@lucern/events 0.3.0-alpha.10 → 0.3.0-alpha.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +2261 -251
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +2261 -251
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +2261 -251
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +2261 -251
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -26,6 +26,20 @@ function matchesAnyEventPattern(eventType, patterns) {
|
|
|
26
26
|
return patterns.some((pattern) => matchesEventPattern(eventType, pattern));
|
|
27
27
|
}
|
|
28
28
|
|
|
29
|
+
// ../contracts/src/types/reasoning-method.ts
|
|
30
|
+
var REASONING_METHODS = [
|
|
31
|
+
"deductive",
|
|
32
|
+
"inductive",
|
|
33
|
+
"abductive",
|
|
34
|
+
"analogical",
|
|
35
|
+
"causal",
|
|
36
|
+
"correlational",
|
|
37
|
+
"testimonial",
|
|
38
|
+
"statistical",
|
|
39
|
+
"implicit",
|
|
40
|
+
"pattern_match"
|
|
41
|
+
];
|
|
42
|
+
|
|
29
43
|
// ../contracts/src/graph-intelligence.contract.ts
|
|
30
44
|
var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
|
|
31
45
|
core: [
|
|
@@ -847,7 +861,7 @@ defineTable({
|
|
|
847
861
|
});
|
|
848
862
|
defineTable({
|
|
849
863
|
name: "agents",
|
|
850
|
-
component: "
|
|
864
|
+
component: "control-plane",
|
|
851
865
|
category: "agent",
|
|
852
866
|
shape: z.object({
|
|
853
867
|
"slug": z.string(),
|
|
@@ -878,6 +892,7 @@ defineTable({
|
|
|
878
892
|
category: "tenant",
|
|
879
893
|
shape: z.object({
|
|
880
894
|
"tenantId": idOf("tenants"),
|
|
895
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
881
896
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
882
897
|
"keyHash": z.string(),
|
|
883
898
|
"keyHint": z.string(),
|
|
@@ -905,7 +920,7 @@ defineTable({
|
|
|
905
920
|
shape: z.object({
|
|
906
921
|
"tenantId": idOf("tenants").optional(),
|
|
907
922
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
908
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
923
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
909
924
|
"actorClerkId": z.string(),
|
|
910
925
|
"details": z.any().optional(),
|
|
911
926
|
"createdAt": z.number()
|
|
@@ -1784,29 +1799,37 @@ defineTable({
|
|
|
1784
1799
|
component: "mc",
|
|
1785
1800
|
category: "runtime",
|
|
1786
1801
|
shape: z.object({
|
|
1787
|
-
|
|
1788
|
-
|
|
1789
|
-
|
|
1790
|
-
|
|
1791
|
-
|
|
1792
|
-
|
|
1793
|
-
|
|
1794
|
-
|
|
1795
|
-
|
|
1796
|
-
|
|
1797
|
-
|
|
1798
|
-
|
|
1799
|
-
|
|
1802
|
+
shimId: z.string(),
|
|
1803
|
+
gateId: z.string(),
|
|
1804
|
+
removalDate: z.string(),
|
|
1805
|
+
removalPriority: z.enum(["P1", "P2", "P3"]),
|
|
1806
|
+
description: z.string(),
|
|
1807
|
+
owner: z.string(),
|
|
1808
|
+
createdAt: z.string(),
|
|
1809
|
+
status: z.enum(["active", "overdue", "removed"]),
|
|
1810
|
+
bridgeType: z.enum(["tool", "agent"]),
|
|
1811
|
+
bridgeTarget: z.object({
|
|
1812
|
+
type: z.enum(["tool", "agent"]),
|
|
1813
|
+
legacyPath: z.string(),
|
|
1814
|
+
harnessPath: z.string()
|
|
1800
1815
|
}),
|
|
1801
|
-
|
|
1802
|
-
|
|
1803
|
-
|
|
1804
|
-
|
|
1816
|
+
shimBehavior: z.enum([
|
|
1817
|
+
"passthrough_with_logging",
|
|
1818
|
+
"adapter",
|
|
1819
|
+
"feature_flag_gate"
|
|
1820
|
+
]),
|
|
1821
|
+
producesLedgerEntries: z.boolean(),
|
|
1822
|
+
lastAuditedAt: z.number(),
|
|
1823
|
+
metadata: z.record(z.any()).optional()
|
|
1805
1824
|
}),
|
|
1806
1825
|
indices: [
|
|
1807
1826
|
{ kind: "index", name: "by_shimId", columns: ["shimId"] },
|
|
1808
1827
|
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1809
|
-
{
|
|
1828
|
+
{
|
|
1829
|
+
kind: "index",
|
|
1830
|
+
name: "by_bridgeType_status",
|
|
1831
|
+
columns: ["bridgeType", "status"]
|
|
1832
|
+
}
|
|
1810
1833
|
]
|
|
1811
1834
|
});
|
|
1812
1835
|
defineTable({
|
|
@@ -1814,12 +1837,23 @@ defineTable({
|
|
|
1814
1837
|
component: "mc",
|
|
1815
1838
|
category: "runtime",
|
|
1816
1839
|
shape: z.object({
|
|
1817
|
-
|
|
1818
|
-
|
|
1819
|
-
|
|
1820
|
-
|
|
1821
|
-
|
|
1822
|
-
|
|
1840
|
+
domain: z.enum([
|
|
1841
|
+
"graph",
|
|
1842
|
+
"schema",
|
|
1843
|
+
"identity",
|
|
1844
|
+
"policy",
|
|
1845
|
+
"audit",
|
|
1846
|
+
"admin",
|
|
1847
|
+
"agent",
|
|
1848
|
+
"tool",
|
|
1849
|
+
"prompt",
|
|
1850
|
+
"intelligence"
|
|
1851
|
+
]),
|
|
1852
|
+
state: z.enum(["legacy", "cutover", "disabled"]),
|
|
1853
|
+
metadata: z.record(z.any()).optional(),
|
|
1854
|
+
updatedBy: z.string(),
|
|
1855
|
+
createdAt: z.number(),
|
|
1856
|
+
updatedAt: z.number()
|
|
1823
1857
|
}),
|
|
1824
1858
|
indices: [
|
|
1825
1859
|
{ kind: "index", name: "by_domain", columns: ["domain"] },
|
|
@@ -1831,57 +1865,193 @@ defineTable({
|
|
|
1831
1865
|
component: "mc",
|
|
1832
1866
|
category: "runtime",
|
|
1833
1867
|
shape: z.object({
|
|
1834
|
-
|
|
1835
|
-
|
|
1836
|
-
|
|
1837
|
-
|
|
1838
|
-
|
|
1839
|
-
|
|
1840
|
-
|
|
1841
|
-
|
|
1842
|
-
|
|
1843
|
-
|
|
1844
|
-
|
|
1845
|
-
|
|
1846
|
-
|
|
1847
|
-
|
|
1848
|
-
|
|
1849
|
-
|
|
1850
|
-
|
|
1868
|
+
credentialRef: z.string(),
|
|
1869
|
+
tenantId: idOf("tenants"),
|
|
1870
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1871
|
+
target: z.enum(["kernelDeployment", "appDeployment"]),
|
|
1872
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
1873
|
+
encryptedDeployKey: z.string(),
|
|
1874
|
+
encryptionVersion: z.string(),
|
|
1875
|
+
keyFingerprint: z.string(),
|
|
1876
|
+
keyHint: z.string(),
|
|
1877
|
+
status: z.enum(["active", "revoked"]),
|
|
1878
|
+
rotatedFromCredentialRef: z.string().optional(),
|
|
1879
|
+
revokedAt: z.number().optional(),
|
|
1880
|
+
revokedBy: z.string().optional(),
|
|
1881
|
+
lastUsedAt: z.number().optional(),
|
|
1882
|
+
metadata: z.record(z.any()).optional(),
|
|
1883
|
+
createdBy: z.string(),
|
|
1884
|
+
createdAt: z.number(),
|
|
1885
|
+
updatedAt: z.number()
|
|
1851
1886
|
}),
|
|
1852
1887
|
indices: [
|
|
1853
1888
|
{ kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
|
|
1854
1889
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1855
|
-
{ kind: "index", name: "
|
|
1856
|
-
{
|
|
1857
|
-
|
|
1890
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
1891
|
+
{
|
|
1892
|
+
kind: "index",
|
|
1893
|
+
name: "by_tenant_target",
|
|
1894
|
+
columns: ["tenantId", "target"]
|
|
1895
|
+
},
|
|
1896
|
+
{
|
|
1897
|
+
kind: "index",
|
|
1898
|
+
name: "by_tenant_target_environment",
|
|
1899
|
+
columns: ["tenantId", "target", "environment"]
|
|
1900
|
+
},
|
|
1901
|
+
{
|
|
1902
|
+
kind: "index",
|
|
1903
|
+
name: "by_tenant_target_environment_status",
|
|
1904
|
+
columns: ["tenantId", "target", "environment", "status"]
|
|
1905
|
+
},
|
|
1906
|
+
{
|
|
1907
|
+
kind: "index",
|
|
1908
|
+
name: "by_tenant_workspace_target_environment_status",
|
|
1909
|
+
columns: ["tenantId", "workspaceId", "target", "environment", "status"]
|
|
1910
|
+
},
|
|
1858
1911
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1859
1912
|
]
|
|
1860
1913
|
});
|
|
1914
|
+
defineTable({
|
|
1915
|
+
name: "permitSyncStates",
|
|
1916
|
+
component: "mc",
|
|
1917
|
+
category: "runtime",
|
|
1918
|
+
shape: z.object({
|
|
1919
|
+
syncKey: z.string(),
|
|
1920
|
+
objectType: z.enum([
|
|
1921
|
+
"resource",
|
|
1922
|
+
"role",
|
|
1923
|
+
"resource_role",
|
|
1924
|
+
"resource_relation",
|
|
1925
|
+
"tenant",
|
|
1926
|
+
"workspace",
|
|
1927
|
+
"principal",
|
|
1928
|
+
"membership",
|
|
1929
|
+
"group",
|
|
1930
|
+
"resource_instance",
|
|
1931
|
+
"relationship_tuple",
|
|
1932
|
+
"role_assignment"
|
|
1933
|
+
]),
|
|
1934
|
+
objectId: z.string(),
|
|
1935
|
+
tenantId: idOf("tenants").optional(),
|
|
1936
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1937
|
+
principalId: z.string().optional(),
|
|
1938
|
+
permitTenantKey: z.string().optional(),
|
|
1939
|
+
permitResourceType: z.string().optional(),
|
|
1940
|
+
permitResourceKey: z.string().optional(),
|
|
1941
|
+
desiredPayload: z.record(z.any()),
|
|
1942
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
1943
|
+
status: z.enum(["pending", "synced", "error", "skipped"]),
|
|
1944
|
+
attemptCount: z.number(),
|
|
1945
|
+
lastError: z.string().optional(),
|
|
1946
|
+
nextAttemptAt: z.number().optional(),
|
|
1947
|
+
lastSyncedAt: z.number().optional(),
|
|
1948
|
+
createdBy: z.string(),
|
|
1949
|
+
updatedBy: z.string().optional(),
|
|
1950
|
+
createdAt: z.number(),
|
|
1951
|
+
updatedAt: z.number()
|
|
1952
|
+
}),
|
|
1953
|
+
indices: [
|
|
1954
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
1955
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1956
|
+
{
|
|
1957
|
+
kind: "index",
|
|
1958
|
+
name: "by_tenant_status",
|
|
1959
|
+
columns: ["tenantId", "status"]
|
|
1960
|
+
},
|
|
1961
|
+
{
|
|
1962
|
+
kind: "index",
|
|
1963
|
+
name: "by_workspace_status",
|
|
1964
|
+
columns: ["workspaceId", "status"]
|
|
1965
|
+
},
|
|
1966
|
+
{
|
|
1967
|
+
kind: "index",
|
|
1968
|
+
name: "by_principal_status",
|
|
1969
|
+
columns: ["principalId", "status"]
|
|
1970
|
+
}
|
|
1971
|
+
]
|
|
1972
|
+
});
|
|
1973
|
+
defineTable({
|
|
1974
|
+
name: "secretSyncDriftReports",
|
|
1975
|
+
component: "mc",
|
|
1976
|
+
category: "runtime",
|
|
1977
|
+
shape: z.object({
|
|
1978
|
+
reportId: z.string(),
|
|
1979
|
+
source: z.enum(["infisical_manifest", "manual", "ci"]),
|
|
1980
|
+
generatedAt: z.number(),
|
|
1981
|
+
recordedAt: z.number(),
|
|
1982
|
+
recordedBy: z.string(),
|
|
1983
|
+
status: z.enum([
|
|
1984
|
+
"in_sync",
|
|
1985
|
+
"drift",
|
|
1986
|
+
"exception",
|
|
1987
|
+
"blocked",
|
|
1988
|
+
"not_observed"
|
|
1989
|
+
]),
|
|
1990
|
+
reportHash: z.string(),
|
|
1991
|
+
manifestHash: z.string().optional(),
|
|
1992
|
+
dryRunReceiptId: z.string().optional(),
|
|
1993
|
+
appliedReceiptId: z.string().optional(),
|
|
1994
|
+
summary: z.object({
|
|
1995
|
+
totalPipelines: z.number(),
|
|
1996
|
+
inSync: z.number(),
|
|
1997
|
+
drift: z.number(),
|
|
1998
|
+
exception: z.number(),
|
|
1999
|
+
blocked: z.number(),
|
|
2000
|
+
notObserved: z.number(),
|
|
2001
|
+
missingKeys: z.number(),
|
|
2002
|
+
valueDriftKeys: z.number(),
|
|
2003
|
+
extraKeys: z.number(),
|
|
2004
|
+
deniedConvexLeakage: z.number(),
|
|
2005
|
+
approvedExceptions: z.number()
|
|
2006
|
+
}),
|
|
2007
|
+
redactedReport: z.record(z.any()),
|
|
2008
|
+
metadata: z.record(z.any()).optional()
|
|
2009
|
+
}),
|
|
2010
|
+
indices: [
|
|
2011
|
+
{ kind: "index", name: "by_reportId", columns: ["reportId"] },
|
|
2012
|
+
{ kind: "index", name: "by_reportHash", columns: ["reportHash"] },
|
|
2013
|
+
{ kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
|
|
2014
|
+
{
|
|
2015
|
+
kind: "index",
|
|
2016
|
+
name: "by_status_generatedAt",
|
|
2017
|
+
columns: ["status", "generatedAt"]
|
|
2018
|
+
}
|
|
2019
|
+
]
|
|
2020
|
+
});
|
|
1861
2021
|
defineTable({
|
|
1862
2022
|
name: "controlPlaneTenantModelSlotBindings",
|
|
1863
2023
|
component: "mc",
|
|
1864
2024
|
category: "runtime",
|
|
1865
2025
|
shape: z.object({
|
|
1866
|
-
|
|
1867
|
-
|
|
1868
|
-
"
|
|
1869
|
-
|
|
1870
|
-
|
|
1871
|
-
|
|
1872
|
-
|
|
1873
|
-
|
|
1874
|
-
|
|
1875
|
-
|
|
1876
|
-
|
|
1877
|
-
|
|
1878
|
-
|
|
2026
|
+
bindingId: z.string(),
|
|
2027
|
+
tenantId: idOf("tenants"),
|
|
2028
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2029
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2030
|
+
providerId: z.string(),
|
|
2031
|
+
modelSlotId: z.string(),
|
|
2032
|
+
secretRef: z.string(),
|
|
2033
|
+
status: z.enum(["active", "revoked"]),
|
|
2034
|
+
passThroughOnly: z.boolean(),
|
|
2035
|
+
revokedAt: z.number().optional(),
|
|
2036
|
+
revokedBy: z.string().optional(),
|
|
2037
|
+
metadata: z.record(z.any()).optional(),
|
|
2038
|
+
createdBy: z.string(),
|
|
2039
|
+
createdAt: z.number(),
|
|
2040
|
+
updatedAt: z.number()
|
|
1879
2041
|
}),
|
|
1880
2042
|
indices: [
|
|
1881
2043
|
{ kind: "index", name: "by_bindingId", columns: ["bindingId"] },
|
|
1882
2044
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1883
|
-
{
|
|
1884
|
-
|
|
2045
|
+
{
|
|
2046
|
+
kind: "index",
|
|
2047
|
+
name: "by_tenant_slot",
|
|
2048
|
+
columns: ["tenantId", "modelSlotId"]
|
|
2049
|
+
},
|
|
2050
|
+
{
|
|
2051
|
+
kind: "index",
|
|
2052
|
+
name: "by_tenant_provider_slot",
|
|
2053
|
+
columns: ["tenantId", "providerId", "modelSlotId"]
|
|
2054
|
+
},
|
|
1885
2055
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1886
2056
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1887
2057
|
]
|
|
@@ -1891,29 +2061,42 @@ defineTable({
|
|
|
1891
2061
|
component: "mc",
|
|
1892
2062
|
category: "runtime",
|
|
1893
2063
|
shape: z.object({
|
|
1894
|
-
|
|
1895
|
-
|
|
1896
|
-
"
|
|
1897
|
-
|
|
1898
|
-
|
|
1899
|
-
|
|
1900
|
-
|
|
1901
|
-
|
|
1902
|
-
|
|
1903
|
-
|
|
1904
|
-
|
|
1905
|
-
|
|
1906
|
-
|
|
1907
|
-
|
|
1908
|
-
|
|
1909
|
-
|
|
1910
|
-
|
|
2064
|
+
secretRef: z.string(),
|
|
2065
|
+
tenantId: idOf("tenants"),
|
|
2066
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2067
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2068
|
+
providerId: z.string(),
|
|
2069
|
+
label: z.string().optional(),
|
|
2070
|
+
encryptedSecret: z.string().optional(),
|
|
2071
|
+
infisicalPath: z.string().optional(),
|
|
2072
|
+
infisicalSecretKey: z.string().optional(),
|
|
2073
|
+
infisicalProjectId: z.string().optional(),
|
|
2074
|
+
encryptionVersion: z.string(),
|
|
2075
|
+
secretFingerprint: z.string(),
|
|
2076
|
+
keyHint: z.string(),
|
|
2077
|
+
status: z.enum(["active", "revoked"]),
|
|
2078
|
+
rotatedFromSecretRef: z.string().optional(),
|
|
2079
|
+
revokedAt: z.number().optional(),
|
|
2080
|
+
revokedBy: z.string().optional(),
|
|
2081
|
+
lastUsedAt: z.number().optional(),
|
|
2082
|
+
metadata: z.record(z.any()).optional(),
|
|
2083
|
+
createdBy: z.string(),
|
|
2084
|
+
createdAt: z.number(),
|
|
2085
|
+
updatedAt: z.number()
|
|
1911
2086
|
}),
|
|
1912
2087
|
indices: [
|
|
1913
2088
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1914
2089
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1915
|
-
{
|
|
1916
|
-
|
|
2090
|
+
{
|
|
2091
|
+
kind: "index",
|
|
2092
|
+
name: "by_tenant_provider",
|
|
2093
|
+
columns: ["tenantId", "providerId"]
|
|
2094
|
+
},
|
|
2095
|
+
{
|
|
2096
|
+
kind: "index",
|
|
2097
|
+
name: "by_tenant_provider_status",
|
|
2098
|
+
columns: ["tenantId", "providerId", "status"]
|
|
2099
|
+
},
|
|
1917
2100
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1918
2101
|
]
|
|
1919
2102
|
});
|
|
@@ -1922,35 +2105,93 @@ defineTable({
|
|
|
1922
2105
|
component: "mc",
|
|
1923
2106
|
category: "runtime",
|
|
1924
2107
|
shape: z.object({
|
|
1925
|
-
|
|
1926
|
-
|
|
1927
|
-
|
|
1928
|
-
|
|
1929
|
-
|
|
1930
|
-
|
|
1931
|
-
|
|
1932
|
-
|
|
1933
|
-
|
|
1934
|
-
|
|
1935
|
-
|
|
1936
|
-
|
|
1937
|
-
|
|
1938
|
-
|
|
1939
|
-
|
|
1940
|
-
|
|
1941
|
-
|
|
1942
|
-
|
|
1943
|
-
|
|
1944
|
-
|
|
1945
|
-
|
|
1946
|
-
|
|
2108
|
+
usageId: z.string(),
|
|
2109
|
+
tenantId: idOf("tenants"),
|
|
2110
|
+
providerId: z.string(),
|
|
2111
|
+
modelSlotId: z.string(),
|
|
2112
|
+
secretRef: z.string(),
|
|
2113
|
+
proxyTokenId: z.string(),
|
|
2114
|
+
sessionId: z.string(),
|
|
2115
|
+
principalId: z.string(),
|
|
2116
|
+
workspaceId: z.string().optional(),
|
|
2117
|
+
modelId: z.string().optional(),
|
|
2118
|
+
requestPath: z.string(),
|
|
2119
|
+
status: z.enum(["success", "error"]),
|
|
2120
|
+
responseStatus: z.number().optional(),
|
|
2121
|
+
inputTokens: z.number().optional(),
|
|
2122
|
+
outputTokens: z.number().optional(),
|
|
2123
|
+
tokenCount: z.number().optional(),
|
|
2124
|
+
latencyMs: z.number(),
|
|
2125
|
+
estimatedCostUsd: z.number().optional(),
|
|
2126
|
+
failureCode: z.string().optional(),
|
|
2127
|
+
metadata: z.record(z.any()).optional(),
|
|
2128
|
+
createdAt: z.number(),
|
|
2129
|
+
updatedAt: z.number()
|
|
1947
2130
|
}),
|
|
1948
2131
|
indices: [
|
|
1949
2132
|
{ kind: "index", name: "by_usageId", columns: ["usageId"] },
|
|
1950
2133
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
1951
|
-
{
|
|
1952
|
-
|
|
1953
|
-
|
|
2134
|
+
{
|
|
2135
|
+
kind: "index",
|
|
2136
|
+
name: "by_tenant_provider",
|
|
2137
|
+
columns: ["tenantId", "providerId", "createdAt"]
|
|
2138
|
+
},
|
|
2139
|
+
{
|
|
2140
|
+
kind: "index",
|
|
2141
|
+
name: "by_proxyTokenId",
|
|
2142
|
+
columns: ["proxyTokenId", "createdAt"]
|
|
2143
|
+
},
|
|
2144
|
+
{
|
|
2145
|
+
kind: "index",
|
|
2146
|
+
name: "by_sessionId",
|
|
2147
|
+
columns: ["sessionId", "createdAt"]
|
|
2148
|
+
}
|
|
2149
|
+
]
|
|
2150
|
+
});
|
|
2151
|
+
defineTable({
|
|
2152
|
+
name: "controlPlaneTenantProxyTokenLeases",
|
|
2153
|
+
component: "mc",
|
|
2154
|
+
category: "runtime",
|
|
2155
|
+
shape: z.object({
|
|
2156
|
+
leaseId: z.string(),
|
|
2157
|
+
proxyTokenId: z.string(),
|
|
2158
|
+
tenantId: idOf("tenants"),
|
|
2159
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2160
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
2161
|
+
providerId: z.string(),
|
|
2162
|
+
modelSlotId: z.string(),
|
|
2163
|
+
bindingId: z.string(),
|
|
2164
|
+
secretRef: z.string(),
|
|
2165
|
+
sessionId: z.string(),
|
|
2166
|
+
principalId: z.string(),
|
|
2167
|
+
agentSessionId: z.string().optional(),
|
|
2168
|
+
status: z.enum(["active", "revoked"]),
|
|
2169
|
+
expiresAt: z.number(),
|
|
2170
|
+
renewedAt: z.number().optional(),
|
|
2171
|
+
revokedAt: z.number().optional(),
|
|
2172
|
+
revokedBy: z.string().optional(),
|
|
2173
|
+
revokeReason: z.string().optional(),
|
|
2174
|
+
permitDecisionLogId: idOf("policyDecisionLogs").optional(),
|
|
2175
|
+
permitTraceId: z.string().optional(),
|
|
2176
|
+
metadata: z.record(z.any()).optional(),
|
|
2177
|
+
createdAt: z.number(),
|
|
2178
|
+
updatedAt: z.number()
|
|
2179
|
+
}),
|
|
2180
|
+
indices: [
|
|
2181
|
+
{ kind: "index", name: "by_leaseId", columns: ["leaseId"] },
|
|
2182
|
+
{ kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
|
|
2183
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2184
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
|
|
2185
|
+
{
|
|
2186
|
+
kind: "index",
|
|
2187
|
+
name: "by_principalId",
|
|
2188
|
+
columns: ["principalId", "createdAt"]
|
|
2189
|
+
},
|
|
2190
|
+
{
|
|
2191
|
+
kind: "index",
|
|
2192
|
+
name: "by_status_expiresAt",
|
|
2193
|
+
columns: ["status", "expiresAt"]
|
|
2194
|
+
}
|
|
1954
2195
|
]
|
|
1955
2196
|
});
|
|
1956
2197
|
defineTable({
|
|
@@ -2283,6 +2524,7 @@ defineTable({
|
|
|
2283
2524
|
"questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
|
|
2284
2525
|
"questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
|
|
2285
2526
|
"answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
|
|
2527
|
+
"themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
|
|
2286
2528
|
"themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
|
|
2287
2529
|
"decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
|
|
2288
2530
|
"decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
|
|
@@ -2433,6 +2675,7 @@ defineTable({
|
|
|
2433
2675
|
indices: [
|
|
2434
2676
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2435
2677
|
{ kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
|
|
2678
|
+
{ kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
|
|
2436
2679
|
{ kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
|
|
2437
2680
|
{ kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
|
|
2438
2681
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
@@ -2464,6 +2707,36 @@ defineTable({
|
|
|
2464
2707
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2465
2708
|
]
|
|
2466
2709
|
});
|
|
2710
|
+
defineTable({
|
|
2711
|
+
name: "principalIdentityAliases",
|
|
2712
|
+
component: "mc",
|
|
2713
|
+
category: "identity",
|
|
2714
|
+
shape: z.object({
|
|
2715
|
+
"principalId": z.string(),
|
|
2716
|
+
"principalRefId": idOf("principals").optional(),
|
|
2717
|
+
"provider": z.string(),
|
|
2718
|
+
"providerProjectId": z.string().optional(),
|
|
2719
|
+
"externalSubjectId": z.string(),
|
|
2720
|
+
"tenantId": idOf("tenants").optional(),
|
|
2721
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
2722
|
+
"email": z.string().optional(),
|
|
2723
|
+
"status": z.enum(["active", "revoked"]),
|
|
2724
|
+
"metadata": z.record(z.any()).optional(),
|
|
2725
|
+
"createdBy": z.string(),
|
|
2726
|
+
"revokedAt": z.number().optional(),
|
|
2727
|
+
"revokedBy": z.string().optional(),
|
|
2728
|
+
"createdAt": z.number(),
|
|
2729
|
+
"updatedAt": z.number()
|
|
2730
|
+
}),
|
|
2731
|
+
indices: [
|
|
2732
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
|
|
2733
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
|
|
2734
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2735
|
+
{ kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
|
|
2736
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
|
|
2737
|
+
{ kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
|
|
2738
|
+
]
|
|
2739
|
+
});
|
|
2467
2740
|
defineTable({
|
|
2468
2741
|
name: "rateLimitWindows",
|
|
2469
2742
|
component: "mc",
|
|
@@ -3053,7 +3326,7 @@ defineTable({
|
|
|
3053
3326
|
});
|
|
3054
3327
|
defineTable({
|
|
3055
3328
|
name: "mcpWritePolicy",
|
|
3056
|
-
component: "
|
|
3329
|
+
component: "control-plane",
|
|
3057
3330
|
category: "platform",
|
|
3058
3331
|
shape: z.object({
|
|
3059
3332
|
"topicId": z.string().optional(),
|
|
@@ -3076,7 +3349,7 @@ defineTable({
|
|
|
3076
3349
|
});
|
|
3077
3350
|
defineTable({
|
|
3078
3351
|
name: "platformAudienceGrants",
|
|
3079
|
-
component: "
|
|
3352
|
+
component: "control-plane",
|
|
3080
3353
|
category: "platform",
|
|
3081
3354
|
shape: z.object({
|
|
3082
3355
|
"tenantId": z.string(),
|
|
@@ -3102,7 +3375,7 @@ defineTable({
|
|
|
3102
3375
|
});
|
|
3103
3376
|
defineTable({
|
|
3104
3377
|
name: "platformAudiences",
|
|
3105
|
-
component: "
|
|
3378
|
+
component: "control-plane",
|
|
3106
3379
|
category: "platform",
|
|
3107
3380
|
shape: z.object({
|
|
3108
3381
|
"tenantId": z.string(),
|
|
@@ -3127,7 +3400,7 @@ defineTable({
|
|
|
3127
3400
|
});
|
|
3128
3401
|
defineTable({
|
|
3129
3402
|
name: "platformPolicyDecisionLogs",
|
|
3130
|
-
component: "
|
|
3403
|
+
component: "control-plane",
|
|
3131
3404
|
category: "platform",
|
|
3132
3405
|
shape: z.object({
|
|
3133
3406
|
"principalId": z.string(),
|
|
@@ -3163,7 +3436,7 @@ defineTable({
|
|
|
3163
3436
|
});
|
|
3164
3437
|
defineTable({
|
|
3165
3438
|
name: "tenantApiKeys",
|
|
3166
|
-
component: "
|
|
3439
|
+
component: "control-plane",
|
|
3167
3440
|
category: "platform",
|
|
3168
3441
|
shape: z.object({
|
|
3169
3442
|
"tenantId": z.string(),
|
|
@@ -3190,7 +3463,7 @@ defineTable({
|
|
|
3190
3463
|
});
|
|
3191
3464
|
defineTable({
|
|
3192
3465
|
name: "tenantConfig",
|
|
3193
|
-
component: "
|
|
3466
|
+
component: "control-plane",
|
|
3194
3467
|
category: "platform",
|
|
3195
3468
|
shape: z.object({
|
|
3196
3469
|
"tenantId": z.string(),
|
|
@@ -3209,7 +3482,7 @@ defineTable({
|
|
|
3209
3482
|
});
|
|
3210
3483
|
defineTable({
|
|
3211
3484
|
name: "tenantIntegrations",
|
|
3212
|
-
component: "
|
|
3485
|
+
component: "control-plane",
|
|
3213
3486
|
category: "platform",
|
|
3214
3487
|
shape: z.object({
|
|
3215
3488
|
"tenantId": z.string(),
|
|
@@ -3264,7 +3537,7 @@ defineTable({
|
|
|
3264
3537
|
});
|
|
3265
3538
|
defineTable({
|
|
3266
3539
|
name: "tenantModelSlotBindings",
|
|
3267
|
-
component: "
|
|
3540
|
+
component: "control-plane",
|
|
3268
3541
|
category: "platform",
|
|
3269
3542
|
shape: z.object({
|
|
3270
3543
|
"bindingId": z.string(),
|
|
@@ -3292,7 +3565,7 @@ defineTable({
|
|
|
3292
3565
|
});
|
|
3293
3566
|
defineTable({
|
|
3294
3567
|
name: "tenantPolicies",
|
|
3295
|
-
component: "
|
|
3568
|
+
component: "control-plane",
|
|
3296
3569
|
category: "platform",
|
|
3297
3570
|
shape: z.object({
|
|
3298
3571
|
"tenantId": z.string(),
|
|
@@ -3317,7 +3590,7 @@ defineTable({
|
|
|
3317
3590
|
});
|
|
3318
3591
|
defineTable({
|
|
3319
3592
|
name: "tenantProviderSecrets",
|
|
3320
|
-
component: "
|
|
3593
|
+
component: "control-plane",
|
|
3321
3594
|
category: "platform",
|
|
3322
3595
|
shape: z.object({
|
|
3323
3596
|
"secretRef": z.string(),
|
|
@@ -3348,7 +3621,7 @@ defineTable({
|
|
|
3348
3621
|
});
|
|
3349
3622
|
defineTable({
|
|
3350
3623
|
name: "tenantProxyGatewayUsage",
|
|
3351
|
-
component: "
|
|
3624
|
+
component: "control-plane",
|
|
3352
3625
|
category: "platform",
|
|
3353
3626
|
shape: z.object({
|
|
3354
3627
|
"usageId": z.string(),
|
|
@@ -3383,7 +3656,7 @@ defineTable({
|
|
|
3383
3656
|
});
|
|
3384
3657
|
defineTable({
|
|
3385
3658
|
name: "tenantProxyTokenMints",
|
|
3386
|
-
component: "
|
|
3659
|
+
component: "control-plane",
|
|
3387
3660
|
category: "platform",
|
|
3388
3661
|
shape: z.object({
|
|
3389
3662
|
"proxyTokenId": z.string(),
|
|
@@ -3406,7 +3679,7 @@ defineTable({
|
|
|
3406
3679
|
});
|
|
3407
3680
|
defineTable({
|
|
3408
3681
|
name: "tenantSandboxAuditEvents",
|
|
3409
|
-
component: "
|
|
3682
|
+
component: "control-plane",
|
|
3410
3683
|
category: "platform",
|
|
3411
3684
|
shape: z.object({
|
|
3412
3685
|
"eventId": z.string(),
|
|
@@ -3440,7 +3713,7 @@ defineTable({
|
|
|
3440
3713
|
});
|
|
3441
3714
|
defineTable({
|
|
3442
3715
|
name: "tenantSecrets",
|
|
3443
|
-
component: "
|
|
3716
|
+
component: "control-plane",
|
|
3444
3717
|
category: "platform",
|
|
3445
3718
|
shape: z.object({
|
|
3446
3719
|
"tenantId": z.string(),
|
|
@@ -3462,7 +3735,7 @@ defineTable({
|
|
|
3462
3735
|
});
|
|
3463
3736
|
defineTable({
|
|
3464
3737
|
name: "toolAcls",
|
|
3465
|
-
component: "
|
|
3738
|
+
component: "control-plane",
|
|
3466
3739
|
category: "platform",
|
|
3467
3740
|
shape: z.object({
|
|
3468
3741
|
"role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
|
|
@@ -3477,7 +3750,7 @@ defineTable({
|
|
|
3477
3750
|
});
|
|
3478
3751
|
defineTable({
|
|
3479
3752
|
name: "toolRegistry",
|
|
3480
|
-
component: "
|
|
3753
|
+
component: "control-plane",
|
|
3481
3754
|
category: "platform",
|
|
3482
3755
|
shape: z.object({
|
|
3483
3756
|
"toolName": z.string(),
|
|
@@ -3558,7 +3831,7 @@ defineTable({
|
|
|
3558
3831
|
});
|
|
3559
3832
|
defineTable({
|
|
3560
3833
|
name: "modelCallLogs",
|
|
3561
|
-
component: "
|
|
3834
|
+
component: "control-plane",
|
|
3562
3835
|
category: "model",
|
|
3563
3836
|
shape: z.object({
|
|
3564
3837
|
"slot": z.string(),
|
|
@@ -3584,7 +3857,7 @@ defineTable({
|
|
|
3584
3857
|
});
|
|
3585
3858
|
defineTable({
|
|
3586
3859
|
name: "modelFunctionSlots",
|
|
3587
|
-
component: "
|
|
3860
|
+
component: "control-plane",
|
|
3588
3861
|
category: "model",
|
|
3589
3862
|
shape: z.object({
|
|
3590
3863
|
"slot": z.string(),
|
|
@@ -3609,7 +3882,7 @@ defineTable({
|
|
|
3609
3882
|
});
|
|
3610
3883
|
defineTable({
|
|
3611
3884
|
name: "modelRegistry",
|
|
3612
|
-
component: "
|
|
3885
|
+
component: "control-plane",
|
|
3613
3886
|
category: "model",
|
|
3614
3887
|
shape: z.object({
|
|
3615
3888
|
"key": z.string(),
|
|
@@ -3636,7 +3909,7 @@ defineTable({
|
|
|
3636
3909
|
});
|
|
3637
3910
|
defineTable({
|
|
3638
3911
|
name: "modelSlotConfigs",
|
|
3639
|
-
component: "
|
|
3912
|
+
component: "control-plane",
|
|
3640
3913
|
category: "model",
|
|
3641
3914
|
shape: z.object({
|
|
3642
3915
|
"slot": z.string(),
|
|
@@ -4023,7 +4296,7 @@ defineTable({
|
|
|
4023
4296
|
"workspaceId": idOf("workspaces").optional(),
|
|
4024
4297
|
"resourceType": z.string(),
|
|
4025
4298
|
"resourceId": z.string(),
|
|
4026
|
-
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
|
|
4299
|
+
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
|
|
4027
4300
|
"decision": z.enum(["allow", "deny"]),
|
|
4028
4301
|
"reasonCode": z.string(),
|
|
4029
4302
|
"policyVersion": z.string(),
|
|
@@ -4085,7 +4358,7 @@ defineTable({
|
|
|
4085
4358
|
});
|
|
4086
4359
|
defineTable({
|
|
4087
4360
|
name: "projectGrants",
|
|
4088
|
-
component: "
|
|
4361
|
+
component: "control-plane",
|
|
4089
4362
|
category: "project",
|
|
4090
4363
|
shape: z.object({
|
|
4091
4364
|
"projectId": z.string().optional(),
|
|
@@ -4117,9 +4390,650 @@ defineTable({
|
|
|
4117
4390
|
{ kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
|
|
4118
4391
|
]
|
|
4119
4392
|
});
|
|
4393
|
+
var permitActorType = z.enum([
|
|
4394
|
+
"human",
|
|
4395
|
+
"agent",
|
|
4396
|
+
"service_principal",
|
|
4397
|
+
"external_stakeholder",
|
|
4398
|
+
"system"
|
|
4399
|
+
]);
|
|
4400
|
+
var permitMembershipStatus = z.enum([
|
|
4401
|
+
"active",
|
|
4402
|
+
"invited",
|
|
4403
|
+
"revoked",
|
|
4404
|
+
"suspended",
|
|
4405
|
+
"disabled"
|
|
4406
|
+
]);
|
|
4407
|
+
var permitDecision = z.enum(["allow", "deny"]);
|
|
4408
|
+
var permitAccessReviewStatus = z.enum([
|
|
4409
|
+
"open",
|
|
4410
|
+
"in_progress",
|
|
4411
|
+
"approved",
|
|
4412
|
+
"denied",
|
|
4413
|
+
"expired",
|
|
4414
|
+
"cancelled"
|
|
4415
|
+
]);
|
|
4416
|
+
var permitReviewScope = z.enum([
|
|
4417
|
+
"tenant",
|
|
4418
|
+
"workspace",
|
|
4419
|
+
"resource_instance",
|
|
4420
|
+
"group",
|
|
4421
|
+
"principal",
|
|
4422
|
+
"api_key",
|
|
4423
|
+
"admin_action"
|
|
4424
|
+
]);
|
|
4425
|
+
var permitRecordStatus = z.enum([
|
|
4426
|
+
"queued",
|
|
4427
|
+
"inflight",
|
|
4428
|
+
"completed",
|
|
4429
|
+
"failed",
|
|
4430
|
+
"skipped",
|
|
4431
|
+
"stale"
|
|
4432
|
+
]);
|
|
4433
|
+
var permitObjectType = z.enum([
|
|
4434
|
+
"resource",
|
|
4435
|
+
"role",
|
|
4436
|
+
"resource_role",
|
|
4437
|
+
"resource_relation",
|
|
4438
|
+
"tenant",
|
|
4439
|
+
"workspace",
|
|
4440
|
+
"principal",
|
|
4441
|
+
"membership",
|
|
4442
|
+
"group",
|
|
4443
|
+
"resource_instance",
|
|
4444
|
+
"relationship_tuple",
|
|
4445
|
+
"role_assignment",
|
|
4446
|
+
"attribute_binding",
|
|
4447
|
+
"policy_bundle"
|
|
4448
|
+
]);
|
|
4449
|
+
var permitOutboxOperation = z.enum([
|
|
4450
|
+
"upsert",
|
|
4451
|
+
"delete",
|
|
4452
|
+
"sync",
|
|
4453
|
+
"resync",
|
|
4454
|
+
"delete_sync",
|
|
4455
|
+
"noop"
|
|
4456
|
+
]);
|
|
4457
|
+
var permitPolicyBundleStatus = z.enum([
|
|
4458
|
+
"draft",
|
|
4459
|
+
"validated",
|
|
4460
|
+
"enforced",
|
|
4461
|
+
"archived"
|
|
4462
|
+
]);
|
|
4463
|
+
var permitSyncStatus = z.enum([
|
|
4464
|
+
"pending",
|
|
4465
|
+
"synced",
|
|
4466
|
+
"error",
|
|
4467
|
+
"skipped"
|
|
4468
|
+
]);
|
|
4469
|
+
var permitAccessReviewSubjectType = z.enum([
|
|
4470
|
+
"principal",
|
|
4471
|
+
"group",
|
|
4472
|
+
"role_assignment",
|
|
4473
|
+
"resource_instance"
|
|
4474
|
+
]);
|
|
4475
|
+
var permitAttributeType = z.enum([
|
|
4476
|
+
"string",
|
|
4477
|
+
"number",
|
|
4478
|
+
"bool",
|
|
4479
|
+
"json",
|
|
4480
|
+
"time"
|
|
4481
|
+
]);
|
|
4482
|
+
var permitAttributeOperator = z.enum([
|
|
4483
|
+
"eq",
|
|
4484
|
+
"neq",
|
|
4485
|
+
"in",
|
|
4486
|
+
"not_in",
|
|
4487
|
+
"gt",
|
|
4488
|
+
"gte",
|
|
4489
|
+
"lt",
|
|
4490
|
+
"lte",
|
|
4491
|
+
"contains",
|
|
4492
|
+
"not_contains",
|
|
4493
|
+
"matches"
|
|
4494
|
+
]);
|
|
4495
|
+
var permitRoleBindingTarget = z.enum([
|
|
4496
|
+
"principal",
|
|
4497
|
+
"group"
|
|
4498
|
+
]);
|
|
4499
|
+
defineTable({
|
|
4500
|
+
name: "permitPrincipals",
|
|
4501
|
+
component: "control-plane",
|
|
4502
|
+
category: "access-control",
|
|
4503
|
+
shape: z.object({
|
|
4504
|
+
principalId: z.string(),
|
|
4505
|
+
tenantId: z.string(),
|
|
4506
|
+
workspaceId: z.optional(z.string()),
|
|
4507
|
+
principalType: permitActorType,
|
|
4508
|
+
status: permitMembershipStatus,
|
|
4509
|
+
displayName: z.string().optional(),
|
|
4510
|
+
metadata: z.record(z.any()).optional(),
|
|
4511
|
+
createdBy: z.string(),
|
|
4512
|
+
createdAt: z.number(),
|
|
4513
|
+
updatedAt: z.number(),
|
|
4514
|
+
updatedBy: z.string().optional(),
|
|
4515
|
+
lastSeenAt: z.number().optional()
|
|
4516
|
+
}),
|
|
4517
|
+
indices: [
|
|
4518
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4519
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4520
|
+
{ kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
|
|
4521
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4522
|
+
{
|
|
4523
|
+
kind: "index",
|
|
4524
|
+
name: "by_tenant_principalType_status",
|
|
4525
|
+
columns: ["tenantId", "principalType", "status"]
|
|
4526
|
+
}
|
|
4527
|
+
]
|
|
4528
|
+
});
|
|
4529
|
+
defineTable({
|
|
4530
|
+
name: "permitPrincipalAliases",
|
|
4531
|
+
component: "control-plane",
|
|
4532
|
+
category: "access-control",
|
|
4533
|
+
shape: z.object({
|
|
4534
|
+
principalId: z.string(),
|
|
4535
|
+
tenantId: z.string(),
|
|
4536
|
+
workspaceId: z.optional(z.string()),
|
|
4537
|
+
provider: z.string(),
|
|
4538
|
+
providerSubjectId: z.string(),
|
|
4539
|
+
providerProjectId: z.string().optional(),
|
|
4540
|
+
alias: z.string(),
|
|
4541
|
+
aliasKind: z.string(),
|
|
4542
|
+
status: permitMembershipStatus,
|
|
4543
|
+
metadata: z.record(z.any()).optional(),
|
|
4544
|
+
createdBy: z.string(),
|
|
4545
|
+
createdAt: z.number(),
|
|
4546
|
+
updatedAt: z.number(),
|
|
4547
|
+
revokedBy: z.string().optional(),
|
|
4548
|
+
revokedAt: z.number().optional(),
|
|
4549
|
+
updatedBy: z.string().optional()
|
|
4550
|
+
}),
|
|
4551
|
+
indices: [
|
|
4552
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4553
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4554
|
+
{
|
|
4555
|
+
kind: "index",
|
|
4556
|
+
name: "by_tenant_provider_alias",
|
|
4557
|
+
columns: ["tenantId", "provider", "alias"]
|
|
4558
|
+
},
|
|
4559
|
+
{ kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
|
|
4560
|
+
{
|
|
4561
|
+
kind: "index",
|
|
4562
|
+
name: "by_tenant_provider_status",
|
|
4563
|
+
columns: ["tenantId", "provider", "status"]
|
|
4564
|
+
}
|
|
4565
|
+
]
|
|
4566
|
+
});
|
|
4567
|
+
defineTable({
|
|
4568
|
+
name: "permitGroups",
|
|
4569
|
+
component: "control-plane",
|
|
4570
|
+
category: "access-control",
|
|
4571
|
+
shape: z.object({
|
|
4572
|
+
tenantId: z.string(),
|
|
4573
|
+
workspaceId: z.optional(z.string()),
|
|
4574
|
+
groupId: z.string(),
|
|
4575
|
+
groupKey: z.string(),
|
|
4576
|
+
groupName: z.string(),
|
|
4577
|
+
groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
|
|
4578
|
+
status: permitMembershipStatus,
|
|
4579
|
+
description: z.string().optional(),
|
|
4580
|
+
metadata: z.record(z.any()).optional(),
|
|
4581
|
+
createdBy: z.string(),
|
|
4582
|
+
createdAt: z.number(),
|
|
4583
|
+
updatedAt: z.number(),
|
|
4584
|
+
updatedBy: z.string().optional()
|
|
4585
|
+
}),
|
|
4586
|
+
indices: [
|
|
4587
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4588
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4589
|
+
{ kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
|
|
4590
|
+
{ kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
|
|
4591
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4592
|
+
]
|
|
4593
|
+
});
|
|
4594
|
+
defineTable({
|
|
4595
|
+
name: "permitGroupMemberships",
|
|
4596
|
+
component: "control-plane",
|
|
4597
|
+
category: "access-control",
|
|
4598
|
+
shape: z.object({
|
|
4599
|
+
tenantId: z.string(),
|
|
4600
|
+
workspaceId: z.optional(z.string()),
|
|
4601
|
+
groupId: z.string(),
|
|
4602
|
+
memberType: z.enum(["principal", "group"]),
|
|
4603
|
+
memberId: z.string(),
|
|
4604
|
+
principalId: z.string().optional(),
|
|
4605
|
+
childGroupId: z.string().optional(),
|
|
4606
|
+
status: permitMembershipStatus,
|
|
4607
|
+
addedBy: z.string().optional(),
|
|
4608
|
+
revokedBy: z.string().optional(),
|
|
4609
|
+
expiresAt: z.number().optional(),
|
|
4610
|
+
revocationReason: z.string().optional(),
|
|
4611
|
+
metadata: z.record(z.any()).optional(),
|
|
4612
|
+
createdAt: z.number(),
|
|
4613
|
+
updatedAt: z.number(),
|
|
4614
|
+
updatedBy: z.string().optional()
|
|
4615
|
+
}),
|
|
4616
|
+
indices: [
|
|
4617
|
+
{ kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
|
|
4618
|
+
{ kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
|
|
4619
|
+
{
|
|
4620
|
+
kind: "index",
|
|
4621
|
+
name: "by_tenant_member_group",
|
|
4622
|
+
columns: ["tenantId", "memberType", "memberId", "groupId"]
|
|
4623
|
+
},
|
|
4624
|
+
{ kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
|
|
4625
|
+
{ kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
|
|
4626
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4627
|
+
{
|
|
4628
|
+
kind: "index",
|
|
4629
|
+
name: "by_workspace_principal",
|
|
4630
|
+
columns: ["workspaceId", "principalId"]
|
|
4631
|
+
}
|
|
4632
|
+
]
|
|
4633
|
+
});
|
|
4634
|
+
defineTable({
|
|
4635
|
+
name: "permitResourceInstances",
|
|
4636
|
+
component: "control-plane",
|
|
4637
|
+
category: "access-control",
|
|
4638
|
+
shape: z.object({
|
|
4639
|
+
tenantId: z.string(),
|
|
4640
|
+
workspaceId: z.optional(z.string()),
|
|
4641
|
+
resourceType: z.string(),
|
|
4642
|
+
resourceKey: z.string(),
|
|
4643
|
+
resourceId: z.string(),
|
|
4644
|
+
status: z.enum(["active", "deleted", "archived"]),
|
|
4645
|
+
attributes: z.record(z.any()).optional(),
|
|
4646
|
+
ownerPrincipalId: z.string().optional(),
|
|
4647
|
+
metadata: z.record(z.any()).optional(),
|
|
4648
|
+
createdBy: z.string(),
|
|
4649
|
+
updatedBy: z.string().optional(),
|
|
4650
|
+
createdAt: z.number(),
|
|
4651
|
+
updatedAt: z.number()
|
|
4652
|
+
}),
|
|
4653
|
+
indices: [
|
|
4654
|
+
{
|
|
4655
|
+
kind: "index",
|
|
4656
|
+
name: "by_tenant_resource_type",
|
|
4657
|
+
columns: ["tenantId", "resourceType"]
|
|
4658
|
+
},
|
|
4659
|
+
{
|
|
4660
|
+
kind: "index",
|
|
4661
|
+
name: "by_tenant_resource_key",
|
|
4662
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4663
|
+
},
|
|
4664
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4665
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4666
|
+
{
|
|
4667
|
+
kind: "index",
|
|
4668
|
+
name: "by_tenant_status",
|
|
4669
|
+
columns: ["tenantId", "status"]
|
|
4670
|
+
},
|
|
4671
|
+
{
|
|
4672
|
+
kind: "index",
|
|
4673
|
+
name: "by_ownerPrincipalId",
|
|
4674
|
+
columns: ["ownerPrincipalId"]
|
|
4675
|
+
}
|
|
4676
|
+
]
|
|
4677
|
+
});
|
|
4678
|
+
defineTable({
|
|
4679
|
+
name: "permitRoleAssignments",
|
|
4680
|
+
component: "control-plane",
|
|
4681
|
+
category: "access-control",
|
|
4682
|
+
shape: z.object({
|
|
4683
|
+
tenantId: z.string(),
|
|
4684
|
+
workspaceId: z.optional(z.string()),
|
|
4685
|
+
role: z.string(),
|
|
4686
|
+
targetType: permitRoleBindingTarget,
|
|
4687
|
+
targetId: z.string(),
|
|
4688
|
+
resourceType: z.string(),
|
|
4689
|
+
resourceKey: z.string(),
|
|
4690
|
+
resourceInstanceId: z.string().optional(),
|
|
4691
|
+
status: permitMembershipStatus,
|
|
4692
|
+
expiresAt: z.number().optional(),
|
|
4693
|
+
attributes: z.record(z.any()).optional(),
|
|
4694
|
+
grantedBy: z.string().optional(),
|
|
4695
|
+
updatedBy: z.string().optional(),
|
|
4696
|
+
revokedBy: z.string().optional(),
|
|
4697
|
+
createdAt: z.number(),
|
|
4698
|
+
updatedAt: z.number()
|
|
4699
|
+
}),
|
|
4700
|
+
indices: [
|
|
4701
|
+
{
|
|
4702
|
+
kind: "index",
|
|
4703
|
+
name: "by_tenant_target",
|
|
4704
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4705
|
+
},
|
|
4706
|
+
{
|
|
4707
|
+
kind: "index",
|
|
4708
|
+
name: "by_tenant_resource",
|
|
4709
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4710
|
+
},
|
|
4711
|
+
{
|
|
4712
|
+
kind: "index",
|
|
4713
|
+
name: "by_tenant_role",
|
|
4714
|
+
columns: ["tenantId", "role", "status"]
|
|
4715
|
+
},
|
|
4716
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4717
|
+
{
|
|
4718
|
+
kind: "index",
|
|
4719
|
+
name: "by_workspace_resource",
|
|
4720
|
+
columns: ["workspaceId", "resourceType", "resourceKey"]
|
|
4721
|
+
}
|
|
4722
|
+
]
|
|
4723
|
+
});
|
|
4724
|
+
defineTable({
|
|
4725
|
+
name: "permitRelationshipTuples",
|
|
4726
|
+
component: "control-plane",
|
|
4727
|
+
category: "access-control",
|
|
4728
|
+
shape: z.object({
|
|
4729
|
+
tenantId: z.string(),
|
|
4730
|
+
workspaceId: z.optional(z.string()),
|
|
4731
|
+
relation: z.string(),
|
|
4732
|
+
subject: z.string(),
|
|
4733
|
+
object: z.string(),
|
|
4734
|
+
resourceType: z.string().optional(),
|
|
4735
|
+
resourceKey: z.string().optional(),
|
|
4736
|
+
status: permitRecordStatus,
|
|
4737
|
+
attributes: z.record(z.any()).optional(),
|
|
4738
|
+
createdBy: z.string(),
|
|
4739
|
+
createdAt: z.number(),
|
|
4740
|
+
updatedAt: z.number(),
|
|
4741
|
+
lastSeenAt: z.number().optional(),
|
|
4742
|
+
updatedBy: z.string().optional()
|
|
4743
|
+
}),
|
|
4744
|
+
indices: [
|
|
4745
|
+
{ kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
|
|
4746
|
+
{ kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
|
|
4747
|
+
{ kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
|
|
4748
|
+
{
|
|
4749
|
+
kind: "index",
|
|
4750
|
+
name: "by_tenant_relation_subject",
|
|
4751
|
+
columns: ["tenantId", "relation", "subject"]
|
|
4752
|
+
},
|
|
4753
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4754
|
+
]
|
|
4755
|
+
});
|
|
4756
|
+
defineTable({
|
|
4757
|
+
name: "permitAttributeBindings",
|
|
4758
|
+
component: "control-plane",
|
|
4759
|
+
category: "access-control",
|
|
4760
|
+
shape: z.object({
|
|
4761
|
+
tenantId: z.string(),
|
|
4762
|
+
workspaceId: z.optional(z.string()),
|
|
4763
|
+
targetType: permitRoleBindingTarget,
|
|
4764
|
+
targetId: z.string(),
|
|
4765
|
+
attributeName: z.string(),
|
|
4766
|
+
attributeType: permitAttributeType,
|
|
4767
|
+
attributeOperator: permitAttributeOperator,
|
|
4768
|
+
attributeValue: z.any(),
|
|
4769
|
+
status: permitRecordStatus,
|
|
4770
|
+
source: z.string().optional(),
|
|
4771
|
+
sourceRef: z.string().optional(),
|
|
4772
|
+
metadata: z.record(z.any()).optional(),
|
|
4773
|
+
createdAt: z.number(),
|
|
4774
|
+
updatedAt: z.number(),
|
|
4775
|
+
createdBy: z.string(),
|
|
4776
|
+
updatedBy: z.string().optional(),
|
|
4777
|
+
expiresAt: z.number().optional()
|
|
4778
|
+
}),
|
|
4779
|
+
indices: [
|
|
4780
|
+
{
|
|
4781
|
+
kind: "index",
|
|
4782
|
+
name: "by_tenant_target",
|
|
4783
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4784
|
+
},
|
|
4785
|
+
{
|
|
4786
|
+
kind: "index",
|
|
4787
|
+
name: "by_tenant_target_attribute",
|
|
4788
|
+
columns: ["tenantId", "targetType", "targetId", "attributeName"]
|
|
4789
|
+
},
|
|
4790
|
+
{
|
|
4791
|
+
kind: "index",
|
|
4792
|
+
name: "by_tenant_name",
|
|
4793
|
+
columns: ["tenantId", "attributeName"]
|
|
4794
|
+
},
|
|
4795
|
+
{
|
|
4796
|
+
kind: "index",
|
|
4797
|
+
name: "by_tenant_status",
|
|
4798
|
+
columns: ["tenantId", "status"]
|
|
4799
|
+
}
|
|
4800
|
+
]
|
|
4801
|
+
});
|
|
4802
|
+
defineTable({
|
|
4803
|
+
name: "permitPolicyBundles",
|
|
4804
|
+
component: "control-plane",
|
|
4805
|
+
category: "access-control",
|
|
4806
|
+
shape: z.object({
|
|
4807
|
+
tenantId: z.string(),
|
|
4808
|
+
workspaceId: z.optional(z.string()),
|
|
4809
|
+
bundleKey: z.string(),
|
|
4810
|
+
version: z.number(),
|
|
4811
|
+
status: permitPolicyBundleStatus,
|
|
4812
|
+
policyHash: z.string().optional(),
|
|
4813
|
+
policyPayload: z.record(z.any()),
|
|
4814
|
+
metadata: z.record(z.any()).optional(),
|
|
4815
|
+
createdBy: z.string(),
|
|
4816
|
+
reviewedBy: z.string().optional(),
|
|
4817
|
+
createdAt: z.number(),
|
|
4818
|
+
updatedAt: z.number(),
|
|
4819
|
+
retiredAt: z.number().optional()
|
|
4820
|
+
}),
|
|
4821
|
+
indices: [
|
|
4822
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4823
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4824
|
+
{
|
|
4825
|
+
kind: "index",
|
|
4826
|
+
name: "by_tenant_bundleKey",
|
|
4827
|
+
columns: ["tenantId", "bundleKey"]
|
|
4828
|
+
},
|
|
4829
|
+
{
|
|
4830
|
+
kind: "index",
|
|
4831
|
+
name: "by_tenant_bundle_version",
|
|
4832
|
+
columns: ["tenantId", "bundleKey", "version"]
|
|
4833
|
+
},
|
|
4834
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4835
|
+
]
|
|
4836
|
+
});
|
|
4837
|
+
defineTable({
|
|
4838
|
+
name: "permitProjectionOutbox",
|
|
4839
|
+
component: "control-plane",
|
|
4840
|
+
category: "access-control",
|
|
4841
|
+
shape: z.object({
|
|
4842
|
+
syncKey: z.string(),
|
|
4843
|
+
objectType: permitObjectType,
|
|
4844
|
+
objectId: z.string(),
|
|
4845
|
+
operation: permitOutboxOperation,
|
|
4846
|
+
payload: z.record(z.any()),
|
|
4847
|
+
status: permitRecordStatus,
|
|
4848
|
+
attemptCount: z.number(),
|
|
4849
|
+
nextAttemptAt: z.number().optional(),
|
|
4850
|
+
lastError: z.string().optional(),
|
|
4851
|
+
tenantId: z.string().optional(),
|
|
4852
|
+
workspaceId: z.optional(z.string()),
|
|
4853
|
+
principalId: z.string().optional(),
|
|
4854
|
+
permitTenantKey: z.string().optional(),
|
|
4855
|
+
permitResourceType: z.string().optional(),
|
|
4856
|
+
permitResourceKey: z.string().optional(),
|
|
4857
|
+
createdAt: z.number(),
|
|
4858
|
+
updatedAt: z.number(),
|
|
4859
|
+
lastHandledAt: z.number().optional()
|
|
4860
|
+
}),
|
|
4861
|
+
indices: [
|
|
4862
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4863
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4864
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4865
|
+
{
|
|
4866
|
+
kind: "index",
|
|
4867
|
+
name: "by_tenant_status",
|
|
4868
|
+
columns: ["tenantId", "status"]
|
|
4869
|
+
},
|
|
4870
|
+
{
|
|
4871
|
+
kind: "index",
|
|
4872
|
+
name: "by_objectType",
|
|
4873
|
+
columns: ["objectType", "status"]
|
|
4874
|
+
}
|
|
4875
|
+
]
|
|
4876
|
+
});
|
|
4877
|
+
defineTable({
|
|
4878
|
+
name: "tenantPermitSyncStates",
|
|
4879
|
+
component: "control-plane",
|
|
4880
|
+
category: "access-control",
|
|
4881
|
+
shape: z.object({
|
|
4882
|
+
syncKey: z.string(),
|
|
4883
|
+
objectType: permitObjectType,
|
|
4884
|
+
objectId: z.string(),
|
|
4885
|
+
tenantId: z.string().optional(),
|
|
4886
|
+
workspaceId: z.string().optional(),
|
|
4887
|
+
principalId: z.string().optional(),
|
|
4888
|
+
permitTenantKey: z.string().optional(),
|
|
4889
|
+
permitResourceType: z.string().optional(),
|
|
4890
|
+
permitResourceKey: z.string().optional(),
|
|
4891
|
+
desiredPayload: z.record(z.any()),
|
|
4892
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
4893
|
+
status: permitSyncStatus,
|
|
4894
|
+
attemptCount: z.number(),
|
|
4895
|
+
lastError: z.string().optional(),
|
|
4896
|
+
nextAttemptAt: z.number().optional(),
|
|
4897
|
+
lastSyncedAt: z.number().optional(),
|
|
4898
|
+
createdBy: z.string(),
|
|
4899
|
+
updatedBy: z.string().optional(),
|
|
4900
|
+
createdAt: z.number(),
|
|
4901
|
+
updatedAt: z.number()
|
|
4902
|
+
}),
|
|
4903
|
+
indices: [
|
|
4904
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4905
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4906
|
+
{
|
|
4907
|
+
kind: "index",
|
|
4908
|
+
name: "by_tenant_status",
|
|
4909
|
+
columns: ["tenantId", "status"]
|
|
4910
|
+
},
|
|
4911
|
+
{
|
|
4912
|
+
kind: "index",
|
|
4913
|
+
name: "by_workspace_status",
|
|
4914
|
+
columns: ["workspaceId", "status"]
|
|
4915
|
+
},
|
|
4916
|
+
{
|
|
4917
|
+
kind: "index",
|
|
4918
|
+
name: "by_principal_status",
|
|
4919
|
+
columns: ["principalId", "status"]
|
|
4920
|
+
}
|
|
4921
|
+
]
|
|
4922
|
+
});
|
|
4923
|
+
defineTable({
|
|
4924
|
+
name: "permitPolicyDecisionReceipts",
|
|
4925
|
+
component: "control-plane",
|
|
4926
|
+
category: "access-control",
|
|
4927
|
+
shape: z.object({
|
|
4928
|
+
tenantId: z.string().optional(),
|
|
4929
|
+
workspaceId: z.string().optional(),
|
|
4930
|
+
principalId: z.string(),
|
|
4931
|
+
subjectType: permitAccessReviewSubjectType.optional(),
|
|
4932
|
+
subjectId: z.string().optional(),
|
|
4933
|
+
resourceType: z.string(),
|
|
4934
|
+
resourceId: z.string(),
|
|
4935
|
+
action: z.string(),
|
|
4936
|
+
decision: permitDecision,
|
|
4937
|
+
reasonCode: z.string(),
|
|
4938
|
+
policyBundleId: z.string().optional(),
|
|
4939
|
+
policyVersion: z.string(),
|
|
4940
|
+
traceId: z.string().optional(),
|
|
4941
|
+
requestId: z.string().optional(),
|
|
4942
|
+
audienceMode: z.string().optional(),
|
|
4943
|
+
audienceKey: z.string().optional(),
|
|
4944
|
+
audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
|
|
4945
|
+
metadata: z.record(z.any()).optional(),
|
|
4946
|
+
createdAt: z.number(),
|
|
4947
|
+
expiresAt: z.number().optional(),
|
|
4948
|
+
createdBy: z.string().optional()
|
|
4949
|
+
}),
|
|
4950
|
+
indices: [
|
|
4951
|
+
{ kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
|
|
4952
|
+
{ kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
|
|
4953
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
|
|
4954
|
+
{ kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
|
|
4955
|
+
{ kind: "index", name: "by_traceId", columns: ["traceId"] },
|
|
4956
|
+
{ kind: "index", name: "by_action", columns: ["action"] }
|
|
4957
|
+
]
|
|
4958
|
+
});
|
|
4959
|
+
defineTable({
|
|
4960
|
+
name: "permitAccessReviews",
|
|
4961
|
+
component: "control-plane",
|
|
4962
|
+
category: "access-control",
|
|
4963
|
+
shape: z.object({
|
|
4964
|
+
tenantId: z.string(),
|
|
4965
|
+
workspaceId: z.optional(z.string()),
|
|
4966
|
+
reviewKey: z.string(),
|
|
4967
|
+
scope: permitReviewScope,
|
|
4968
|
+
status: permitAccessReviewStatus,
|
|
4969
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4970
|
+
subjectId: z.string(),
|
|
4971
|
+
resourceType: z.string().optional(),
|
|
4972
|
+
resourceKey: z.string().optional(),
|
|
4973
|
+
outcome: z.enum(["allow", "deny"]).optional(),
|
|
4974
|
+
requestedBy: z.string(),
|
|
4975
|
+
reviewedBy: z.string().optional(),
|
|
4976
|
+
requestedAt: z.number(),
|
|
4977
|
+
reviewedAt: z.number().optional(),
|
|
4978
|
+
dueAt: z.number().optional(),
|
|
4979
|
+
justification: z.string().optional(),
|
|
4980
|
+
rationale: z.string().optional(),
|
|
4981
|
+
policyBundleId: z.string().optional(),
|
|
4982
|
+
metadata: z.record(z.any()).optional(),
|
|
4983
|
+
createdAt: z.number(),
|
|
4984
|
+
updatedAt: z.number()
|
|
4985
|
+
}),
|
|
4986
|
+
indices: [
|
|
4987
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4988
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4989
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
4990
|
+
{
|
|
4991
|
+
kind: "index",
|
|
4992
|
+
name: "by_tenant_subject",
|
|
4993
|
+
columns: ["tenantId", "subjectType", "subjectId"]
|
|
4994
|
+
},
|
|
4995
|
+
{ kind: "index", name: "by_outcome", columns: ["outcome"] },
|
|
4996
|
+
{
|
|
4997
|
+
kind: "index",
|
|
4998
|
+
name: "by_workspace_status",
|
|
4999
|
+
columns: ["workspaceId", "status"]
|
|
5000
|
+
}
|
|
5001
|
+
]
|
|
5002
|
+
});
|
|
5003
|
+
defineTable({
|
|
5004
|
+
name: "permitAccessReviewItems",
|
|
5005
|
+
component: "control-plane",
|
|
5006
|
+
category: "access-control",
|
|
5007
|
+
shape: z.object({
|
|
5008
|
+
reviewKey: z.string(),
|
|
5009
|
+
itemKey: z.string(),
|
|
5010
|
+
tenantId: z.string(),
|
|
5011
|
+
workspaceId: z.string().optional(),
|
|
5012
|
+
subjectType: permitAccessReviewSubjectType,
|
|
5013
|
+
subjectId: z.string(),
|
|
5014
|
+
resourceType: z.string().optional(),
|
|
5015
|
+
resourceKey: z.string().optional(),
|
|
5016
|
+
role: z.string().optional(),
|
|
5017
|
+
relation: z.string().optional(),
|
|
5018
|
+
status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
|
|
5019
|
+
reviewerId: z.string().optional(),
|
|
5020
|
+
decisionAt: z.number().optional(),
|
|
5021
|
+
rationale: z.string().optional(),
|
|
5022
|
+
metadata: z.record(z.any()).optional(),
|
|
5023
|
+
createdAt: z.number(),
|
|
5024
|
+
updatedAt: z.number()
|
|
5025
|
+
}),
|
|
5026
|
+
indices: [
|
|
5027
|
+
{ kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
|
|
5028
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
5029
|
+
{ kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
|
|
5030
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5031
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5032
|
+
]
|
|
5033
|
+
});
|
|
4120
5034
|
defineTable({
|
|
4121
5035
|
name: "reasoningPermissions",
|
|
4122
|
-
component: "
|
|
5036
|
+
component: "control-plane",
|
|
4123
5037
|
category: "epistemic",
|
|
4124
5038
|
shape: z.object({
|
|
4125
5039
|
"topicId": z.string().optional(),
|
|
@@ -4366,7 +5280,7 @@ defineTable({
|
|
|
4366
5280
|
});
|
|
4367
5281
|
defineTable({
|
|
4368
5282
|
name: "users",
|
|
4369
|
-
component: "
|
|
5283
|
+
component: "control-plane",
|
|
4370
5284
|
category: "user",
|
|
4371
5285
|
shape: z.object({
|
|
4372
5286
|
"clerkId": z.string(),
|
|
@@ -4480,7 +5394,6 @@ defineTable({
|
|
|
4480
5394
|
"deployments": z.record(z.object({
|
|
4481
5395
|
"url": z.string(),
|
|
4482
5396
|
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
4483
|
-
"encryptedDeployKey": z.string().optional(),
|
|
4484
5397
|
"credentialRef": z.string().optional()
|
|
4485
5398
|
})).optional(),
|
|
4486
5399
|
"metadata": z.record(z.any()).optional(),
|
|
@@ -4495,6 +5408,39 @@ defineTable({
|
|
|
4495
5408
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4496
5409
|
]
|
|
4497
5410
|
});
|
|
5411
|
+
defineTable({
|
|
5412
|
+
name: "deploymentHosts",
|
|
5413
|
+
component: "mc",
|
|
5414
|
+
category: "workspace",
|
|
5415
|
+
shape: z.object({
|
|
5416
|
+
"host": z.string(),
|
|
5417
|
+
"tenantId": idOf("tenants"),
|
|
5418
|
+
"workspaceId": idOf("workspaces"),
|
|
5419
|
+
"environment": z.enum(["dev", "staging", "prod"]),
|
|
5420
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]),
|
|
5421
|
+
"deploymentUrl": z.string().optional(),
|
|
5422
|
+
"deploymentName": z.string().optional(),
|
|
5423
|
+
"vercelProjectName": z.string().optional(),
|
|
5424
|
+
"vercelProjectId": z.string().optional(),
|
|
5425
|
+
"vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
|
|
5426
|
+
"source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
|
|
5427
|
+
"status": z.enum(["active", "revoked"]),
|
|
5428
|
+
"metadata": z.record(z.any()).optional(),
|
|
5429
|
+
"createdBy": z.string(),
|
|
5430
|
+
"createdAt": z.number(),
|
|
5431
|
+
"updatedAt": z.number(),
|
|
5432
|
+
"revokedAt": z.number().optional(),
|
|
5433
|
+
"revokedBy": z.string().optional()
|
|
5434
|
+
}),
|
|
5435
|
+
indices: [
|
|
5436
|
+
{ kind: "index", name: "by_host", columns: ["host"] },
|
|
5437
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
5438
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
5439
|
+
{ kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
|
|
5440
|
+
{ kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
|
|
5441
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5442
|
+
]
|
|
5443
|
+
});
|
|
4498
5444
|
defineTable({
|
|
4499
5445
|
name: "worktreeBeliefCluster",
|
|
4500
5446
|
component: "kernel",
|
|
@@ -4802,8 +5748,8 @@ defineTable({
|
|
|
4802
5748
|
});
|
|
4803
5749
|
z.object({
|
|
4804
5750
|
manifestVersion: z.string(),
|
|
4805
|
-
componentName: z.enum(["kernel", "
|
|
4806
|
-
tier: z.enum(["K", "
|
|
5751
|
+
componentName: z.enum(["kernel", "control-plane"]),
|
|
5752
|
+
tier: z.enum(["K", "CP"]),
|
|
4807
5753
|
packageVersion: z.string(),
|
|
4808
5754
|
tables: z.array(
|
|
4809
5755
|
z.object({
|
|
@@ -4929,129 +5875,994 @@ var edgePolicyManifest = {
|
|
|
4929
5875
|
// ../contracts/src/tenant-client.contract.ts
|
|
4930
5876
|
var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
4931
5877
|
{
|
|
4932
|
-
packageName: "@lucern/access-control",
|
|
4933
|
-
role: "runtime_entrypoint",
|
|
4934
|
-
directTenantImport: true
|
|
5878
|
+
packageName: "@lucern/access-control",
|
|
5879
|
+
role: "runtime_entrypoint",
|
|
5880
|
+
directTenantImport: true
|
|
5881
|
+
},
|
|
5882
|
+
{
|
|
5883
|
+
packageName: "@lucern/agent",
|
|
5884
|
+
role: "platform_runtime",
|
|
5885
|
+
directTenantImport: false
|
|
5886
|
+
},
|
|
5887
|
+
{
|
|
5888
|
+
packageName: "@lucern/auth",
|
|
5889
|
+
role: "sdk_dependency",
|
|
5890
|
+
directTenantImport: false
|
|
5891
|
+
},
|
|
5892
|
+
{
|
|
5893
|
+
packageName: "@lucern/cli",
|
|
5894
|
+
role: "developer_tool",
|
|
5895
|
+
directTenantImport: false
|
|
5896
|
+
},
|
|
5897
|
+
{
|
|
5898
|
+
packageName: "@lucern/client-core",
|
|
5899
|
+
role: "sdk_dependency",
|
|
5900
|
+
directTenantImport: false
|
|
5901
|
+
},
|
|
5902
|
+
{
|
|
5903
|
+
packageName: "@lucern/confidence",
|
|
5904
|
+
role: "sdk_dependency",
|
|
5905
|
+
directTenantImport: false
|
|
5906
|
+
},
|
|
5907
|
+
{
|
|
5908
|
+
packageName: "@lucern/config",
|
|
5909
|
+
role: "configuration",
|
|
5910
|
+
directTenantImport: false
|
|
5911
|
+
},
|
|
5912
|
+
{
|
|
5913
|
+
packageName: "@lucern/contracts",
|
|
5914
|
+
role: "contract_entrypoint",
|
|
5915
|
+
directTenantImport: true
|
|
5916
|
+
},
|
|
5917
|
+
{
|
|
5918
|
+
packageName: "@lucern/control-plane",
|
|
5919
|
+
role: "component_runtime",
|
|
5920
|
+
directTenantImport: false
|
|
5921
|
+
},
|
|
5922
|
+
{
|
|
5923
|
+
packageName: "@lucern/developer-kit",
|
|
5924
|
+
role: "developer_tool",
|
|
5925
|
+
directTenantImport: false
|
|
5926
|
+
},
|
|
5927
|
+
{
|
|
5928
|
+
packageName: "@lucern/events",
|
|
5929
|
+
role: "sdk_dependency",
|
|
5930
|
+
directTenantImport: false
|
|
5931
|
+
},
|
|
5932
|
+
{
|
|
5933
|
+
packageName: "@lucern/graph-primitives",
|
|
5934
|
+
role: "sdk_dependency",
|
|
5935
|
+
directTenantImport: false
|
|
5936
|
+
},
|
|
5937
|
+
{
|
|
5938
|
+
packageName: "@lucern/graph-sync",
|
|
5939
|
+
role: "host_addon_runtime",
|
|
5940
|
+
directTenantImport: true
|
|
5941
|
+
},
|
|
5942
|
+
{
|
|
5943
|
+
packageName: "@lucern/mcp",
|
|
5944
|
+
role: "runtime_entrypoint",
|
|
5945
|
+
directTenantImport: true
|
|
5946
|
+
},
|
|
5947
|
+
{
|
|
5948
|
+
packageName: "@lucern/pack-host",
|
|
5949
|
+
role: "platform_runtime",
|
|
5950
|
+
directTenantImport: false
|
|
5951
|
+
},
|
|
5952
|
+
{
|
|
5953
|
+
packageName: "@lucern/pack-installer",
|
|
5954
|
+
role: "developer_tool",
|
|
5955
|
+
directTenantImport: false
|
|
5956
|
+
},
|
|
5957
|
+
{
|
|
5958
|
+
packageName: "@lucern/proof-compiler",
|
|
5959
|
+
role: "developer_tool",
|
|
5960
|
+
directTenantImport: false
|
|
5961
|
+
},
|
|
5962
|
+
{
|
|
5963
|
+
packageName: "@lucern/react",
|
|
5964
|
+
role: "runtime_entrypoint",
|
|
5965
|
+
directTenantImport: true
|
|
5966
|
+
},
|
|
5967
|
+
{
|
|
5968
|
+
packageName: "@lucern/reasoning-kernel",
|
|
5969
|
+
role: "component_runtime",
|
|
5970
|
+
directTenantImport: false
|
|
5971
|
+
},
|
|
5972
|
+
{
|
|
5973
|
+
packageName: "@lucern/sdk",
|
|
5974
|
+
role: "runtime_entrypoint",
|
|
5975
|
+
directTenantImport: true
|
|
5976
|
+
},
|
|
5977
|
+
{
|
|
5978
|
+
packageName: "@lucern/secrets",
|
|
5979
|
+
role: "sdk_dependency",
|
|
5980
|
+
directTenantImport: false
|
|
5981
|
+
},
|
|
5982
|
+
{
|
|
5983
|
+
packageName: "@lucern/server-core",
|
|
5984
|
+
role: "platform_runtime",
|
|
5985
|
+
directTenantImport: false
|
|
5986
|
+
},
|
|
5987
|
+
{
|
|
5988
|
+
packageName: "@lucern/testing",
|
|
5989
|
+
role: "test_support",
|
|
5990
|
+
directTenantImport: false
|
|
5991
|
+
},
|
|
5992
|
+
{
|
|
5993
|
+
packageName: "@lucern/types",
|
|
5994
|
+
role: "contract_entrypoint",
|
|
5995
|
+
directTenantImport: true
|
|
5996
|
+
}
|
|
5997
|
+
];
|
|
5998
|
+
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
5999
|
+
(entry) => entry.packageName
|
|
6000
|
+
);
|
|
6001
|
+
|
|
6002
|
+
// ../contracts/src/infisical-runtime.contract.ts
|
|
6003
|
+
var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
|
|
6004
|
+
{
|
|
6005
|
+
id: "stack-frontend",
|
|
6006
|
+
tenantKey: "stack",
|
|
6007
|
+
workspaceKey: "frontend",
|
|
6008
|
+
vercelProjectName: "ai-chatbot-diao",
|
|
6009
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6010
|
+
vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
|
|
6011
|
+
repository: {
|
|
6012
|
+
owner: "stack-vc",
|
|
6013
|
+
name: "front-end"
|
|
6014
|
+
},
|
|
6015
|
+
sharedSourcePath: "/tenants/stack",
|
|
6016
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6017
|
+
convex: {
|
|
6018
|
+
urlEnv: "CONVEX_FRONTEND_URL",
|
|
6019
|
+
deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
|
|
6020
|
+
preprodDeployment: "rugged-lobster-664",
|
|
6021
|
+
prodDeployment: "wonderful-toucan-0"
|
|
6022
|
+
}
|
|
6023
|
+
},
|
|
6024
|
+
{
|
|
6025
|
+
id: "stackos",
|
|
6026
|
+
tenantKey: "stack",
|
|
6027
|
+
workspaceKey: "stackos",
|
|
6028
|
+
vercelProjectName: "stackos",
|
|
6029
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6030
|
+
vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
|
|
6031
|
+
repository: {
|
|
6032
|
+
owner: "stack-vc",
|
|
6033
|
+
name: "stackos"
|
|
6034
|
+
},
|
|
6035
|
+
sharedSourcePath: "/tenants/stack",
|
|
6036
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6037
|
+
convex: {
|
|
6038
|
+
urlEnv: "CONVEX_STACKOS_URL",
|
|
6039
|
+
deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
|
|
6040
|
+
preprodDeployment: "giant-mandrill-761",
|
|
6041
|
+
prodDeployment: "good-snake-515"
|
|
6042
|
+
}
|
|
6043
|
+
},
|
|
6044
|
+
{
|
|
6045
|
+
id: "stack-eng",
|
|
6046
|
+
tenantKey: "stack",
|
|
6047
|
+
workspaceKey: "engineering",
|
|
6048
|
+
vercelProjectName: "stackos-engineering-graph",
|
|
6049
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6050
|
+
vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
|
|
6051
|
+
repository: {
|
|
6052
|
+
owner: "stack-vc",
|
|
6053
|
+
name: "stackos-engineering-graph"
|
|
6054
|
+
},
|
|
6055
|
+
sharedSourcePath: "/tenants/stack/engineering",
|
|
6056
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6057
|
+
convex: {
|
|
6058
|
+
urlEnv: "CONVEX_STACK_ENG_URL",
|
|
6059
|
+
deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
|
|
6060
|
+
preprodDeployment: "small-oyster-270",
|
|
6061
|
+
prodDeployment: "bold-cuttlefish-804"
|
|
6062
|
+
}
|
|
6063
|
+
},
|
|
6064
|
+
{
|
|
6065
|
+
id: "lucern-graph",
|
|
6066
|
+
tenantKey: "lucern",
|
|
6067
|
+
workspaceKey: "lucern",
|
|
6068
|
+
vercelProjectName: "lucern-graph",
|
|
6069
|
+
vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
|
|
6070
|
+
vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
|
|
6071
|
+
repository: {
|
|
6072
|
+
owner: "LucernAI",
|
|
6073
|
+
name: "lucern-graph"
|
|
6074
|
+
},
|
|
6075
|
+
sharedSourcePath: "/tenants/lucern/shared",
|
|
6076
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6077
|
+
convex: {
|
|
6078
|
+
urlEnv: "CONVEX_LUCERN_URL",
|
|
6079
|
+
deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
|
|
6080
|
+
preprodDeployment: "good-blackbird-774",
|
|
6081
|
+
prodDeployment: "precious-dog-365"
|
|
6082
|
+
}
|
|
6083
|
+
}
|
|
6084
|
+
];
|
|
6085
|
+
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
6086
|
+
{
|
|
6087
|
+
idSuffix: "clerk.publishable",
|
|
6088
|
+
canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6089
|
+
aliases: ["CLERK_PUBLISHABLE_KEY"],
|
|
6090
|
+
required: true,
|
|
6091
|
+
secret: false,
|
|
6092
|
+
public: true,
|
|
6093
|
+
description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
|
|
6094
|
+
},
|
|
6095
|
+
{
|
|
6096
|
+
idSuffix: "clerk.secret",
|
|
6097
|
+
canonicalName: "CLERK_SECRET_KEY",
|
|
6098
|
+
required: true,
|
|
6099
|
+
secret: true,
|
|
6100
|
+
public: false,
|
|
6101
|
+
description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
|
|
6102
|
+
},
|
|
6103
|
+
{
|
|
6104
|
+
idSuffix: "clerk.project",
|
|
6105
|
+
canonicalName: "CLERK_PROJECT_ID",
|
|
6106
|
+
required: true,
|
|
6107
|
+
secret: false,
|
|
6108
|
+
public: false,
|
|
6109
|
+
description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
|
|
6110
|
+
},
|
|
6111
|
+
{
|
|
6112
|
+
idSuffix: "clerk.jwks",
|
|
6113
|
+
canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6114
|
+
aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
|
|
6115
|
+
required: false,
|
|
6116
|
+
secret: false,
|
|
6117
|
+
public: false,
|
|
6118
|
+
description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
|
|
6119
|
+
},
|
|
6120
|
+
{
|
|
6121
|
+
idSuffix: "clerk.jwt-key",
|
|
6122
|
+
canonicalName: "CLERK_JWT_KEY",
|
|
6123
|
+
required: false,
|
|
6124
|
+
secret: true,
|
|
6125
|
+
public: false,
|
|
6126
|
+
description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
|
|
6127
|
+
},
|
|
6128
|
+
{
|
|
6129
|
+
idSuffix: "clerk.authorized-parties",
|
|
6130
|
+
canonicalName: "CLERK_AUTHORIZED_PARTIES",
|
|
6131
|
+
aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
|
|
6132
|
+
required: false,
|
|
6133
|
+
secret: false,
|
|
6134
|
+
public: false,
|
|
6135
|
+
description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
|
|
6136
|
+
},
|
|
6137
|
+
{
|
|
6138
|
+
idSuffix: "clerk.sign-in-url",
|
|
6139
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6140
|
+
required: false,
|
|
6141
|
+
secret: false,
|
|
6142
|
+
public: true,
|
|
6143
|
+
description: "Tenant Clerk sign-in route for custom app login surfaces."
|
|
6144
|
+
},
|
|
6145
|
+
{
|
|
6146
|
+
idSuffix: "clerk.sign-up-url",
|
|
6147
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6148
|
+
required: false,
|
|
6149
|
+
secret: false,
|
|
6150
|
+
public: true,
|
|
6151
|
+
description: "Tenant Clerk sign-up route for custom app login surfaces."
|
|
6152
|
+
}
|
|
6153
|
+
];
|
|
6154
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6155
|
+
(system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
|
|
6156
|
+
(template) => ({
|
|
6157
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6158
|
+
canonicalName: template.canonicalName,
|
|
6159
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6160
|
+
owner: "tenant",
|
|
6161
|
+
scope: "tenant",
|
|
6162
|
+
sourcePath: system.sharedSourcePath,
|
|
6163
|
+
environmentPolicy: "environment_specific",
|
|
6164
|
+
required: template.required,
|
|
6165
|
+
secret: template.secret,
|
|
6166
|
+
public: template.public,
|
|
6167
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6168
|
+
destinations: [
|
|
6169
|
+
{
|
|
6170
|
+
kind: "vercel",
|
|
6171
|
+
target: system.vercelProjectName,
|
|
6172
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6173
|
+
},
|
|
6174
|
+
{
|
|
6175
|
+
kind: "convex",
|
|
6176
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6177
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6178
|
+
}
|
|
6179
|
+
],
|
|
6180
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6181
|
+
})
|
|
6182
|
+
)
|
|
6183
|
+
);
|
|
6184
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
|
|
6185
|
+
(system) => ({
|
|
6186
|
+
id: `tenant.${system.id}.install-lucern-npm`,
|
|
6187
|
+
canonicalName: "INSTALL_LUCERN_NPM",
|
|
6188
|
+
owner: "provider",
|
|
6189
|
+
scope: "global",
|
|
6190
|
+
sourcePath: "/tenants/shared",
|
|
6191
|
+
environmentPolicy: "same_all_environments",
|
|
6192
|
+
required: true,
|
|
6193
|
+
secret: true,
|
|
6194
|
+
public: false,
|
|
6195
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6196
|
+
destinations: [
|
|
6197
|
+
{
|
|
6198
|
+
kind: "vercel",
|
|
6199
|
+
target: system.vercelProjectName,
|
|
6200
|
+
environmentPolicy: "same_all_environments"
|
|
6201
|
+
},
|
|
6202
|
+
{
|
|
6203
|
+
kind: "github_actions",
|
|
6204
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6205
|
+
environmentPolicy: "same_all_environments"
|
|
6206
|
+
}
|
|
6207
|
+
],
|
|
6208
|
+
description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
|
|
6209
|
+
})
|
|
6210
|
+
);
|
|
6211
|
+
var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
|
|
6212
|
+
var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
|
|
6213
|
+
{
|
|
6214
|
+
idSuffix: "ai.openai-api-key",
|
|
6215
|
+
canonicalName: "OPENAI_API_KEY",
|
|
6216
|
+
required: false,
|
|
6217
|
+
secret: true,
|
|
6218
|
+
public: false,
|
|
6219
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6220
|
+
description: "Tenant-owned OpenAI key for product runtime LLM calls."
|
|
4935
6221
|
},
|
|
4936
6222
|
{
|
|
4937
|
-
|
|
4938
|
-
|
|
4939
|
-
|
|
6223
|
+
idSuffix: "ai.anthropic-api-key",
|
|
6224
|
+
canonicalName: "ANTHROPIC_API_KEY",
|
|
6225
|
+
required: false,
|
|
6226
|
+
secret: true,
|
|
6227
|
+
public: false,
|
|
6228
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6229
|
+
description: "Tenant-owned Anthropic key for product runtime LLM calls."
|
|
4940
6230
|
},
|
|
4941
6231
|
{
|
|
4942
|
-
|
|
4943
|
-
|
|
4944
|
-
|
|
6232
|
+
idSuffix: "ai.gemini-api-key",
|
|
6233
|
+
canonicalName: "GEMINI_API_KEY",
|
|
6234
|
+
aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
|
|
6235
|
+
required: false,
|
|
6236
|
+
secret: true,
|
|
6237
|
+
public: false,
|
|
6238
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6239
|
+
description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
|
|
4945
6240
|
},
|
|
4946
6241
|
{
|
|
4947
|
-
|
|
4948
|
-
|
|
4949
|
-
|
|
6242
|
+
idSuffix: "langfuse.secret-key",
|
|
6243
|
+
canonicalName: "LANGFUSE_SECRET_KEY",
|
|
6244
|
+
required: false,
|
|
6245
|
+
secret: true,
|
|
6246
|
+
public: false,
|
|
6247
|
+
consumers: [
|
|
6248
|
+
"tenant-vercel-app",
|
|
6249
|
+
"tenant-convex-deployment",
|
|
6250
|
+
"tenant-observability"
|
|
6251
|
+
],
|
|
6252
|
+
description: "Tenant-owned Langfuse secret key for product AI tracing."
|
|
4950
6253
|
},
|
|
4951
6254
|
{
|
|
4952
|
-
|
|
4953
|
-
|
|
4954
|
-
|
|
6255
|
+
idSuffix: "langfuse.public-key",
|
|
6256
|
+
canonicalName: "LANGFUSE_PUBLIC_KEY",
|
|
6257
|
+
required: false,
|
|
6258
|
+
secret: false,
|
|
6259
|
+
public: false,
|
|
6260
|
+
consumers: [
|
|
6261
|
+
"tenant-vercel-app",
|
|
6262
|
+
"tenant-convex-deployment",
|
|
6263
|
+
"tenant-observability"
|
|
6264
|
+
],
|
|
6265
|
+
description: "Tenant-owned Langfuse public key for product AI tracing."
|
|
4955
6266
|
},
|
|
4956
6267
|
{
|
|
4957
|
-
|
|
4958
|
-
|
|
4959
|
-
|
|
6268
|
+
idSuffix: "langfuse.base-url",
|
|
6269
|
+
canonicalName: "LANGFUSE_BASE_URL",
|
|
6270
|
+
aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
|
|
6271
|
+
required: false,
|
|
6272
|
+
secret: false,
|
|
6273
|
+
public: false,
|
|
6274
|
+
consumers: [
|
|
6275
|
+
"tenant-vercel-app",
|
|
6276
|
+
"tenant-convex-deployment",
|
|
6277
|
+
"tenant-observability"
|
|
6278
|
+
],
|
|
6279
|
+
description: "Tenant-owned Langfuse API origin."
|
|
4960
6280
|
},
|
|
4961
6281
|
{
|
|
4962
|
-
|
|
4963
|
-
|
|
4964
|
-
|
|
6282
|
+
idSuffix: "graph.neo4j-uri",
|
|
6283
|
+
canonicalName: "NEO4J_URI",
|
|
6284
|
+
required: false,
|
|
6285
|
+
secret: false,
|
|
6286
|
+
public: false,
|
|
6287
|
+
consumers: [
|
|
6288
|
+
"tenant-vercel-app",
|
|
6289
|
+
"tenant-convex-deployment",
|
|
6290
|
+
"tenant-graph-sync"
|
|
6291
|
+
],
|
|
6292
|
+
description: "Tenant-owned Neo4j URI for product graph-sync."
|
|
4965
6293
|
},
|
|
4966
6294
|
{
|
|
4967
|
-
|
|
4968
|
-
|
|
4969
|
-
|
|
6295
|
+
idSuffix: "graph.neo4j-user",
|
|
6296
|
+
canonicalName: "NEO4J_USER",
|
|
6297
|
+
aliases: ["NEO4J_USERNAME"],
|
|
6298
|
+
required: false,
|
|
6299
|
+
secret: false,
|
|
6300
|
+
public: false,
|
|
6301
|
+
consumers: [
|
|
6302
|
+
"tenant-vercel-app",
|
|
6303
|
+
"tenant-convex-deployment",
|
|
6304
|
+
"tenant-graph-sync"
|
|
6305
|
+
],
|
|
6306
|
+
description: "Tenant-owned Neo4j user for product graph-sync."
|
|
4970
6307
|
},
|
|
4971
6308
|
{
|
|
4972
|
-
|
|
4973
|
-
|
|
4974
|
-
|
|
6309
|
+
idSuffix: "graph.neo4j-password",
|
|
6310
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
6311
|
+
required: false,
|
|
6312
|
+
secret: true,
|
|
6313
|
+
public: false,
|
|
6314
|
+
consumers: [
|
|
6315
|
+
"tenant-vercel-app",
|
|
6316
|
+
"tenant-convex-deployment",
|
|
6317
|
+
"tenant-graph-sync"
|
|
6318
|
+
],
|
|
6319
|
+
description: "Tenant-owned Neo4j password for product graph-sync."
|
|
4975
6320
|
},
|
|
4976
6321
|
{
|
|
4977
|
-
|
|
4978
|
-
|
|
4979
|
-
|
|
6322
|
+
idSuffix: "graph.neo4j-sync-secret",
|
|
6323
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
6324
|
+
required: false,
|
|
6325
|
+
secret: true,
|
|
6326
|
+
public: false,
|
|
6327
|
+
consumers: [
|
|
6328
|
+
"tenant-vercel-app",
|
|
6329
|
+
"tenant-convex-deployment",
|
|
6330
|
+
"tenant-graph-sync"
|
|
6331
|
+
],
|
|
6332
|
+
description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
|
|
4980
6333
|
},
|
|
4981
6334
|
{
|
|
4982
|
-
|
|
4983
|
-
|
|
4984
|
-
|
|
6335
|
+
idSuffix: "graph.neo4j-database",
|
|
6336
|
+
canonicalName: "NEO4J_DATABASE",
|
|
6337
|
+
required: false,
|
|
6338
|
+
secret: false,
|
|
6339
|
+
public: false,
|
|
6340
|
+
consumers: [
|
|
6341
|
+
"tenant-vercel-app",
|
|
6342
|
+
"tenant-convex-deployment",
|
|
6343
|
+
"tenant-graph-sync"
|
|
6344
|
+
],
|
|
6345
|
+
description: "Tenant-owned Neo4j database name for product graph-sync."
|
|
4985
6346
|
},
|
|
4986
6347
|
{
|
|
4987
|
-
|
|
4988
|
-
|
|
4989
|
-
|
|
6348
|
+
idSuffix: "vector.pinecone-api-key",
|
|
6349
|
+
canonicalName: "PINECONE_API_KEY",
|
|
6350
|
+
required: false,
|
|
6351
|
+
secret: true,
|
|
6352
|
+
public: false,
|
|
6353
|
+
consumers: [
|
|
6354
|
+
"tenant-vercel-app",
|
|
6355
|
+
"tenant-convex-deployment",
|
|
6356
|
+
"tenant-vector-store"
|
|
6357
|
+
],
|
|
6358
|
+
description: "Tenant-owned Pinecone API key for product vector search."
|
|
4990
6359
|
},
|
|
4991
6360
|
{
|
|
4992
|
-
|
|
4993
|
-
|
|
4994
|
-
|
|
6361
|
+
idSuffix: "vector.pinecone-index-name",
|
|
6362
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
6363
|
+
aliases: ["PINECONE_INDEX"],
|
|
6364
|
+
required: false,
|
|
6365
|
+
secret: false,
|
|
6366
|
+
public: false,
|
|
6367
|
+
consumers: [
|
|
6368
|
+
"tenant-vercel-app",
|
|
6369
|
+
"tenant-convex-deployment",
|
|
6370
|
+
"tenant-vector-store"
|
|
6371
|
+
],
|
|
6372
|
+
description: "Tenant-owned Pinecone index name for product vector search."
|
|
4995
6373
|
},
|
|
4996
6374
|
{
|
|
4997
|
-
|
|
4998
|
-
|
|
4999
|
-
|
|
6375
|
+
idSuffix: "vector.pinecone-host",
|
|
6376
|
+
canonicalName: "PINECONE_HOST",
|
|
6377
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
6378
|
+
required: false,
|
|
6379
|
+
secret: false,
|
|
6380
|
+
public: false,
|
|
6381
|
+
consumers: [
|
|
6382
|
+
"tenant-vercel-app",
|
|
6383
|
+
"tenant-convex-deployment",
|
|
6384
|
+
"tenant-vector-store"
|
|
6385
|
+
],
|
|
6386
|
+
description: "Tenant-owned Pinecone host for product vector search."
|
|
5000
6387
|
},
|
|
5001
6388
|
{
|
|
5002
|
-
|
|
5003
|
-
|
|
5004
|
-
|
|
6389
|
+
idSuffix: "vector.pinecone-namespace",
|
|
6390
|
+
canonicalName: "PINECONE_NAMESPACE",
|
|
6391
|
+
required: false,
|
|
6392
|
+
secret: false,
|
|
6393
|
+
public: false,
|
|
6394
|
+
consumers: [
|
|
6395
|
+
"tenant-vercel-app",
|
|
6396
|
+
"tenant-convex-deployment",
|
|
6397
|
+
"tenant-vector-store"
|
|
6398
|
+
],
|
|
6399
|
+
description: "Tenant-owned Pinecone namespace for product vector search isolation."
|
|
5005
6400
|
},
|
|
5006
6401
|
{
|
|
5007
|
-
|
|
5008
|
-
|
|
5009
|
-
|
|
6402
|
+
idSuffix: "storage.aws-access-key-id",
|
|
6403
|
+
canonicalName: "AWS_ACCESS_KEY_ID",
|
|
6404
|
+
required: false,
|
|
6405
|
+
secret: true,
|
|
6406
|
+
public: false,
|
|
6407
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6408
|
+
description: "Tenant-owned AWS access key id for document/file ingestion."
|
|
5010
6409
|
},
|
|
5011
6410
|
{
|
|
5012
|
-
|
|
5013
|
-
|
|
5014
|
-
|
|
6411
|
+
idSuffix: "storage.aws-secret-access-key",
|
|
6412
|
+
canonicalName: "AWS_SECRET_ACCESS_KEY",
|
|
6413
|
+
required: false,
|
|
6414
|
+
secret: true,
|
|
6415
|
+
public: false,
|
|
6416
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6417
|
+
description: "Tenant-owned AWS secret access key for document/file ingestion."
|
|
5015
6418
|
},
|
|
5016
6419
|
{
|
|
5017
|
-
|
|
5018
|
-
|
|
5019
|
-
|
|
6420
|
+
idSuffix: "storage.aws-region",
|
|
6421
|
+
canonicalName: "AWS_REGION",
|
|
6422
|
+
required: false,
|
|
6423
|
+
secret: false,
|
|
6424
|
+
public: false,
|
|
6425
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6426
|
+
description: "Tenant-owned AWS region for document/file ingestion."
|
|
5020
6427
|
},
|
|
5021
6428
|
{
|
|
5022
|
-
|
|
5023
|
-
|
|
5024
|
-
|
|
6429
|
+
idSuffix: "observability.sentry-dsn",
|
|
6430
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
|
|
6431
|
+
aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
|
|
6432
|
+
required: false,
|
|
6433
|
+
secret: false,
|
|
6434
|
+
public: true,
|
|
6435
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6436
|
+
description: "Tenant-owned Sentry DSN for app telemetry."
|
|
5025
6437
|
},
|
|
5026
6438
|
{
|
|
5027
|
-
|
|
5028
|
-
|
|
5029
|
-
|
|
6439
|
+
idSuffix: "observability.sentry-auth-token",
|
|
6440
|
+
canonicalName: "SENTRY_AUTH_TOKEN",
|
|
6441
|
+
required: false,
|
|
6442
|
+
secret: true,
|
|
6443
|
+
public: false,
|
|
6444
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6445
|
+
description: "Tenant-owned Sentry release token for app deployments."
|
|
5030
6446
|
},
|
|
5031
6447
|
{
|
|
5032
|
-
|
|
5033
|
-
|
|
5034
|
-
|
|
6448
|
+
idSuffix: "observability.sentry-org",
|
|
6449
|
+
canonicalName: "SENTRY_ORG",
|
|
6450
|
+
aliases: ["SENTRY_ORG_SLUG"],
|
|
6451
|
+
required: false,
|
|
6452
|
+
secret: false,
|
|
6453
|
+
public: false,
|
|
6454
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6455
|
+
description: "Tenant-owned Sentry org slug for release uploads."
|
|
5035
6456
|
},
|
|
5036
6457
|
{
|
|
5037
|
-
|
|
5038
|
-
|
|
5039
|
-
|
|
6458
|
+
idSuffix: "observability.sentry-project",
|
|
6459
|
+
canonicalName: "SENTRY_PROJECT",
|
|
6460
|
+
aliases: ["SENTRY_PROJECT_NEXTJS"],
|
|
6461
|
+
required: false,
|
|
6462
|
+
secret: false,
|
|
6463
|
+
public: false,
|
|
6464
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6465
|
+
description: "Tenant-owned Sentry project slug for release uploads."
|
|
5040
6466
|
},
|
|
5041
6467
|
{
|
|
5042
|
-
|
|
5043
|
-
|
|
5044
|
-
|
|
6468
|
+
idSuffix: "observability.sentry-environment",
|
|
6469
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
|
|
6470
|
+
aliases: ["SENTRY_ENVIRONMENT"],
|
|
6471
|
+
required: false,
|
|
6472
|
+
secret: false,
|
|
6473
|
+
public: true,
|
|
6474
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6475
|
+
description: "Tenant-owned Sentry environment label."
|
|
5045
6476
|
},
|
|
5046
6477
|
{
|
|
5047
|
-
|
|
5048
|
-
|
|
5049
|
-
|
|
6478
|
+
idSuffix: "observability.sentry-release",
|
|
6479
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
|
|
6480
|
+
aliases: ["SENTRY_RELEASE"],
|
|
6481
|
+
required: false,
|
|
6482
|
+
secret: false,
|
|
6483
|
+
public: true,
|
|
6484
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6485
|
+
description: "Tenant-owned Sentry release label."
|
|
6486
|
+
},
|
|
6487
|
+
{
|
|
6488
|
+
idSuffix: "observability.sentry-client-options",
|
|
6489
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
|
|
6490
|
+
aliases: [
|
|
6491
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
|
|
6492
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
|
|
6493
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
|
|
6494
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
|
|
6495
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
|
|
6496
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
|
|
6497
|
+
"NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
|
|
6498
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
|
|
6499
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
|
|
6500
|
+
"NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
|
|
6501
|
+
"NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
|
|
6502
|
+
],
|
|
6503
|
+
required: false,
|
|
6504
|
+
secret: false,
|
|
6505
|
+
public: true,
|
|
6506
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6507
|
+
description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
|
|
6508
|
+
},
|
|
6509
|
+
{
|
|
6510
|
+
idSuffix: "observability.sentry-webhook-secret",
|
|
6511
|
+
canonicalName: "SENTRY_WEBHOOK_SECRET",
|
|
6512
|
+
required: false,
|
|
6513
|
+
secret: true,
|
|
6514
|
+
public: false,
|
|
6515
|
+
consumers: ["tenant-convex-deployment", "tenant-observability"],
|
|
6516
|
+
description: "Tenant-owned Sentry webhook verification secret."
|
|
6517
|
+
},
|
|
6518
|
+
{
|
|
6519
|
+
idSuffix: "lucern.gateway-api-key",
|
|
6520
|
+
canonicalName: "LUCERN_API_KEY",
|
|
6521
|
+
aliases: ["STACK_API_KEY"],
|
|
6522
|
+
required: false,
|
|
6523
|
+
secret: true,
|
|
6524
|
+
public: false,
|
|
6525
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6526
|
+
description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
|
|
6527
|
+
},
|
|
6528
|
+
{
|
|
6529
|
+
idSuffix: "lucern.gateway-base-url",
|
|
6530
|
+
canonicalName: "LUCERN_BASE_URL",
|
|
6531
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
|
|
6532
|
+
required: false,
|
|
6533
|
+
secret: false,
|
|
6534
|
+
public: false,
|
|
6535
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6536
|
+
description: "Lucern/MC gateway base URL used by tenant product apps."
|
|
6537
|
+
},
|
|
6538
|
+
{
|
|
6539
|
+
idSuffix: "lucern.proxy-token-secret",
|
|
6540
|
+
canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
|
|
6541
|
+
required: false,
|
|
6542
|
+
secret: true,
|
|
6543
|
+
public: false,
|
|
6544
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6545
|
+
description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
|
|
6546
|
+
},
|
|
6547
|
+
{
|
|
6548
|
+
idSuffix: "tenant.integrations.linear-api-key",
|
|
6549
|
+
canonicalName: "LINEAR_API_KEY",
|
|
6550
|
+
required: false,
|
|
6551
|
+
secret: true,
|
|
6552
|
+
public: false,
|
|
6553
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6554
|
+
description: "Tenant-owned Linear API key for support/slash-command flows."
|
|
6555
|
+
},
|
|
6556
|
+
{
|
|
6557
|
+
idSuffix: "tenant.vercel.bypass-token",
|
|
6558
|
+
canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
|
|
6559
|
+
aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
|
|
6560
|
+
required: false,
|
|
6561
|
+
secret: true,
|
|
6562
|
+
public: false,
|
|
6563
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6564
|
+
description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
|
|
5050
6565
|
}
|
|
5051
6566
|
];
|
|
5052
|
-
|
|
5053
|
-
(
|
|
6567
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
|
|
6568
|
+
(system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
|
|
6569
|
+
).flatMap(
|
|
6570
|
+
(system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
|
|
6571
|
+
(template) => ({
|
|
6572
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6573
|
+
canonicalName: template.canonicalName,
|
|
6574
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6575
|
+
owner: "tenant",
|
|
6576
|
+
scope: "tenant",
|
|
6577
|
+
sourcePath: system.sharedSourcePath,
|
|
6578
|
+
environmentPolicy: "environment_specific",
|
|
6579
|
+
required: template.required,
|
|
6580
|
+
secret: template.secret,
|
|
6581
|
+
public: template.public,
|
|
6582
|
+
consumers: template.consumers,
|
|
6583
|
+
destinations: [
|
|
6584
|
+
{
|
|
6585
|
+
kind: "vercel",
|
|
6586
|
+
target: system.vercelProjectName,
|
|
6587
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6588
|
+
},
|
|
6589
|
+
{
|
|
6590
|
+
kind: "convex",
|
|
6591
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6592
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6593
|
+
},
|
|
6594
|
+
{
|
|
6595
|
+
kind: "github_actions",
|
|
6596
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6597
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6598
|
+
}
|
|
6599
|
+
],
|
|
6600
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6601
|
+
})
|
|
6602
|
+
)
|
|
6603
|
+
);
|
|
6604
|
+
function tenantVercelConvexUrlWriteNames(system) {
|
|
6605
|
+
const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
|
|
6606
|
+
if (system.id === "stack-eng") {
|
|
6607
|
+
return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6608
|
+
}
|
|
6609
|
+
return names;
|
|
6610
|
+
}
|
|
6611
|
+
function tenantRepositoryConvexUrlWriteNames(system) {
|
|
6612
|
+
if (system.id === "stack-eng") {
|
|
6613
|
+
return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6614
|
+
}
|
|
6615
|
+
return [system.convex.urlEnv];
|
|
6616
|
+
}
|
|
6617
|
+
function tenantRepositoryConvexDeployKeyWriteNames(system) {
|
|
6618
|
+
if (system.id === "stack-eng") {
|
|
6619
|
+
return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6620
|
+
}
|
|
6621
|
+
return [system.convex.deployKeyEnv];
|
|
6622
|
+
}
|
|
6623
|
+
function tenantConvexUrlAliases(system) {
|
|
6624
|
+
if (system.id === "stack-frontend") {
|
|
6625
|
+
return [
|
|
6626
|
+
"CONVEX_PROD_URL",
|
|
6627
|
+
"CONVEX_STACK_V2_PROD_URL",
|
|
6628
|
+
"CONVEX_STACK_V2_STAGING_URL",
|
|
6629
|
+
"STACK_CONVEX_URL"
|
|
6630
|
+
];
|
|
6631
|
+
}
|
|
6632
|
+
if (system.id === "stackos") {
|
|
6633
|
+
return [
|
|
6634
|
+
"CONVEX_CLOUD_URL",
|
|
6635
|
+
"CONVEX_STACK_URL",
|
|
6636
|
+
"CONVEX_URL",
|
|
6637
|
+
"CONVEX_URL_DEVELOPMENT",
|
|
6638
|
+
"CONVEX_URL_PRODUCTION",
|
|
6639
|
+
"STACK_CONVEX_URL"
|
|
6640
|
+
];
|
|
6641
|
+
}
|
|
6642
|
+
if (system.id === "stack-eng") {
|
|
6643
|
+
return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6644
|
+
}
|
|
6645
|
+
if (system.id === "lucern-graph") {
|
|
6646
|
+
return [
|
|
6647
|
+
"CONVEX_GRAPH_URL",
|
|
6648
|
+
"LUCERN_PROD_URL",
|
|
6649
|
+
"NEXT_PUBLIC_LUCERN_GRAPH_URL"
|
|
6650
|
+
];
|
|
6651
|
+
}
|
|
6652
|
+
return void 0;
|
|
6653
|
+
}
|
|
6654
|
+
function tenantConvexDeployKeyAliases(system) {
|
|
6655
|
+
if (system.id === "stack-frontend") {
|
|
6656
|
+
return [
|
|
6657
|
+
"CONVEX_STACK_V2_PROD_DEPLOY_KEY",
|
|
6658
|
+
"CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
|
|
6659
|
+
"STACK_DEPLOY_KEY"
|
|
6660
|
+
];
|
|
6661
|
+
}
|
|
6662
|
+
if (system.id === "stackos") {
|
|
6663
|
+
return [
|
|
6664
|
+
"CONVEX_DEPLOY_KEY",
|
|
6665
|
+
"CONVEX_DEV_DEPLOY_KEY",
|
|
6666
|
+
"CONVEX_PROD_DEPLOY_KEY",
|
|
6667
|
+
"CONVEX_STACK_DEPLOY_KEY",
|
|
6668
|
+
"STACK_DEPLOY_KEY"
|
|
6669
|
+
];
|
|
6670
|
+
}
|
|
6671
|
+
if (system.id === "stack-eng") {
|
|
6672
|
+
return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6673
|
+
}
|
|
6674
|
+
if (system.id === "lucern-graph") {
|
|
6675
|
+
return [
|
|
6676
|
+
"CONVEX_DEPLOY_KEY",
|
|
6677
|
+
"CONVEX_GRAPH_DEPLOY_KEY",
|
|
6678
|
+
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
6679
|
+
"LUCERN_DEV_DEPLOY_KEY",
|
|
6680
|
+
"LUCERN_PROD_DEPLOY_KEY"
|
|
6681
|
+
];
|
|
6682
|
+
}
|
|
6683
|
+
return void 0;
|
|
6684
|
+
}
|
|
6685
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6686
|
+
(system) => {
|
|
6687
|
+
if (system.id === "lucern-graph") {
|
|
6688
|
+
return [
|
|
6689
|
+
{
|
|
6690
|
+
id: "tenant.lucern-graph.public.tenant-id",
|
|
6691
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
|
|
6692
|
+
aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
|
|
6693
|
+
owner: "tenant",
|
|
6694
|
+
scope: "workspace",
|
|
6695
|
+
sourcePath: system.sharedSourcePath,
|
|
6696
|
+
environmentPolicy: "environment_specific",
|
|
6697
|
+
required: false,
|
|
6698
|
+
secret: false,
|
|
6699
|
+
public: true,
|
|
6700
|
+
consumers: ["tenant-vercel-app"],
|
|
6701
|
+
destinations: [
|
|
6702
|
+
{
|
|
6703
|
+
kind: "vercel",
|
|
6704
|
+
target: system.vercelProjectName,
|
|
6705
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6706
|
+
}
|
|
6707
|
+
],
|
|
6708
|
+
description: "Lucern graph public tenant id used by the standalone graph explorer."
|
|
6709
|
+
},
|
|
6710
|
+
{
|
|
6711
|
+
id: "tenant.lucern-graph.public.tenant-label",
|
|
6712
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
|
|
6713
|
+
owner: "tenant",
|
|
6714
|
+
scope: "workspace",
|
|
6715
|
+
sourcePath: system.sharedSourcePath,
|
|
6716
|
+
environmentPolicy: "environment_specific",
|
|
6717
|
+
required: false,
|
|
6718
|
+
secret: false,
|
|
6719
|
+
public: true,
|
|
6720
|
+
consumers: ["tenant-vercel-app"],
|
|
6721
|
+
destinations: [
|
|
6722
|
+
{
|
|
6723
|
+
kind: "vercel",
|
|
6724
|
+
target: system.vercelProjectName,
|
|
6725
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6726
|
+
}
|
|
6727
|
+
],
|
|
6728
|
+
description: "Lucern graph public tenant label used by the standalone graph explorer."
|
|
6729
|
+
}
|
|
6730
|
+
];
|
|
6731
|
+
}
|
|
6732
|
+
if (system.id === "stack-eng") {
|
|
6733
|
+
return [
|
|
6734
|
+
{
|
|
6735
|
+
id: "tenant.stack-eng.public.tenant-id",
|
|
6736
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
|
|
6737
|
+
owner: "tenant",
|
|
6738
|
+
scope: "workspace",
|
|
6739
|
+
sourcePath: system.sharedSourcePath,
|
|
6740
|
+
environmentPolicy: "environment_specific",
|
|
6741
|
+
required: false,
|
|
6742
|
+
secret: false,
|
|
6743
|
+
public: true,
|
|
6744
|
+
consumers: ["tenant-vercel-app"],
|
|
6745
|
+
destinations: [
|
|
6746
|
+
{
|
|
6747
|
+
kind: "vercel",
|
|
6748
|
+
target: system.vercelProjectName,
|
|
6749
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6750
|
+
}
|
|
6751
|
+
],
|
|
6752
|
+
description: "Stack engineering graph public tenant id used by the graph explorer."
|
|
6753
|
+
},
|
|
6754
|
+
{
|
|
6755
|
+
id: "tenant.stack-eng.public.tenant-label",
|
|
6756
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
|
|
6757
|
+
owner: "tenant",
|
|
6758
|
+
scope: "workspace",
|
|
6759
|
+
sourcePath: system.sharedSourcePath,
|
|
6760
|
+
environmentPolicy: "environment_specific",
|
|
6761
|
+
required: false,
|
|
6762
|
+
secret: false,
|
|
6763
|
+
public: true,
|
|
6764
|
+
consumers: ["tenant-vercel-app"],
|
|
6765
|
+
destinations: [
|
|
6766
|
+
{
|
|
6767
|
+
kind: "vercel",
|
|
6768
|
+
target: system.vercelProjectName,
|
|
6769
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6770
|
+
}
|
|
6771
|
+
],
|
|
6772
|
+
description: "Stack engineering graph public tenant label used by the graph explorer."
|
|
6773
|
+
},
|
|
6774
|
+
{
|
|
6775
|
+
id: "tenant.stack-eng.public.environment",
|
|
6776
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
|
|
6777
|
+
owner: "tenant",
|
|
6778
|
+
scope: "workspace",
|
|
6779
|
+
sourcePath: system.sharedSourcePath,
|
|
6780
|
+
environmentPolicy: "environment_specific",
|
|
6781
|
+
required: false,
|
|
6782
|
+
secret: false,
|
|
6783
|
+
public: true,
|
|
6784
|
+
consumers: ["tenant-vercel-app"],
|
|
6785
|
+
destinations: [
|
|
6786
|
+
{
|
|
6787
|
+
kind: "vercel",
|
|
6788
|
+
target: system.vercelProjectName,
|
|
6789
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6790
|
+
}
|
|
6791
|
+
],
|
|
6792
|
+
description: "Stack engineering graph public environment label used by the graph explorer."
|
|
6793
|
+
}
|
|
6794
|
+
];
|
|
6795
|
+
}
|
|
6796
|
+
return [];
|
|
6797
|
+
}
|
|
5054
6798
|
);
|
|
6799
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
|
|
6800
|
+
{
|
|
6801
|
+
id: `tenant.${system.id}.convex.url`,
|
|
6802
|
+
canonicalName: system.convex.urlEnv,
|
|
6803
|
+
aliases: tenantConvexUrlAliases(system),
|
|
6804
|
+
owner: "tenant",
|
|
6805
|
+
scope: "software_system",
|
|
6806
|
+
sourcePath: system.sharedSourcePath,
|
|
6807
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6808
|
+
required: true,
|
|
6809
|
+
secret: false,
|
|
6810
|
+
public: false,
|
|
6811
|
+
consumers: [
|
|
6812
|
+
"tenant-vercel-app",
|
|
6813
|
+
"tenant-agent-runtime",
|
|
6814
|
+
"mc-operator-tooling"
|
|
6815
|
+
],
|
|
6816
|
+
destinations: [
|
|
6817
|
+
{
|
|
6818
|
+
kind: "vercel",
|
|
6819
|
+
target: system.vercelProjectName,
|
|
6820
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6821
|
+
writeNames: tenantVercelConvexUrlWriteNames(system)
|
|
6822
|
+
},
|
|
6823
|
+
{
|
|
6824
|
+
kind: "github_actions",
|
|
6825
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6826
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6827
|
+
writeNames: tenantRepositoryConvexUrlWriteNames(system),
|
|
6828
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6829
|
+
}
|
|
6830
|
+
],
|
|
6831
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
|
|
6832
|
+
},
|
|
6833
|
+
{
|
|
6834
|
+
id: `tenant.${system.id}.convex.deploy-key`,
|
|
6835
|
+
canonicalName: system.convex.deployKeyEnv,
|
|
6836
|
+
aliases: tenantConvexDeployKeyAliases(system),
|
|
6837
|
+
owner: "tenant",
|
|
6838
|
+
scope: "software_system",
|
|
6839
|
+
sourcePath: system.sharedSourcePath,
|
|
6840
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6841
|
+
required: true,
|
|
6842
|
+
secret: true,
|
|
6843
|
+
public: false,
|
|
6844
|
+
consumers: [
|
|
6845
|
+
"tenant-vercel-app",
|
|
6846
|
+
"tenant-agent-runtime",
|
|
6847
|
+
"mc-operator-tooling"
|
|
6848
|
+
],
|
|
6849
|
+
destinations: [
|
|
6850
|
+
{
|
|
6851
|
+
kind: "vercel",
|
|
6852
|
+
target: system.vercelProjectName,
|
|
6853
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6854
|
+
},
|
|
6855
|
+
{
|
|
6856
|
+
kind: "github_actions",
|
|
6857
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6858
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6859
|
+
writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
|
|
6860
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6861
|
+
}
|
|
6862
|
+
],
|
|
6863
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
|
|
6864
|
+
}
|
|
6865
|
+
]);
|
|
5055
6866
|
z.object({
|
|
5056
6867
|
manifestVersion: z.literal("1.0.0"),
|
|
5057
6868
|
rules: z.array(
|
|
@@ -5092,7 +6903,7 @@ var createEvidenceInputSchemaBase = z.object({
|
|
|
5092
6903
|
targetId: z.string().optional(),
|
|
5093
6904
|
targetNodeId: z.string().optional(),
|
|
5094
6905
|
linkedBeliefNodeId: z.string().optional(),
|
|
5095
|
-
evidenceRelation: z.enum(["supports", "contradicts"
|
|
6906
|
+
evidenceRelation: z.enum(["supports", "contradicts"]).optional(),
|
|
5096
6907
|
confidence: z.number().optional(),
|
|
5097
6908
|
weight: z.number().optional(),
|
|
5098
6909
|
reasoning: z.string().optional(),
|
|
@@ -5177,8 +6988,7 @@ var createEvidenceProjection = defineProjection({
|
|
|
5177
6988
|
evidenceRelation: v.optional(
|
|
5178
6989
|
v.union(
|
|
5179
6990
|
v.literal("supports"),
|
|
5180
|
-
v.literal("contradicts")
|
|
5181
|
-
v.literal("neutral")
|
|
6991
|
+
v.literal("contradicts")
|
|
5182
6992
|
)
|
|
5183
6993
|
),
|
|
5184
6994
|
confidence: v.optional(v.number()),
|
|
@@ -5227,12 +7037,17 @@ var listBeliefsProjection = defineProjection({
|
|
|
5227
7037
|
});
|
|
5228
7038
|
var taskStatusSchema = z.enum(["todo", "in_progress", "blocked", "done"]).optional().describe("Filter by task status");
|
|
5229
7039
|
var listTasksInputSchema = z.object({
|
|
5230
|
-
topicId: z.string().describe("Topic scope"),
|
|
7040
|
+
topicId: z.string().optional().describe("Topic scope"),
|
|
5231
7041
|
worktreeId: z.string().optional().describe("Alias for linkedWorktreeId"),
|
|
5232
7042
|
linkedWorktreeId: z.string().optional().describe("Filter to tasks linked to this worktree"),
|
|
5233
7043
|
status: taskStatusSchema,
|
|
5234
7044
|
limit: z.number().optional().describe("Maximum results")
|
|
5235
|
-
})
|
|
7045
|
+
}).refine(
|
|
7046
|
+
(input) => Boolean(input.topicId || input.worktreeId || input.linkedWorktreeId),
|
|
7047
|
+
{
|
|
7048
|
+
message: "topicId or worktreeId is required"
|
|
7049
|
+
}
|
|
7050
|
+
);
|
|
5236
7051
|
function compactRecord3(input) {
|
|
5237
7052
|
return Object.fromEntries(
|
|
5238
7053
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
@@ -5249,7 +7064,7 @@ var listTasksProjection = defineProjection({
|
|
|
5249
7064
|
linkedWorktreeId: input.linkedWorktreeId ?? input.worktreeId
|
|
5250
7065
|
}),
|
|
5251
7066
|
convexArgsValidator: v.object({
|
|
5252
|
-
topicId: v.string(),
|
|
7067
|
+
topicId: v.optional(v.string()),
|
|
5253
7068
|
status: v.optional(
|
|
5254
7069
|
v.union(
|
|
5255
7070
|
v.literal("todo"),
|
|
@@ -6253,7 +8068,7 @@ var CREATE_EDGE = {
|
|
|
6253
8068
|
reasoningMethod: {
|
|
6254
8069
|
type: "string",
|
|
6255
8070
|
description: "How this was determined",
|
|
6256
|
-
enum: [
|
|
8071
|
+
enum: [...REASONING_METHODS]
|
|
6257
8072
|
},
|
|
6258
8073
|
metadata: {
|
|
6259
8074
|
type: "object",
|
|
@@ -7980,6 +9795,10 @@ var CREATE_TASK = {
|
|
|
7980
9795
|
tags: {
|
|
7981
9796
|
type: "array",
|
|
7982
9797
|
description: "Free-form string tags"
|
|
9798
|
+
},
|
|
9799
|
+
metadata: {
|
|
9800
|
+
type: "object",
|
|
9801
|
+
description: "Structured task metadata for handoff context and routing hints"
|
|
7983
9802
|
}
|
|
7984
9803
|
},
|
|
7985
9804
|
required: ["title"],
|
|
@@ -8053,6 +9872,10 @@ var UPDATE_TASK = {
|
|
|
8053
9872
|
type: "string",
|
|
8054
9873
|
description: "Updated status",
|
|
8055
9874
|
enum: ["todo", "in_progress", "blocked", "done"]
|
|
9875
|
+
},
|
|
9876
|
+
metadata: {
|
|
9877
|
+
type: "object",
|
|
9878
|
+
description: "Structured task metadata to replace or refine"
|
|
8056
9879
|
}
|
|
8057
9880
|
},
|
|
8058
9881
|
required: ["taskId"],
|
|
@@ -9508,6 +11331,9 @@ var BEGIN_BUILD_SESSION = {
|
|
|
9508
11331
|
sessionMode: "string \u2014 async | interactive",
|
|
9509
11332
|
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
9510
11333
|
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
11334
|
+
taskIds: "array \u2014 assigned task IDs for this worktree",
|
|
11335
|
+
incompleteTaskIds: "array \u2014 assigned task IDs that still require done/deferred/blocked proof",
|
|
11336
|
+
tasks: "array \u2014 assigned task packet with id, title, status, priority, links, and summaries",
|
|
9511
11337
|
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
9512
11338
|
openQuestions: "array \u2014 open scoped questions",
|
|
9513
11339
|
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
@@ -10108,12 +11934,20 @@ function unwrapMcpParameterSchema(schema) {
|
|
|
10108
11934
|
current = current._def.schema;
|
|
10109
11935
|
continue;
|
|
10110
11936
|
default:
|
|
10111
|
-
return {
|
|
11937
|
+
return {
|
|
11938
|
+
schema: current,
|
|
11939
|
+
required,
|
|
11940
|
+
description: description ?? current.description
|
|
11941
|
+
};
|
|
10112
11942
|
}
|
|
10113
11943
|
}
|
|
10114
11944
|
}
|
|
10115
11945
|
function mcpParameterFromZod(fieldName, schema, contractName) {
|
|
10116
|
-
const {
|
|
11946
|
+
const {
|
|
11947
|
+
schema: unwrapped,
|
|
11948
|
+
required,
|
|
11949
|
+
description: schemaDescription
|
|
11950
|
+
} = unwrapMcpParameterSchema(schema);
|
|
10117
11951
|
const description = schemaDescription ?? unwrapped.description ?? fieldName;
|
|
10118
11952
|
switch (unwrapped._def.typeName) {
|
|
10119
11953
|
case z.ZodFirstPartyTypeKind.ZodString:
|
|
@@ -10158,10 +11992,12 @@ function mcpContractFromArgsSchema(base, args, contractName) {
|
|
|
10158
11992
|
const entries2 = Object.entries(getObjectShape(args)).sort(
|
|
10159
11993
|
([left], [right]) => left.localeCompare(right)
|
|
10160
11994
|
);
|
|
10161
|
-
const converted = entries2.map(
|
|
10162
|
-
fieldName,
|
|
10163
|
-
|
|
10164
|
-
|
|
11995
|
+
const converted = entries2.map(
|
|
11996
|
+
([fieldName, schema]) => [
|
|
11997
|
+
fieldName,
|
|
11998
|
+
mcpParameterFromZod(fieldName, schema, contractName)
|
|
11999
|
+
]
|
|
12000
|
+
);
|
|
10165
12001
|
return {
|
|
10166
12002
|
...base,
|
|
10167
12003
|
parameters: Object.fromEntries(
|
|
@@ -10273,6 +12109,7 @@ function surfaceContract(args) {
|
|
|
10273
12109
|
allowedPrincipalTypes: ["user", "service", "agent"]
|
|
10274
12110
|
},
|
|
10275
12111
|
convex: args.convex,
|
|
12112
|
+
gateway: args.gateway,
|
|
10276
12113
|
args: canonicalArgs,
|
|
10277
12114
|
returns: canonicalReturns,
|
|
10278
12115
|
input,
|
|
@@ -10759,7 +12596,7 @@ var beliefsContracts = [
|
|
|
10759
12596
|
})
|
|
10760
12597
|
];
|
|
10761
12598
|
var jsonRecordSchema4 = z.record(z.unknown());
|
|
10762
|
-
var evidenceRelationSchema = z.enum(["supports", "contradicts"
|
|
12599
|
+
var evidenceRelationSchema = z.enum(["supports", "contradicts"]);
|
|
10763
12600
|
var createEvidenceArgs = z.object({
|
|
10764
12601
|
topicId: z.string().optional().describe("Topic scope for the evidence."),
|
|
10765
12602
|
text: z.string().describe("Canonical evidence text."),
|
|
@@ -12682,7 +14519,8 @@ var createTaskArgs = z.object({
|
|
|
12682
14519
|
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
12683
14520
|
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
12684
14521
|
dueDate: z.number().optional().describe("Due date as epoch milliseconds."),
|
|
12685
|
-
tags: z.array(z.string()).optional().describe("Free-form tags.")
|
|
14522
|
+
tags: z.array(z.string()).optional().describe("Free-form tags."),
|
|
14523
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
12686
14524
|
});
|
|
12687
14525
|
var createTaskInput = (input) => compactRecord4({
|
|
12688
14526
|
title: input.title,
|
|
@@ -12696,7 +14534,8 @@ var createTaskInput = (input) => compactRecord4({
|
|
|
12696
14534
|
linkedQuestionId: input.linkedQuestionId,
|
|
12697
14535
|
assigneeId: input.assigneeId,
|
|
12698
14536
|
dueDate: input.dueDate,
|
|
12699
|
-
tags: input.tags
|
|
14537
|
+
tags: input.tags,
|
|
14538
|
+
metadata: input.metadata
|
|
12700
14539
|
});
|
|
12701
14540
|
var taskInput = (input) => compactRecord4({
|
|
12702
14541
|
...input,
|
|
@@ -12713,8 +14552,7 @@ var taskTopicInput = (input) => {
|
|
|
12713
14552
|
};
|
|
12714
14553
|
var completeTaskInput = (input) => compactRecord4({
|
|
12715
14554
|
taskId: input.taskId ?? input.id,
|
|
12716
|
-
outputSummary: input.outputSummary ?? input.summary
|
|
12717
|
-
userId: input.userId
|
|
14555
|
+
outputSummary: input.outputSummary ?? input.summary
|
|
12718
14556
|
});
|
|
12719
14557
|
var tasksContracts = [
|
|
12720
14558
|
surfaceContract({
|
|
@@ -12732,6 +14570,7 @@ var tasksContracts = [
|
|
|
12732
14570
|
kind: "mutation",
|
|
12733
14571
|
inputProjection: createTaskInput
|
|
12734
14572
|
},
|
|
14573
|
+
gateway: { handler: "tasks.create" },
|
|
12735
14574
|
args: createTaskArgs
|
|
12736
14575
|
}),
|
|
12737
14576
|
surfaceContract({
|
|
@@ -12750,6 +14589,7 @@ var tasksContracts = [
|
|
|
12750
14589
|
kind: "query",
|
|
12751
14590
|
inputProjection: taskTopicInput
|
|
12752
14591
|
},
|
|
14592
|
+
gateway: { handler: "tasks.list" },
|
|
12753
14593
|
args: listTasksInputSchema
|
|
12754
14594
|
}),
|
|
12755
14595
|
surfaceContract({
|
|
@@ -12767,7 +14607,8 @@ var tasksContracts = [
|
|
|
12767
14607
|
functionName: "update",
|
|
12768
14608
|
kind: "mutation",
|
|
12769
14609
|
inputProjection: taskInput
|
|
12770
|
-
}
|
|
14610
|
+
},
|
|
14611
|
+
gateway: { handler: "tasks.update" }
|
|
12771
14612
|
}),
|
|
12772
14613
|
surfaceContract({
|
|
12773
14614
|
name: "complete_task",
|
|
@@ -12783,12 +14624,14 @@ var tasksContracts = [
|
|
|
12783
14624
|
functionName: "complete",
|
|
12784
14625
|
kind: "mutation",
|
|
12785
14626
|
inputProjection: completeTaskInput
|
|
12786
|
-
}
|
|
14627
|
+
},
|
|
14628
|
+
gateway: { handler: "tasks.complete" }
|
|
12787
14629
|
})
|
|
12788
14630
|
];
|
|
12789
14631
|
var CREATE_EDGE_TYPES = edgePolicyManifest.policies.map(
|
|
12790
14632
|
(policy) => policy.edgeType
|
|
12791
14633
|
);
|
|
14634
|
+
var REASONING_METHOD_TYPES = [...REASONING_METHODS];
|
|
12792
14635
|
var createEdgeArgs = z.object({
|
|
12793
14636
|
from: GraphRefSchema,
|
|
12794
14637
|
to: GraphRefSchema,
|
|
@@ -12798,6 +14641,7 @@ var createEdgeArgs = z.object({
|
|
|
12798
14641
|
confidence: z.number().optional(),
|
|
12799
14642
|
context: z.string().optional(),
|
|
12800
14643
|
reasoning: z.string().optional(),
|
|
14644
|
+
reasoningMethod: z.enum(REASONING_METHOD_TYPES).optional(),
|
|
12801
14645
|
derivationType: z.string().optional(),
|
|
12802
14646
|
metadata: z.record(z.unknown()).optional(),
|
|
12803
14647
|
topicId: z.string().optional(),
|
|
@@ -12876,6 +14720,7 @@ var edgesContracts = [
|
|
|
12876
14720
|
weight: parsed.weight,
|
|
12877
14721
|
confidence: parsed.confidence,
|
|
12878
14722
|
context: parsed.context ?? parsed.reasoning,
|
|
14723
|
+
reasoningMethod: parsed.reasoningMethod,
|
|
12879
14724
|
derivationType: parsed.derivationType,
|
|
12880
14725
|
metadata: parsed.metadata,
|
|
12881
14726
|
skipLayerValidation: true,
|
|
@@ -13000,6 +14845,7 @@ var edgesContracts = [
|
|
|
13000
14845
|
weight: edge.weight,
|
|
13001
14846
|
confidence: edge.confidence,
|
|
13002
14847
|
context: edge.context ?? edge.reasoning,
|
|
14848
|
+
reasoningMethod: edge.reasoningMethod,
|
|
13003
14849
|
derivationType: edge.derivationType,
|
|
13004
14850
|
metadata: edge.metadata,
|
|
13005
14851
|
topicId: edge.topicId
|
|
@@ -13734,6 +15580,69 @@ var pipelineContracts = [
|
|
|
13734
15580
|
}
|
|
13735
15581
|
})
|
|
13736
15582
|
];
|
|
15583
|
+
function isRecord3(value) {
|
|
15584
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
15585
|
+
}
|
|
15586
|
+
function stringValues(value) {
|
|
15587
|
+
if (typeof value === "string") {
|
|
15588
|
+
return [value];
|
|
15589
|
+
}
|
|
15590
|
+
if (Array.isArray(value)) {
|
|
15591
|
+
return value.flatMap((item) => stringValues(item));
|
|
15592
|
+
}
|
|
15593
|
+
return [];
|
|
15594
|
+
}
|
|
15595
|
+
function nestedEvidenceRows(value) {
|
|
15596
|
+
if (Array.isArray(value)) {
|
|
15597
|
+
return value.flatMap((item) => nestedEvidenceRows(item));
|
|
15598
|
+
}
|
|
15599
|
+
if (!isRecord3(value)) {
|
|
15600
|
+
return [];
|
|
15601
|
+
}
|
|
15602
|
+
const nestedKeys = ["evidence", "items", "nodes"];
|
|
15603
|
+
const nestedRows = nestedKeys.flatMap((key) => nestedEvidenceRows(value[key]));
|
|
15604
|
+
return nestedRows.length > 0 ? nestedRows : [value];
|
|
15605
|
+
}
|
|
15606
|
+
function isFailedAttemptRow(row) {
|
|
15607
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15608
|
+
return metadata?.failedApproach === true || metadata?.isFailedAttempt === true;
|
|
15609
|
+
}
|
|
15610
|
+
function failureLogSearchFields(row) {
|
|
15611
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15612
|
+
return [
|
|
15613
|
+
...stringValues(row.id),
|
|
15614
|
+
...stringValues(row._id),
|
|
15615
|
+
...stringValues(row.title),
|
|
15616
|
+
...stringValues(row.text),
|
|
15617
|
+
...stringValues(row.canonicalText),
|
|
15618
|
+
...stringValues(row.content),
|
|
15619
|
+
...stringValues(metadata?.codeAnchor),
|
|
15620
|
+
...stringValues(metadata?.codeAnchors),
|
|
15621
|
+
...stringValues(metadata?.anchor),
|
|
15622
|
+
...stringValues(metadata?.anchors),
|
|
15623
|
+
...stringValues(metadata?.filePath),
|
|
15624
|
+
...stringValues(metadata?.filePaths),
|
|
15625
|
+
...stringValues(metadata?.path),
|
|
15626
|
+
...stringValues(metadata?.paths),
|
|
15627
|
+
...stringValues(metadata?.sourceRef),
|
|
15628
|
+
...stringValues(metadata?.touchedPaths)
|
|
15629
|
+
];
|
|
15630
|
+
}
|
|
15631
|
+
function projectFailureLog(output, input) {
|
|
15632
|
+
const rawQuery = typeof input.query === "string" && input.query.trim().length > 0 ? input.query.trim() : void 0;
|
|
15633
|
+
const searchKey = rawQuery?.toLowerCase();
|
|
15634
|
+
const failures = nestedEvidenceRows(output).filter((row) => isFailedAttemptRow(row)).filter(
|
|
15635
|
+
(row) => !searchKey ? true : failureLogSearchFields(row).some(
|
|
15636
|
+
(field) => field.toLowerCase().includes(searchKey)
|
|
15637
|
+
)
|
|
15638
|
+
);
|
|
15639
|
+
return {
|
|
15640
|
+
query: rawQuery,
|
|
15641
|
+
failures,
|
|
15642
|
+
totalFound: failures.length,
|
|
15643
|
+
showing: failures.length
|
|
15644
|
+
};
|
|
15645
|
+
}
|
|
13737
15646
|
var recordScopeLearningArgs = z.object({
|
|
13738
15647
|
topicId: z.string().optional().describe("Topic scope ID"),
|
|
13739
15648
|
summary: z.string().describe("Atomic learning statement"),
|
|
@@ -13823,6 +15732,8 @@ var attemptInput = (input, context) => withUserId(
|
|
|
13823
15732
|
tags: ["code_attempt"],
|
|
13824
15733
|
metadata: compactRecord4({
|
|
13825
15734
|
...recordValue2(input.metadata),
|
|
15735
|
+
failedApproach: true,
|
|
15736
|
+
isFailedAttempt: true,
|
|
13826
15737
|
filePaths: input.filePaths,
|
|
13827
15738
|
filePath: input.filePath,
|
|
13828
15739
|
errorMessage: input.errorMessage,
|
|
@@ -13953,7 +15864,8 @@ var codingContracts = [
|
|
|
13953
15864
|
limit: input.limit,
|
|
13954
15865
|
status: input.status,
|
|
13955
15866
|
userId: input.userId
|
|
13956
|
-
})
|
|
15867
|
+
}),
|
|
15868
|
+
outputProjection: (output, input) => projectFailureLog(output, input)
|
|
13957
15869
|
}
|
|
13958
15870
|
})
|
|
13959
15871
|
];
|
|
@@ -14415,14 +16327,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14415
16327
|
description: "Worktrees are tenant/runtime planning data."
|
|
14416
16328
|
},
|
|
14417
16329
|
{
|
|
14418
|
-
component: "
|
|
16330
|
+
component: "control-plane",
|
|
14419
16331
|
table: "agents",
|
|
14420
16332
|
prepopulation: "runtime_bootstrap",
|
|
14421
16333
|
copyMode: "none",
|
|
14422
16334
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
14423
16335
|
},
|
|
14424
16336
|
{
|
|
14425
|
-
component: "
|
|
16337
|
+
component: "control-plane",
|
|
14426
16338
|
table: "mcpWritePolicy",
|
|
14427
16339
|
prepopulation: "required_template",
|
|
14428
16340
|
copyMode: "template_global",
|
|
@@ -14431,14 +16343,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14431
16343
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
14432
16344
|
},
|
|
14433
16345
|
{
|
|
14434
|
-
component: "
|
|
16346
|
+
component: "control-plane",
|
|
14435
16347
|
table: "modelCallLogs",
|
|
14436
16348
|
prepopulation: "runtime_log",
|
|
14437
16349
|
copyMode: "none",
|
|
14438
16350
|
description: "Model call logs are runtime telemetry."
|
|
14439
16351
|
},
|
|
14440
16352
|
{
|
|
14441
|
-
component: "
|
|
16353
|
+
component: "control-plane",
|
|
14442
16354
|
table: "modelFunctionSlots",
|
|
14443
16355
|
prepopulation: "required_template",
|
|
14444
16356
|
copyMode: "template_global",
|
|
@@ -14447,7 +16359,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14447
16359
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
14448
16360
|
},
|
|
14449
16361
|
{
|
|
14450
|
-
component: "
|
|
16362
|
+
component: "control-plane",
|
|
14451
16363
|
table: "modelRegistry",
|
|
14452
16364
|
prepopulation: "required_template",
|
|
14453
16365
|
copyMode: "template_global",
|
|
@@ -14456,7 +16368,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14456
16368
|
description: "Model catalog defaults are required by model runtime clients."
|
|
14457
16369
|
},
|
|
14458
16370
|
{
|
|
14459
|
-
component: "
|
|
16371
|
+
component: "control-plane",
|
|
14460
16372
|
table: "modelSlotConfigs",
|
|
14461
16373
|
prepopulation: "required_template",
|
|
14462
16374
|
copyMode: "template_global",
|
|
@@ -14465,14 +16377,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14465
16377
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
14466
16378
|
},
|
|
14467
16379
|
{
|
|
14468
|
-
component: "
|
|
16380
|
+
component: "control-plane",
|
|
16381
|
+
table: "permitAccessReviewItems",
|
|
16382
|
+
prepopulation: "runtime_data",
|
|
16383
|
+
copyMode: "none",
|
|
16384
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
16385
|
+
},
|
|
16386
|
+
{
|
|
16387
|
+
component: "control-plane",
|
|
16388
|
+
table: "permitAccessReviews",
|
|
16389
|
+
prepopulation: "runtime_data",
|
|
16390
|
+
copyMode: "none",
|
|
16391
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
16392
|
+
},
|
|
16393
|
+
{
|
|
16394
|
+
component: "control-plane",
|
|
16395
|
+
table: "permitAttributeBindings",
|
|
16396
|
+
prepopulation: "runtime_data",
|
|
16397
|
+
copyMode: "none",
|
|
16398
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
16399
|
+
},
|
|
16400
|
+
{
|
|
16401
|
+
component: "control-plane",
|
|
16402
|
+
table: "permitGroups",
|
|
16403
|
+
prepopulation: "runtime_data",
|
|
16404
|
+
copyMode: "none",
|
|
16405
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
16406
|
+
},
|
|
16407
|
+
{
|
|
16408
|
+
component: "control-plane",
|
|
16409
|
+
table: "permitGroupMemberships",
|
|
16410
|
+
prepopulation: "runtime_data",
|
|
16411
|
+
copyMode: "none",
|
|
16412
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
16413
|
+
},
|
|
16414
|
+
{
|
|
16415
|
+
component: "control-plane",
|
|
16416
|
+
table: "permitPolicyBundles",
|
|
16417
|
+
prepopulation: "runtime_derived",
|
|
16418
|
+
copyMode: "none",
|
|
16419
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
16420
|
+
},
|
|
16421
|
+
{
|
|
16422
|
+
component: "control-plane",
|
|
16423
|
+
table: "permitPolicyDecisionReceipts",
|
|
16424
|
+
prepopulation: "runtime_log",
|
|
16425
|
+
copyMode: "none",
|
|
16426
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
16427
|
+
},
|
|
16428
|
+
{
|
|
16429
|
+
component: "control-plane",
|
|
16430
|
+
table: "permitPrincipalAliases",
|
|
16431
|
+
prepopulation: "runtime_data",
|
|
16432
|
+
copyMode: "none",
|
|
16433
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
16434
|
+
},
|
|
16435
|
+
{
|
|
16436
|
+
component: "control-plane",
|
|
16437
|
+
table: "permitPrincipals",
|
|
16438
|
+
prepopulation: "runtime_data",
|
|
16439
|
+
copyMode: "none",
|
|
16440
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
16441
|
+
},
|
|
16442
|
+
{
|
|
16443
|
+
component: "control-plane",
|
|
16444
|
+
table: "permitProjectionOutbox",
|
|
16445
|
+
prepopulation: "runtime_queue",
|
|
16446
|
+
copyMode: "none",
|
|
16447
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
16448
|
+
},
|
|
16449
|
+
{
|
|
16450
|
+
component: "control-plane",
|
|
16451
|
+
table: "permitRelationshipTuples",
|
|
16452
|
+
prepopulation: "runtime_data",
|
|
16453
|
+
copyMode: "none",
|
|
16454
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
16455
|
+
},
|
|
16456
|
+
{
|
|
16457
|
+
component: "control-plane",
|
|
16458
|
+
table: "permitResourceInstances",
|
|
16459
|
+
prepopulation: "runtime_data",
|
|
16460
|
+
copyMode: "none",
|
|
16461
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
16462
|
+
},
|
|
16463
|
+
{
|
|
16464
|
+
component: "control-plane",
|
|
16465
|
+
table: "permitRoleAssignments",
|
|
16466
|
+
prepopulation: "runtime_data",
|
|
16467
|
+
copyMode: "none",
|
|
16468
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
16469
|
+
},
|
|
16470
|
+
{
|
|
16471
|
+
component: "control-plane",
|
|
14469
16472
|
table: "platformAudienceGrants",
|
|
14470
16473
|
prepopulation: "runtime_data",
|
|
14471
16474
|
copyMode: "none",
|
|
14472
16475
|
description: "Audience grants are principal/group-specific access rows."
|
|
14473
16476
|
},
|
|
14474
16477
|
{
|
|
14475
|
-
component: "
|
|
16478
|
+
component: "control-plane",
|
|
14476
16479
|
table: "platformAudiences",
|
|
14477
16480
|
prepopulation: "required_template",
|
|
14478
16481
|
copyMode: "template_tenant_rewrite",
|
|
@@ -14481,35 +16484,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14481
16484
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
14482
16485
|
},
|
|
14483
16486
|
{
|
|
14484
|
-
component: "
|
|
16487
|
+
component: "control-plane",
|
|
14485
16488
|
table: "platformPolicyDecisionLogs",
|
|
14486
16489
|
prepopulation: "runtime_log",
|
|
14487
16490
|
copyMode: "none",
|
|
14488
16491
|
description: "Policy decisions are runtime audit logs."
|
|
14489
16492
|
},
|
|
14490
16493
|
{
|
|
14491
|
-
component: "
|
|
16494
|
+
component: "control-plane",
|
|
14492
16495
|
table: "projectGrants",
|
|
14493
16496
|
prepopulation: "runtime_data",
|
|
14494
16497
|
copyMode: "none",
|
|
14495
16498
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
14496
16499
|
},
|
|
14497
16500
|
{
|
|
14498
|
-
component: "
|
|
16501
|
+
component: "control-plane",
|
|
14499
16502
|
table: "reasoningPermissions",
|
|
14500
16503
|
prepopulation: "runtime_data",
|
|
14501
16504
|
copyMode: "none",
|
|
14502
16505
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
14503
16506
|
},
|
|
14504
16507
|
{
|
|
14505
|
-
component: "
|
|
16508
|
+
component: "control-plane",
|
|
14506
16509
|
table: "tenantApiKeys",
|
|
14507
16510
|
prepopulation: "runtime_secret",
|
|
14508
16511
|
copyMode: "none",
|
|
14509
16512
|
description: "API keys are tenant credentials and must never be copied."
|
|
14510
16513
|
},
|
|
14511
16514
|
{
|
|
14512
|
-
component: "
|
|
16515
|
+
component: "control-plane",
|
|
14513
16516
|
table: "tenantConfig",
|
|
14514
16517
|
prepopulation: "required_template",
|
|
14515
16518
|
copyMode: "template_tenant_rewrite",
|
|
@@ -14518,7 +16521,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14518
16521
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
14519
16522
|
},
|
|
14520
16523
|
{
|
|
14521
|
-
component: "
|
|
16524
|
+
component: "control-plane",
|
|
14522
16525
|
table: "tenantIntegrations",
|
|
14523
16526
|
prepopulation: "required_template",
|
|
14524
16527
|
copyMode: "template_tenant_rewrite",
|
|
@@ -14527,14 +16530,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14527
16530
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
14528
16531
|
},
|
|
14529
16532
|
{
|
|
14530
|
-
component: "
|
|
16533
|
+
component: "control-plane",
|
|
14531
16534
|
table: "tenantModelSlotBindings",
|
|
14532
16535
|
prepopulation: "runtime_secret",
|
|
14533
16536
|
copyMode: "none",
|
|
14534
16537
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
14535
16538
|
},
|
|
14536
16539
|
{
|
|
14537
|
-
component: "
|
|
16540
|
+
component: "control-plane",
|
|
16541
|
+
table: "tenantPermitSyncStates",
|
|
16542
|
+
prepopulation: "runtime_derived",
|
|
16543
|
+
copyMode: "none",
|
|
16544
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
16545
|
+
},
|
|
16546
|
+
{
|
|
16547
|
+
component: "control-plane",
|
|
14538
16548
|
table: "tenantPolicies",
|
|
14539
16549
|
prepopulation: "required_template",
|
|
14540
16550
|
copyMode: "template_tenant_rewrite",
|
|
@@ -14543,42 +16553,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14543
16553
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
14544
16554
|
},
|
|
14545
16555
|
{
|
|
14546
|
-
component: "
|
|
16556
|
+
component: "control-plane",
|
|
14547
16557
|
table: "tenantProviderSecrets",
|
|
14548
16558
|
prepopulation: "runtime_secret",
|
|
14549
16559
|
copyMode: "none",
|
|
14550
16560
|
description: "Provider secrets are credentials and must never be copied."
|
|
14551
16561
|
},
|
|
14552
16562
|
{
|
|
14553
|
-
component: "
|
|
16563
|
+
component: "control-plane",
|
|
14554
16564
|
table: "tenantProxyGatewayUsage",
|
|
14555
16565
|
prepopulation: "runtime_log",
|
|
14556
16566
|
copyMode: "none",
|
|
14557
16567
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
14558
16568
|
},
|
|
14559
16569
|
{
|
|
14560
|
-
component: "
|
|
16570
|
+
component: "control-plane",
|
|
14561
16571
|
table: "tenantProxyTokenMints",
|
|
14562
16572
|
prepopulation: "runtime_secret",
|
|
14563
16573
|
copyMode: "none",
|
|
14564
16574
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
14565
16575
|
},
|
|
14566
16576
|
{
|
|
14567
|
-
component: "
|
|
16577
|
+
component: "control-plane",
|
|
14568
16578
|
table: "tenantSandboxAuditEvents",
|
|
14569
16579
|
prepopulation: "runtime_log",
|
|
14570
16580
|
copyMode: "none",
|
|
14571
16581
|
description: "Sandbox audit rows are runtime security logs."
|
|
14572
16582
|
},
|
|
14573
16583
|
{
|
|
14574
|
-
component: "
|
|
16584
|
+
component: "control-plane",
|
|
14575
16585
|
table: "tenantSecrets",
|
|
14576
16586
|
prepopulation: "runtime_secret",
|
|
14577
16587
|
copyMode: "none",
|
|
14578
16588
|
description: "Tenant secrets are credentials and must never be copied."
|
|
14579
16589
|
},
|
|
14580
16590
|
{
|
|
14581
|
-
component: "
|
|
16591
|
+
component: "control-plane",
|
|
14582
16592
|
table: "toolAcls",
|
|
14583
16593
|
prepopulation: "required_template",
|
|
14584
16594
|
copyMode: "template_global",
|
|
@@ -14587,7 +16597,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14587
16597
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
14588
16598
|
},
|
|
14589
16599
|
{
|
|
14590
|
-
component: "
|
|
16600
|
+
component: "control-plane",
|
|
14591
16601
|
table: "toolRegistry",
|
|
14592
16602
|
prepopulation: "required_template",
|
|
14593
16603
|
copyMode: "template_global",
|
|
@@ -14596,7 +16606,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
14596
16606
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
14597
16607
|
},
|
|
14598
16608
|
{
|
|
14599
|
-
component: "
|
|
16609
|
+
component: "control-plane",
|
|
14600
16610
|
table: "users",
|
|
14601
16611
|
prepopulation: "runtime_bootstrap",
|
|
14602
16612
|
copyMode: "none",
|