBy: z.string().optional(),
3896
+ lastSeenAt: z.number().optional()
3897
+ }),
3898
+ indices: [
3899
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3900
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3901
+ { kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
3902
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
3903
+ {
3904
+ kind: "index",
3905
+ name: "by_tenant_principalType_status",
3906
+ columns: ["tenantId", "principalType", "status"]
3907
+ }
3908
+ ]
3909
+ });
3910
+ var permitPrincipalAliases = defineTable({
3911
+ name: "permitPrincipalAliases",
3912
+ component: "control-plane",
3913
+ category: "access-control",
3914
+ shape: z.object({
3915
+ principalId: z.string(),
3916
+ tenantId: z.string(),
3917
+ workspaceId: z.optional(z.string()),
3918
+ provider: z.string(),
3919
+ providerSubjectId: z.string(),
3920
+ providerProjectId: z.string().optional(),
3921
+ alias: z.string(),
3922
+ aliasKind: z.string(),
3923
+ status: permitMembershipStatus,
3924
+ metadata: z.record(z.any()).optional(),
3925
+ createdBy: z.string(),
3926
+ createdAt: z.number(),
3927
+ updatedAt: z.number(),
3928
+ revokedBy: z.string().optional(),
3929
+ revokedAt: z.number().optional(),
3930
+ updatedBy: z.string().optional()
3931
+ }),
3932
+ indices: [
3933
+ { kind: "index", name: "by_principalId", columns: ["principalId"] },
3934
+ { kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
3935
+ { kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
3936
+ { kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
3937
+ { kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
3938
+ {
3939
+ kind: "index",
3940
+ name: "by_tenant_provider_alias",
3941
+ columns: ["tenantId", "provider", "alias"]
3942
+ },
3943
+ { kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
3944
+ {
3945
+ kind: "index",
3946
+ name: "by_tenant_provider_status",
3947
+ columns: ["tenantId", "provider", "status"]
3948
+ }
3949
+ ]
3950
+ });
3951
+ var permitGroups = defineTable({
3952
+ name: "permitGroups",
3953
+ component: "control-plane",
3954
+ category: "access-control",
3955
+ shape: z.object({
3956
+ tenantId: z.string(),
3957
+ workspaceId: z.optional(z.string()),
3958
+ groupId: z.string(),
3959
+ groupKey: z.string(),
3960
+ groupName: z.string(),
3961
+ groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
3962
+ status: permitMembershipStatus,
3963
+ description: z.string().optional(),
3964
+ metadata: z.record(z.any()).optional(),
3965
+ createdBy: z.string(),
3966
+ createdAt: z.number(),
3967
+ updatedAt: z.number(),
3968
+ updatedBy: z.string().optional()
3969
+ }),
3970
+ indices: [
3971
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
3972
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
3973
+ { kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
3974
+ { kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
3975
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
3976
+ ]
3977
+ });
3978
+ var permitGroupMemberships = defineTable({
3979
+ name: "permitGroupMemberships",
3980
+ component: "control-plane",
3981
+ category: "access-control",
3982
+ shape: z.object({
3983
+ tenantId: z.string(),
3984
+ workspaceId: z.optional(z.string()),
3985
+ groupId: z.string(),
3986
+ memberType: z.enum(["principal", "group"]),
3987
+ memberId: z.string(),
3988
+ principalId: z.string().optional(),
3989
+ childGroupId: z.string().optional(),
3990
+ status: permitMembershipStatus,
3991
+ addedBy: z.string().optional(),
3992
+ revokedBy: z.string().optional(),
3993
+ expiresAt: z.number().optional(),
3994
+ revocationReason: z.string().optional(),
3995
+ metadata: z.record(z.any()).optional(),
3996
+ createdAt: z.number(),
3997
+ updatedAt: z.number(),
3998
+ updatedBy: z.string().optional()
3999
+ }),
4000
+ indices: [
4001
+ { kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
4002
+ { kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
4003
+ {
4004
+ kind: "index",
4005
+ name: "by_tenant_member_group",
4006
+ columns: ["tenantId", "memberType", "memberId", "groupId"]
4007
+ },
4008
+ { kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
4009
+ { kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
4010
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
4011
+ {
4012
+ kind: "index",
4013
+ name: "by_workspace_principal",
4014
+ columns: ["workspaceId", "principalId"]
4015
+ }
4016
+ ]
4017
+ });
4018
+ var permitResourceInstances = defineTable({
4019
+ name: "permitResourceInstances",
4020
+ component: "control-plane",
4021
+ category: "access-control",
4022
+ shape: z.object({
4023
+ tenantId: z.string(),
4024
+ workspaceId: z.optional(z.string()),
4025
+ resourceType: z.string(),
4026
+ resourceKey: z.string(),
4027
+ resourceId: z.string(),
4028
+ status: z.enum(["active", "deleted", "archived"]),
4029
+ attributes: z.record(z.any()).optional(),
4030
+ ownerPrincipalId: z.string().optional(),
4031
+ metadata: z.record(z.any()).optional(),
4032
+ createdBy: z.string(),
4033
+ updatedBy: z.string().optional(),
4034
+ createdAt: z.number(),
4035
+ updatedAt: z.number()
4036
+ }),
4037
+ indices: [
4038
+ {
4039
+ kind: "index",
4040
+ name: "by_tenant_resource_type",
4041
+ columns: ["tenantId", "resourceType"]
4042
+ },
4043
+ {
4044
+ kind: "index",
4045
+ name: "by_tenant_resource_key",
4046
+ columns: ["tenantId", "resourceType", "resourceKey"]
4047
+ },
4048
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4049
+ { kind: "index", name: "by_status", columns: ["status"] },
4050
+ {
4051
+ kind: "index",
4052
+ name: "by_tenant_status",
4053
+ columns: ["tenantId", "status"]
4054
+ },
4055
+ {
4056
+ kind: "index",
4057
+ name: "by_ownerPrincipalId",
4058
+ columns: ["ownerPrincipalId"]
4059
+ }
4060
+ ]
4061
+ });
4062
+ var permitRoleAssignments = defineTable({
4063
+ name: "permitRoleAssignments",
4064
+ component: "control-plane",
4065
+ category: "access-control",
4066
+ shape: z.object({
4067
+ tenantId: z.string(),
4068
+ workspaceId: z.optional(z.string()),
4069
+ role: z.string(),
4070
+ targetType: permitRoleBindingTarget,
4071
+ targetId: z.string(),
4072
+ resourceType: z.string(),
4073
+ resourceKey: z.string(),
4074
+ resourceInstanceId: z.string().optional(),
4075
+ status: permitMembershipStatus,
4076
+ expiresAt: z.number().optional(),
4077
+ attributes: z.record(z.any()).optional(),
4078
+ grantedBy: z.string().optional(),
4079
+ updatedBy: z.string().optional(),
4080
+ revokedBy: z.string().optional(),
4081
+ createdAt: z.number(),
4082
+ updatedAt: z.number()
4083
+ }),
4084
+ indices: [
4085
+ {
4086
+ kind: "index",
4087
+ name: "by_tenant_target",
4088
+ columns: ["tenantId", "targetType", "targetId"]
4089
+ },
4090
+ {
4091
+ kind: "index",
4092
+ name: "by_tenant_resource",
4093
+ columns: ["tenantId", "resourceType", "resourceKey"]
4094
+ },
4095
+ {
4096
+ kind: "index",
4097
+ name: "by_tenant_role",
4098
+ columns: ["tenantId", "role", "status"]
4099
+ },
4100
+ { kind: "index", name: "by_status", columns: ["status"] },
4101
+ {
4102
+ kind: "index",
4103
+ name: "by_workspace_resource",
4104
+ columns: ["workspaceId", "resourceType", "resourceKey"]
4105
+ }
4106
+ ]
4107
+ });
4108
+ var permitRelationshipTuples = defineTable({
4109
+ name: "permitRelationshipTuples",
4110
+ component: "control-plane",
4111
+ category: "access-control",
4112
+ shape: z.object({
4113
+ tenantId: z.string(),
4114
+ workspaceId: z.optional(z.string()),
4115
+ relation: z.string(),
4116
+ subject: z.string(),
4117
+ object: z.string(),
4118
+ resourceType: z.string().optional(),
4119
+ resourceKey: z.string().optional(),
4120
+ status: permitRecordStatus,
4121
+ attributes: z.record(z.any()).optional(),
4122
+ createdBy: z.string(),
4123
+ createdAt: z.number(),
4124
+ updatedAt: z.number(),
4125
+ lastSeenAt: z.number().optional(),
4126
+ updatedBy: z.string().optional()
4127
+ }),
4128
+ indices: [
4129
+ { kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
4130
+ { kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
4131
+ { kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
4132
+ {
4133
+ kind: "index",
4134
+ name: "by_tenant_relation_subject",
4135
+ columns: ["tenantId", "relation", "subject"]
4136
+ },
4137
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4138
+ ]
4139
+ });
4140
+ var permitAttributeBindings = defineTable({
4141
+ name: "permitAttributeBindings",
4142
+ component: "control-plane",
4143
+ category: "access-control",
4144
+ shape: z.object({
4145
+ tenantId: z.string(),
4146
+ workspaceId: z.optional(z.string()),
4147
+ targetType: permitRoleBindingTarget,
4148
+ targetId: z.string(),
4149
+ attributeName: z.string(),
4150
+ attributeType: permitAttributeType,
4151
+ attributeOperator: permitAttributeOperator,
4152
+ attributeValue: z.any(),
4153
+ status: permitRecordStatus,
4154
+ source: z.string().optional(),
4155
+ sourceRef: z.string().optional(),
4156
+ metadata: z.record(z.any()).optional(),
4157
+ createdAt: z.number(),
4158
+ updatedAt: z.number(),
4159
+ createdBy: z.string(),
4160
+ updatedBy: z.string().optional(),
4161
+ expiresAt: z.number().optional()
4162
+ }),
4163
+ indices: [
4164
+ {
4165
+ kind: "index",
4166
+ name: "by_tenant_target",
4167
+ columns: ["tenantId", "targetType", "targetId"]
4168
+ },
4169
+ {
4170
+ kind: "index",
4171
+ name: "by_tenant_target_attribute",
4172
+ columns: ["tenantId", "targetType", "targetId", "attributeName"]
4173
+ },
4174
+ {
4175
+ kind: "index",
4176
+ name: "by_tenant_name",
4177
+ columns: ["tenantId", "attributeName"]
4178
+ },
4179
+ {
4180
+ kind: "index",
4181
+ name: "by_tenant_status",
4182
+ columns: ["tenantId", "status"]
4183
+ }
4184
+ ]
4185
+ });
4186
+ var permitPolicyBundles = defineTable({
4187
+ name: "permitPolicyBundles",
4188
+ component: "control-plane",
4189
+ category: "access-control",
4190
+ shape: z.object({
4191
+ tenantId: z.string(),
4192
+ workspaceId: z.optional(z.string()),
4193
+ bundleKey: z.string(),
4194
+ version: z.number(),
4195
+ status: permitPolicyBundleStatus,
4196
+ policyHash: z.string().optional(),
4197
+ policyPayload: z.record(z.any()),
4198
+ metadata: z.record(z.any()).optional(),
4199
+ createdBy: z.string(),
4200
+ reviewedBy: z.string().optional(),
4201
+ createdAt: z.number(),
4202
+ updatedAt: z.number(),
4203
+ retiredAt: z.number().optional()
4204
+ }),
4205
+ indices: [
4206
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4207
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4208
+ {
4209
+ kind: "index",
4210
+ name: "by_tenant_bundleKey",
4211
+ columns: ["tenantId", "bundleKey"]
4212
+ },
4213
+ {
4214
+ kind: "index",
4215
+ name: "by_tenant_bundle_version",
4216
+ columns: ["tenantId", "bundleKey", "version"]
4217
+ },
4218
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
4219
+ ]
4220
+ });
4221
+ var permitProjectionOutbox = defineTable({
4222
+ name: "permitProjectionOutbox",
4223
+ component: "control-plane",
4224
+ category: "access-control",
4225
+ shape: z.object({
4226
+ syncKey: z.string(),
4227
+ objectType: permitObjectType,
4228
+ objectId: z.string(),
4229
+ operation: permitOutboxOperation,
4230
+ payload: z.record(z.any()),
4231
+ status: permitRecordStatus,
4232
+ attemptCount: z.number(),
4233
+ nextAttemptAt: z.number().optional(),
4234
+ lastError: z.string().optional(),
4235
+ tenantId: z.string().optional(),
4236
+ workspaceId: z.optional(z.string()),
4237
+ principalId: z.string().optional(),
4238
+ permitTenantKey: z.string().optional(),
4239
+ permitResourceType: z.string().optional(),
4240
+ permitResourceKey: z.string().optional(),
4241
+ createdAt: z.number(),
4242
+ updatedAt: z.number(),
4243
+ lastHandledAt: z.number().optional()
4244
+ }),
4245
+ indices: [
4246
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4247
+ { kind: "index", name: "by_status", columns: ["status"] },
4248
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4249
+ {
4250
+ kind: "index",
4251
+ name: "by_tenant_status",
4252
+ columns: ["tenantId", "status"]
4253
+ },
4254
+ {
4255
+ kind: "index",
4256
+ name: "by_objectType",
4257
+ columns: ["objectType", "status"]
4258
+ }
4259
+ ]
4260
+ });
4261
+ var tenantPermitSyncStates = defineTable({
4262
+ name: "tenantPermitSyncStates",
4263
+ component: "control-plane",
4264
+ category: "access-control",
4265
+ shape: z.object({
4266
+ syncKey: z.string(),
4267
+ objectType: permitObjectType,
4268
+ objectId: z.string(),
4269
+ tenantId: z.string().optional(),
4270
+ workspaceId: z.string().optional(),
4271
+ principalId: z.string().optional(),
4272
+ permitTenantKey: z.string().optional(),
4273
+ permitResourceType: z.string().optional(),
4274
+ permitResourceKey: z.string().optional(),
4275
+ desiredPayload: z.record(z.any()),
4276
+ lastAppliedPayloadHash: z.string().optional(),
4277
+ status: permitSyncStatus,
4278
+ attemptCount: z.number(),
4279
+ lastError: z.string().optional(),
4280
+ nextAttemptAt: z.number().optional(),
4281
+ lastSyncedAt: z.number().optional(),
4282
+ createdBy: z.string(),
4283
+ updatedBy: z.string().optional(),
4284
+ createdAt: z.number(),
4285
+ updatedAt: z.number()
4286
+ }),
4287
+ indices: [
4288
+ { kind: "index", name: "by_syncKey", columns: ["syncKey"] },
4289
+ { kind: "index", name: "by_status", columns: ["status"] },
4290
+ {
4291
+ kind: "index",
4292
+ name: "by_tenant_status",
4293
+ columns: ["tenantId", "status"]
4294
+ },
4295
+ {
4296
+ kind: "index",
4297
+ name: "by_workspace_status",
4298
+ columns: ["workspaceId", "status"]
4299
+ },
4300
+ {
4301
+ kind: "index",
4302
+ name: "by_principal_status",
4303
+ columns: ["principalId", "status"]
4304
+ }
4305
+ ]
4306
+ });
4307
+ var permitPolicyDecisionReceipts = defineTable({
4308
+ name: "permitPolicyDecisionReceipts",
4309
+ component: "control-plane",
4310
+ category: "access-control",
4311
+ shape: z.object({
4312
+ tenantId: z.string().optional(),
4313
+ workspaceId: z.string().optional(),
4314
+ principalId: z.string(),
4315
+ subjectType: permitAccessReviewSubjectType.optional(),
4316
+ subjectId: z.string().optional(),
4317
+ resourceType: z.string(),
4318
+ resourceId: z.string(),
4319
+ action: z.string(),
4320
+ decision: permitDecision,
4321
+ reasonCode: z.string(),
4322
+ policyBundleId: z.string().optional(),
4323
+ policyVersion: z.string(),
4324
+ traceId: z.string().optional(),
4325
+ requestId: z.string().optional(),
4326
+ audienceMode: z.string().optional(),
4327
+ audienceKey: z.string().optional(),
4328
+ audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
4329
+ metadata: z.record(z.any()).optional(),
4330
+ createdAt: z.number(),
4331
+ expiresAt: z.number().optional(),
4332
+ createdBy: z.string().optional()
4333
+ }),
4334
+ indices: [
4335
+ { kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
4336
+ { kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
4337
+ { kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
4338
+ { kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
4339
+ { kind: "index", name: "by_traceId", columns: ["traceId"] },
4340
+ { kind: "index", name: "by_action", columns: ["action"] }
4341
+ ]
4342
+ });
4343
+ var permitAccessReviews = defineTable({
4344
+ name: "permitAccessReviews",
4345
+ component: "control-plane",
4346
+ category: "access-control",
4347
+ shape: z.object({
4348
+ tenantId: z.string(),
4349
+ workspaceId: z.optional(z.string()),
4350
+ reviewKey: z.string(),
4351
+ scope: permitReviewScope,
4352
+ status: permitAccessReviewStatus,
4353
+ subjectType: permitAccessReviewSubjectType,
4354
+ subjectId: z.string(),
4355
+ resourceType: z.string().optional(),
4356
+ resourceKey: z.string().optional(),
4357
+ outcome: z.enum(["allow", "deny"]).optional(),
4358
+ requestedBy: z.string(),
4359
+ reviewedBy: z.string().optional(),
4360
+ requestedAt: z.number(),
4361
+ reviewedAt: z.number().optional(),
4362
+ dueAt: z.number().optional(),
4363
+ justification: z.string().optional(),
4364
+ rationale: z.string().optional(),
4365
+ policyBundleId: z.string().optional(),
4366
+ metadata: z.record(z.any()).optional(),
4367
+ createdAt: z.number(),
4368
+ updatedAt: z.number()
4369
+ }),
4370
+ indices: [
4371
+ { kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
4372
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4373
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4374
+ {
4375
+ kind: "index",
4376
+ name: "by_tenant_subject",
4377
+ columns: ["tenantId", "subjectType", "subjectId"]
4378
+ },
4379
+ { kind: "index", name: "by_outcome", columns: ["outcome"] },
4380
+ {
4381
+ kind: "index",
4382
+ name: "by_workspace_status",
4383
+ columns: ["workspaceId", "status"]
4384
+ }
4385
+ ]
4386
+ });
4387
+ var permitAccessReviewItems = defineTable({
4388
+ name: "permitAccessReviewItems",
4389
+ component: "control-plane",
4390
+ category: "access-control",
4391
+ shape: z.object({
4392
+ reviewKey: z.string(),
4393
+ itemKey: z.string(),
4394
+ tenantId: z.string(),
4395
+ workspaceId: z.string().optional(),
4396
+ subjectType: permitAccessReviewSubjectType,
4397
+ subjectId: z.string(),
4398
+ resourceType: z.string().optional(),
4399
+ resourceKey: z.string().optional(),
4400
+ role: z.string().optional(),
4401
+ relation: z.string().optional(),
4402
+ status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
4403
+ reviewerId: z.string().optional(),
4404
+ decisionAt: z.number().optional(),
4405
+ rationale: z.string().optional(),
4406
+ metadata: z.record(z.any()).optional(),
4407
+ createdAt: z.number(),
4408
+ updatedAt: z.number()
4409
+ }),
4410
+ indices: [
4411
+ { kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
4412
+ { kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
4413
+ { kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
4414
+ { kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
4415
+ { kind: "index", name: "by_status", columns: ["status"] }
4416
+ ]
4417
+ });
3485
4418
  var reasoningPermissions = defineTable({
3486
4419
  name: "reasoningPermissions",
3487
- component: "identity",
4420
+ component: "control-plane",
3488
4421
  category: "epistemic",
3489
4422
  shape: z.object({
3490
4423
  "topicId": z.string().optional(),
@@ -3719,6 +4652,7 @@ var topics = defineTable({
3719
4652
  "updatedAt": z.number()
3720
4653
  }),
3721
4654
  indices: [
4655
+ { kind: "index", name: "by_globalId", columns: ["globalId"] },
3722
4656
  { kind: "index", name: "by_parent", columns: ["parentTopicId"] },
3723
4657
  { kind: "index", name: "by_type", columns: ["type"] },
3724
4658
  { kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
@@ -3730,7 +4664,7 @@ var topics = defineTable({
3730
4664
  });
3731
4665
  var users = defineTable({
3732
4666
  name: "users",
3733
- component: "identity",
4667
+ component: "control-plane",
3734
4668
  category: "user",
3735
4669
  shape: z.object({
3736
4670
  "clerkId": z.string(),
@@ -3844,7 +4778,6 @@ var workspaces = defineTable({
3844
4778
  "deployments": z.record(z.object({
3845
4779
  "url": z.string(),
3846
4780
  "target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
3847
- "encryptedDeployKey": z.string().optional(),
3848
4781
  "credentialRef": z.string().optional()
3849
4782
  })).optional(),
3850
4783
  "metadata": z.record(z.any()).optional(),
@@ -3859,6 +4792,39 @@ var workspaces = defineTable({
3859
4792
  { kind: "index", name: "by_status", columns: ["status"] }
3860
4793
  ]
3861
4794
  });
4795
+ var deploymentHosts = defineTable({
4796
+ name: "deploymentHosts",
4797
+ component: "mc",
4798
+ category: "workspace",
4799
+ shape: z.object({
4800
+ "host": z.string(),
4801
+ "tenantId": idOf("tenants"),
4802
+ "workspaceId": idOf("workspaces"),
4803
+ "environment": z.enum(["dev", "staging", "prod"]),
4804
+ "target": z.enum(["kernelDeployment", "appDeployment"]),
4805
+ "deploymentUrl": z.string().optional(),
4806
+ "deploymentName": z.string().optional(),
4807
+ "vercelProjectName": z.string().optional(),
4808
+ "vercelProjectId": z.string().optional(),
4809
+ "vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
4810
+ "source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
4811
+ "status": z.enum(["active", "revoked"]),
4812
+ "metadata": z.record(z.any()).optional(),
4813
+ "createdBy": z.string(),
4814
+ "createdAt": z.number(),
4815
+ "updatedAt": z.number(),
4816
+ "revokedAt": z.number().optional(),
4817
+ "revokedBy": z.string().optional()
4818
+ }),
4819
+ indices: [
4820
+ { kind: "index", name: "by_host", columns: ["host"] },
4821
+ { kind: "index", name: "by_tenantId", columns: ["tenantId"] },
4822
+ { kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
4823
+ { kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
4824
+ { kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
4825
+ { kind: "index", name: "by_status", columns: ["status"] }
4826
+ ]
4827
+ });
3862
4828
  var worktreeBeliefCluster = defineTable({
3863
4829
  name: "worktreeBeliefCluster",
3864
4830
  component: "kernel",
@@ -4177,6 +5143,7 @@ var KERNEL_TABLE_CONTRACTS = [
4177
5143
  decisionParticipants,
4178
5144
  decisionRiskLedger,
4179
5145
  decisionSnapshots,
5146
+ domainEvents,
4180
5147
  deliberationContributions,
4181
5148
  deliberationSessions,
4182
5149
  stakeholderGroups,
@@ -4223,9 +5190,23 @@ var KERNEL_TABLE_CONTRACTS = [
4223
5190
  worktreeBeliefCluster,
4224
5191
  worktrees
4225
5192
  ];
4226
- var IDENTITY_TABLE_CONTRACTS = [
5193
+ var CONTROL_PLANE_TABLE_CONTRACTS = [
4227
5194
  agents,
4228
5195
  reasoningPermissions,
5196
+ permitAccessReviewItems,
5197
+ permitAccessReviews,
5198
+ permitAttributeBindings,
5199
+ permitGroups,
5200
+ permitGroupMemberships,
5201
+ permitPolicyBundles,
5202
+ permitPolicyDecisionReceipts,
5203
+ permitPrincipalAliases,
5204
+ permitPrincipals,
5205
+ permitProjectionOutbox,
5206
+ permitRelationshipTuples,
5207
+ permitResourceInstances,
5208
+ permitRoleAssignments,
5209
+ tenantPermitSyncStates,
4229
5210
  modelCallLogs,
4230
5211
  modelFunctionSlots,
4231
5212
  modelRegistry,
@@ -4255,6 +5236,7 @@ var MC_TABLE_CONTRACTS = [
4255
5236
  memberships,
4256
5237
  oauthDeviceCodes,
4257
5238
  principals,
5239
+ principalIdentityAliases,
4258
5240
  rateLimitWindows,
4259
5241
  servicePrincipalKeys,
4260
5242
  userSessions,
@@ -4270,29 +5252,33 @@ var MC_TABLE_CONTRACTS = [
4270
5252
  policyDecisionLogs,
4271
5253
  policySimulations,
4272
5254
  controlPlaneToolAcls,
5255
+ permitSyncStates,
4273
5256
  agentRegistryEntries,
4274
5257
  toolCatalog,
4275
5258
  toolRegistryEntries,
4276
5259
  compatibilityShims,
4277
5260
  cutoverFlags,
4278
5261
  tenantDeploymentCredentials,
5262
+ secretSyncDriftReports,
4279
5263
  controlPlaneTenantModelSlotBindings,
4280
5264
  controlPlaneTenantProviderSecrets,
4281
5265
  controlPlaneTenantProxyGatewayUsage,
5266
+ controlPlaneTenantProxyTokenLeases,
4282
5267
  apiKeys,
4283
5268
  auditLog,
4284
5269
  tenants,
4285
- workspaces
5270
+ workspaces,
5271
+ deploymentHosts
4286
5272
  ];
4287
5273
  var TABLE_CONTRACTS_BY_COMPONENT = {
4288
5274
  kernel: KERNEL_TABLE_CONTRACTS,
4289
- identity: IDENTITY_TABLE_CONTRACTS,
5275
+ "control-plane": CONTROL_PLANE_TABLE_CONTRACTS,
4290
5276
  mc: MC_TABLE_CONTRACTS,
4291
5277
  "developer-pack": []
4292
5278
  };
4293
5279
  var ALL_TABLE_CONTRACTS = [
4294
5280
  ...KERNEL_TABLE_CONTRACTS,
4295
- ...IDENTITY_TABLE_CONTRACTS,
5281
+ ...CONTROL_PLANE_TABLE_CONTRACTS,
4296
5282
  ...MC_TABLE_CONTRACTS
4297
5283
  ];
4298
5284
  function listTableContractsByName(name) {
@@ -4304,6 +5290,6 @@ function getTableContract(name, component) {
4304
5290
  );
4305
5291
  }
4306
5292
 
4307
- export { ALL_TABLE_CONTRACTS, IDENTITY_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, TABLE_CONTRACTS_BY_COMPONENT, getTableContract, listTableContractsByName };
5293
+ export { ALL_TABLE_CONTRACTS, CONTROL_PLANE_TABLE_CONTRACTS, KERNEL_TABLE_CONTRACTS, MC_TABLE_CONTRACTS, TABLE_CONTRACTS_BY_COMPONENT, getTableContract, listTableContractsByName };
4308
5294
  //# sourceMappingURL=manifest.js.map
4309
5295
  //# sourceMappingURL=manifest.js.map