@opengeni/db 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-57MLICFR.js +121 -0
- package/dist/chunk-57MLICFR.js.map +1 -0
- package/dist/chunk-OGCE6O2X.js +52 -0
- package/dist/chunk-OGCE6O2X.js.map +1 -0
- package/dist/chunk-PSX56ZTL.js +1093 -0
- package/dist/chunk-PSX56ZTL.js.map +1 -0
- package/dist/chunk-PZ5AY32C.js +10 -0
- package/dist/chunk-PZ5AY32C.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.js +5165 -0
- package/dist/index.js.map +1 -0
- package/dist/migrate.d.ts +40 -0
- package/dist/migrate.js +10 -0
- package/dist/migrate.js.map +1 -0
- package/dist/provision-roles.d.ts +2063 -0
- package/dist/provision-roles.js +8 -0
- package/dist/provision-roles.js.map +1 -0
- package/dist/schema-CaeZQAJQ.d.ts +9705 -0
- package/dist/schema.d.ts +3 -0
- package/dist/schema.js +110 -0
- package/dist/schema.js.map +1 -0
- package/drizzle/0000_initial.sql +179 -0
- package/drizzle/0001_workspace_auth_billing.sql +590 -0
- package/drizzle/0002_packs_and_social.sql +99 -0
- package/drizzle/0003_capability_catalog.sql +73 -0
- package/drizzle/0004_workspace_environments.sql +65 -0
- package/drizzle/0005_session_goals.sql +45 -0
- package/drizzle/0006_workspace_packs.sql +31 -0
- package/drizzle/0007_session_history_items.sql +66 -0
- package/drizzle/0008_session_first_party_mcp_permissions.sql +5 -0
- package/drizzle/0009_goal_sessions_first_party_goals_manage.sql +34 -0
- package/drizzle/0010_session_parent_linkage.sql +30 -0
- package/drizzle/0011_context_compaction.sql +33 -0
- package/drizzle/0012_compaction_summary_fractional_position.sql +19 -0
- package/drizzle/0013_session_compact_requested.sql +16 -0
- package/drizzle/0014_repair_orphaned_function_call_results.sql +125 -0
- package/drizzle/0015_workspace_agent_instructions.sql +17 -0
- package/drizzle/0016_session_create_idempotency.sql +27 -0
- package/drizzle/0017_sandbox_leases.sql +313 -0
- package/drizzle/0018_sandbox_os.sql +89 -0
- package/drizzle/0019_session_stream_acknowledgments.sql +94 -0
- package/drizzle/0020_session_recordings.sql +88 -0
- package/drizzle/0021_sandbox_pty_sessions.sql +70 -0
- package/drizzle/0022_sandbox_lease_terminal_url.sql +32 -0
- package/drizzle/0023_session_title.sql +19 -0
- package/drizzle/0024_codex_subscription_credentials.sql +51 -0
- package/drizzle/0024_sandboxes_enrollments_metrics.sql +262 -0
- package/drizzle/0025_device_enrollment_requests.sql +142 -0
- package/drizzle/0026_device_enrollment_user_code_resolver.sql +47 -0
- package/drizzle/0027_session_working_dir.sql +24 -0
- package/drizzle/0028_codex_multi_account.sql +85 -0
- package/drizzle/0029_session_history_item_producer.sql +31 -0
- package/drizzle/0030_agent_run_state_frozen_codex.sql +35 -0
- package/drizzle/0031_codex_usage_cache.sql +21 -0
- package/drizzle/0032_codex_account_cooldown.sql +18 -0
- package/drizzle/0033_codex_connector_cache.sql +20 -0
- package/drizzle/0034_sandbox_lease_image.sql +21 -0
- package/drizzle/meta/_journal.json +167 -0
- package/package.json +66 -0
- package/src/codex-token-resolver.ts +247 -0
- package/src/environment-crypto.ts +51 -0
- package/src/event-payload-sanitizer.ts +89 -0
- package/src/index.ts +7776 -0
- package/src/migrate.ts +95 -0
- package/src/provision-roles.ts +198 -0
- package/src/schema.ts +1110 -0
|
@@ -0,0 +1,1093 @@
|
|
|
1
|
+
import {
|
|
2
|
+
__export
|
|
3
|
+
} from "./chunk-PZ5AY32C.js";
|
|
4
|
+
|
|
5
|
+
// src/schema.ts
|
|
6
|
+
var schema_exports = {};
|
|
7
|
+
__export(schema_exports, {
|
|
8
|
+
agentRunStates: () => agentRunStates,
|
|
9
|
+
apiKeys: () => apiKeys,
|
|
10
|
+
auditEvents: () => auditEvents,
|
|
11
|
+
billingCustomers: () => billingCustomers,
|
|
12
|
+
capabilityCatalogItems: () => capabilityCatalogItems,
|
|
13
|
+
capabilityInstallations: () => capabilityInstallations,
|
|
14
|
+
codexRotationSettings: () => codexRotationSettings,
|
|
15
|
+
codexSubscriptionCredentials: () => codexSubscriptionCredentials,
|
|
16
|
+
creditLedgerEntries: () => creditLedgerEntries,
|
|
17
|
+
deviceEnrollmentRequests: () => deviceEnrollmentRequests,
|
|
18
|
+
deviceEnrollmentStatusValues: () => deviceEnrollmentStatusValues,
|
|
19
|
+
documentBases: () => documentBases,
|
|
20
|
+
documentChunks: () => documentChunks,
|
|
21
|
+
documents: () => documents,
|
|
22
|
+
enrollmentExposureValues: () => enrollmentExposureValues,
|
|
23
|
+
enrollmentOsValues: () => enrollmentOsValues,
|
|
24
|
+
enrollmentStatusValues: () => enrollmentStatusValues,
|
|
25
|
+
enrollments: () => enrollments,
|
|
26
|
+
fileUploads: () => fileUploads,
|
|
27
|
+
files: () => files,
|
|
28
|
+
githubInstallations: () => githubInstallations,
|
|
29
|
+
machineMetricsLatest: () => machineMetricsLatest,
|
|
30
|
+
machineMetricsSeries: () => machineMetricsSeries,
|
|
31
|
+
managedAccounts: () => managedAccounts,
|
|
32
|
+
packInstallations: () => packInstallations,
|
|
33
|
+
sandboxKindValues: () => sandboxKindValues,
|
|
34
|
+
sandboxLeaseHolders: () => sandboxLeaseHolders,
|
|
35
|
+
sandboxLeaseLivenessValues: () => sandboxLeaseLivenessValues,
|
|
36
|
+
sandboxLeases: () => sandboxLeases,
|
|
37
|
+
sandboxPtySessions: () => sandboxPtySessions,
|
|
38
|
+
sandboxSessionEnvelopes: () => sandboxSessionEnvelopes,
|
|
39
|
+
sandboxes: () => sandboxes,
|
|
40
|
+
scheduledTaskRuns: () => scheduledTaskRuns,
|
|
41
|
+
scheduledTasks: () => scheduledTasks,
|
|
42
|
+
sessionEvents: () => sessionEvents,
|
|
43
|
+
sessionGoals: () => sessionGoals,
|
|
44
|
+
sessionHistoryItems: () => sessionHistoryItems,
|
|
45
|
+
sessionRecordingCodecValues: () => sessionRecordingCodecValues,
|
|
46
|
+
sessionRecordingModeValues: () => sessionRecordingModeValues,
|
|
47
|
+
sessionRecordingStateValues: () => sessionRecordingStateValues,
|
|
48
|
+
sessionRecordings: () => sessionRecordings,
|
|
49
|
+
sessionTurns: () => sessionTurns,
|
|
50
|
+
sessions: () => sessions,
|
|
51
|
+
socialConnections: () => socialConnections,
|
|
52
|
+
socialPosts: () => socialPosts,
|
|
53
|
+
stripeWebhookEvents: () => stripeWebhookEvents,
|
|
54
|
+
usageEvents: () => usageEvents,
|
|
55
|
+
workspaceEnvironmentVariables: () => workspaceEnvironmentVariables,
|
|
56
|
+
workspaceEnvironments: () => workspaceEnvironments,
|
|
57
|
+
workspaceMemberships: () => workspaceMemberships,
|
|
58
|
+
workspacePacks: () => workspacePacks,
|
|
59
|
+
workspaces: () => workspaces
|
|
60
|
+
});
|
|
61
|
+
import { sql } from "drizzle-orm";
|
|
62
|
+
import { bigint, boolean, index, integer, jsonb, numeric, pgTable, text, timestamp, uniqueIndex, uuid, customType } from "drizzle-orm/pg-core";
|
|
63
|
+
var vector = customType({
|
|
64
|
+
dataType() {
|
|
65
|
+
return "vector(3072)";
|
|
66
|
+
},
|
|
67
|
+
toDriver(value) {
|
|
68
|
+
return `[${value.join(",")}]`;
|
|
69
|
+
}
|
|
70
|
+
});
|
|
71
|
+
var managedAccounts = pgTable("managed_accounts", {
|
|
72
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
73
|
+
name: text("name").notNull(),
|
|
74
|
+
externalSource: text("external_source"),
|
|
75
|
+
externalId: text("external_id"),
|
|
76
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
77
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
78
|
+
}, (table) => ({
|
|
79
|
+
external: uniqueIndex("managed_accounts_external_idx").on(table.externalSource, table.externalId)
|
|
80
|
+
}));
|
|
81
|
+
var workspaces = pgTable("workspaces", {
|
|
82
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
83
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
84
|
+
name: text("name").notNull(),
|
|
85
|
+
slug: text("slug"),
|
|
86
|
+
externalSource: text("external_source"),
|
|
87
|
+
externalId: text("external_id"),
|
|
88
|
+
// White-label agent persona template override. NULL means the deployment
|
|
89
|
+
// default (OPENGENI_AGENT_INSTRUCTIONS_TEMPLATE / DEFAULT_AGENT_INSTRUCTIONS).
|
|
90
|
+
agentInstructions: text("agent_instructions"),
|
|
91
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
92
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
93
|
+
}, (table) => ({
|
|
94
|
+
account: index("workspaces_account_idx").on(table.accountId),
|
|
95
|
+
accountSlug: uniqueIndex("workspaces_account_slug_idx").on(table.accountId, table.slug).where(sql`${table.slug} is not null`),
|
|
96
|
+
external: uniqueIndex("workspaces_external_idx").on(table.externalSource, table.externalId)
|
|
97
|
+
}));
|
|
98
|
+
var workspaceMemberships = pgTable("workspace_memberships", {
|
|
99
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
100
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
101
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
102
|
+
subjectId: text("subject_id").notNull(),
|
|
103
|
+
subjectLabel: text("subject_label"),
|
|
104
|
+
role: text("role").notNull().default("member"),
|
|
105
|
+
permissions: jsonb("permissions").$type().notNull().default([]),
|
|
106
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
107
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
108
|
+
}, (table) => ({
|
|
109
|
+
subjectWorkspace: uniqueIndex("workspace_memberships_subject_workspace_idx").on(table.subjectId, table.workspaceId),
|
|
110
|
+
subject: index("workspace_memberships_subject_idx").on(table.subjectId),
|
|
111
|
+
account: index("workspace_memberships_account_idx").on(table.accountId)
|
|
112
|
+
}));
|
|
113
|
+
var apiKeys = pgTable("api_keys", {
|
|
114
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
115
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
116
|
+
workspaceId: uuid("workspace_id").references(() => workspaces.id, { onDelete: "cascade" }),
|
|
117
|
+
name: text("name").notNull(),
|
|
118
|
+
prefix: text("prefix").notNull(),
|
|
119
|
+
keyHash: text("key_hash").notNull(),
|
|
120
|
+
permissions: jsonb("permissions").$type().notNull().default([]),
|
|
121
|
+
expiresAt: timestamp("expires_at", { withTimezone: true }),
|
|
122
|
+
revokedAt: timestamp("revoked_at", { withTimezone: true }),
|
|
123
|
+
lastUsedAt: timestamp("last_used_at", { withTimezone: true }),
|
|
124
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
125
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
126
|
+
}, (table) => ({
|
|
127
|
+
prefix: index("api_keys_prefix_idx").on(table.prefix),
|
|
128
|
+
hash: uniqueIndex("api_keys_key_hash_idx").on(table.keyHash),
|
|
129
|
+
account: index("api_keys_account_idx").on(table.accountId),
|
|
130
|
+
workspace: index("api_keys_workspace_idx").on(table.workspaceId)
|
|
131
|
+
}));
|
|
132
|
+
var workspaceEnvironments = pgTable("workspace_environments", {
|
|
133
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
134
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
135
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
136
|
+
name: text("name").notNull(),
|
|
137
|
+
description: text("description"),
|
|
138
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
139
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
140
|
+
}, (table) => ({
|
|
141
|
+
workspaceName: uniqueIndex("workspace_environments_workspace_name_idx").on(table.workspaceId, table.name),
|
|
142
|
+
workspaceCreated: index("workspace_environments_workspace_created_idx").on(table.workspaceId, table.createdAt)
|
|
143
|
+
}));
|
|
144
|
+
var workspaceEnvironmentVariables = pgTable("workspace_environment_variables", {
|
|
145
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
146
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
147
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
148
|
+
environmentId: uuid("environment_id").notNull().references(() => workspaceEnvironments.id, { onDelete: "cascade" }),
|
|
149
|
+
name: text("name").notNull(),
|
|
150
|
+
// Format: v1:<base64 iv>:<base64 ciphertext||gcm-tag>. Never returned by any API.
|
|
151
|
+
valueEncrypted: text("value_encrypted").notNull(),
|
|
152
|
+
version: integer("version").notNull().default(1),
|
|
153
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
154
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
155
|
+
}, (table) => ({
|
|
156
|
+
environmentName: uniqueIndex("workspace_environment_variables_env_name_idx").on(table.workspaceId, table.environmentId, table.name),
|
|
157
|
+
environment: index("workspace_environment_variables_workspace_env_idx").on(table.workspaceId, table.environmentId)
|
|
158
|
+
}));
|
|
159
|
+
var codexSubscriptionCredentials = pgTable("codex_subscription_credentials", {
|
|
160
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
161
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
162
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
163
|
+
// Format: v1:<base64 iv>:<base64 ciphertext||gcm-tag>. JSON {access_token, refresh_token, id_token}. Never returned by any API.
|
|
164
|
+
credentialEncrypted: text("credential_encrypted").notNull(),
|
|
165
|
+
chatgptAccountId: text("chatgpt_account_id"),
|
|
166
|
+
// plaintext ChatGPT-Account-ID header value (non-secret)
|
|
167
|
+
scopes: text("scopes"),
|
|
168
|
+
// space-delimited, as granted
|
|
169
|
+
planType: text("plan_type"),
|
|
170
|
+
isFedramp: boolean("is_fedramp").notNull().default(false),
|
|
171
|
+
expiresAt: timestamp("expires_at", { withTimezone: true }),
|
|
172
|
+
// derived from access-token JWT exp
|
|
173
|
+
lastRefreshAt: timestamp("last_refresh_at", { withTimezone: true }),
|
|
174
|
+
status: text("status").notNull().default("active"),
|
|
175
|
+
// active | needs_relogin | error
|
|
176
|
+
lastError: text("last_error"),
|
|
177
|
+
version: integer("version").notNull().default(1),
|
|
178
|
+
label: text("label"),
|
|
179
|
+
// user-chosen nickname; null ⇒ derive from email/plan/account
|
|
180
|
+
accountEmail: text("account_email"),
|
|
181
|
+
// email from the id_token (user's own email; non-secret)
|
|
182
|
+
// P2 usage cache (plaintext metadata; NEVER a token). Snapshotted from
|
|
183
|
+
// GET /wham/usage; drives the quota bars + the cache TTL. primary = 5h window
|
|
184
|
+
// (limit_window_seconds 18000), secondary = weekly (604800).
|
|
185
|
+
primaryUsedPercent: integer("primary_used_percent"),
|
|
186
|
+
primaryResetAt: timestamp("primary_reset_at", { withTimezone: true }),
|
|
187
|
+
secondaryUsedPercent: integer("secondary_used_percent"),
|
|
188
|
+
secondaryResetAt: timestamp("secondary_reset_at", { withTimezone: true }),
|
|
189
|
+
usageCheckedAt: timestamp("usage_checked_at", { withTimezone: true }),
|
|
190
|
+
// snapshot freshness → cache TTL clock
|
|
191
|
+
// P3 rotation cooldown (plaintext metadata; NEVER a token). Set when this account hit its
|
|
192
|
+
// usage cap on a rotation turn; the rotation engine treats `exhausted_until > now()` as
|
|
193
|
+
// capped/skip so it isn't immediately re-picked. Self-clears via the now() comparison.
|
|
194
|
+
exhaustedUntil: timestamp("exhausted_until", { withTimezone: true }),
|
|
195
|
+
// P4 connector-aware rotation cache (plaintext metadata; NEVER a token). The set
|
|
196
|
+
// of ORIGINAL-dotted connector namespaces (github/gmail/linear/…) this account
|
|
197
|
+
// exposes via codex_apps, captured from the per-turn tools/list. null ⇒ never
|
|
198
|
+
// probed (the ranker treats it as unknown: never credited as covering, never
|
|
199
|
+
// excluded). The writer only ever sets a NON-empty set, so a flaky empty turn
|
|
200
|
+
// can't false-drop coverage. connectorsCheckedAt is the freshness clock.
|
|
201
|
+
connectorNamespaces: text("connector_namespaces").array(),
|
|
202
|
+
connectorsCheckedAt: timestamp("connectors_checked_at", { withTimezone: true }),
|
|
203
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
204
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
205
|
+
}, (table) => ({
|
|
206
|
+
// REPLACES codex_subscription_credentials_workspace_idx (the one-per-workspace cap).
|
|
207
|
+
// One row per (workspace, ChatGPT account). Partial WHERE chatgpt_account_id IS NOT NULL
|
|
208
|
+
// so degenerate null-account rows can't collide; the device-grant connect path always
|
|
209
|
+
// populates chatgpt_account_id.
|
|
210
|
+
wsAccount: uniqueIndex("codex_subscription_credentials_ws_account_idx").on(table.workspaceId, table.chatgptAccountId).where(sql`${table.chatgptAccountId} is not null`),
|
|
211
|
+
workspace: index("codex_subscription_credentials_workspace_lookup_idx").on(table.workspaceId)
|
|
212
|
+
}));
|
|
213
|
+
var codexRotationSettings = pgTable("codex_rotation_settings", {
|
|
214
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
215
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
216
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
217
|
+
activeCredentialId: uuid("active_credential_id"),
|
|
218
|
+
rotationEnabled: boolean("rotation_enabled").notNull().default(false),
|
|
219
|
+
// P3, inert in P1
|
|
220
|
+
rotationStrategy: text("rotation_strategy").notNull().default("most_remaining"),
|
|
221
|
+
// P3, inert
|
|
222
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
223
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
224
|
+
}, (table) => ({
|
|
225
|
+
workspace: uniqueIndex("codex_rotation_settings_workspace_idx").on(table.workspaceId)
|
|
226
|
+
}));
|
|
227
|
+
var sessions = pgTable("sessions", {
|
|
228
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
229
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
230
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
231
|
+
status: text("status").notNull().default("queued"),
|
|
232
|
+
initialMessage: text("initial_message").notNull(),
|
|
233
|
+
title: text("title"),
|
|
234
|
+
titleSource: text("title_source"),
|
|
235
|
+
resources: jsonb("resources").$type().notNull().default([]),
|
|
236
|
+
tools: jsonb("tools").$type().notNull().default([]),
|
|
237
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
238
|
+
model: text("model").notNull(),
|
|
239
|
+
sandboxBackend: text("sandbox_backend").notNull(),
|
|
240
|
+
// The OS this session's box runs. Defaults to 'linux' (today's only OS, so
|
|
241
|
+
// every existing + new row is a behavior-preserving no-op). CHECK-constrained
|
|
242
|
+
// to the SandboxOs enum (linux|macos|windows) in migration 0018.
|
|
243
|
+
sandboxOs: text("sandbox_os").notNull().default("linux"),
|
|
244
|
+
// The shared-sandbox group this session's box belongs to. Defaults to the
|
|
245
|
+
// session's OWN id (a singleton group: group === session — today's 1:1
|
|
246
|
+
// behavior). When spawned shared via session_create, set to the PARENT's
|
|
247
|
+
// sandboxGroupId so both run in ONE box. Immutable once set. NOT an FK (the
|
|
248
|
+
// value is this row's id or an ancestor session's id in the same workspace;
|
|
249
|
+
// the live lease row, not a sandbox_groups table, materializes the group).
|
|
250
|
+
// The app generates the uuid and uses it for both id and sandbox_group_id in
|
|
251
|
+
// one insert — it cannot SQL-default to id (id is defaultRandom()).
|
|
252
|
+
sandboxGroupId: uuid("sandbox_group_id").notNull(),
|
|
253
|
+
// The first-class swappable-sandbox POINTER (bring-your-own-compute M2,
|
|
254
|
+
// dossier §10.3). NULL == "use the session's own group sandbox" (the
|
|
255
|
+
// backward-compat default — every existing/new row is a behavior-preserving
|
|
256
|
+
// no-op). The routing proxy re-reads (active_sandbox_id, active_epoch) PER
|
|
257
|
+
// TOOL CALL to make a Modal<->selfhosted hot-swap seamless. The FK
|
|
258
|
+
// (-> sandboxes(id) ON DELETE SET NULL — a deleted sandbox degrades the
|
|
259
|
+
// pointer to the group default, never dangles) lives in migration 0024, NOT a
|
|
260
|
+
// Drizzle .references() — exactly like parentSessionId below, so the const
|
|
261
|
+
// ordering imposes no forward-reference.
|
|
262
|
+
activeSandboxId: uuid("active_sandbox_id"),
|
|
263
|
+
// The SECOND epoch ABOVE sandbox_leases.lease_epoch, bumped on every swap; an
|
|
264
|
+
// in-flight op fenced by a stale active_epoch retries against the new active
|
|
265
|
+
// sandbox. integer (NOT bigint) — the lease-epoch spike: int8 reads back as a
|
|
266
|
+
// JS string and breaks the strict fence; int4 returns a number.
|
|
267
|
+
activeEpoch: integer("active_epoch").notNull().default(0),
|
|
268
|
+
// The session's WORKING DIRECTORY — the path/cwd base the (selfhosted) box's
|
|
269
|
+
// agent/terminal/file-dock operate under. A launch-workspace_root-relative
|
|
270
|
+
// subdir or an absolute machine path; surfaced alongside the active-sandbox
|
|
271
|
+
// pointer (readActiveSandbox) and written through the epoch-fenced
|
|
272
|
+
// setActiveSandbox CAS, NOT the row INSERT. NULL (the default) ⇒ today's
|
|
273
|
+
// behavior exactly — the agent substitutes its workspace_root for an empty cwd,
|
|
274
|
+
// so an unset working_dir is a byte-identical no-op. Create-time only (Stage A).
|
|
275
|
+
workingDir: text("working_dir"),
|
|
276
|
+
environmentId: uuid("environment_id").references(() => workspaceEnvironments.id, { onDelete: "set null" }),
|
|
277
|
+
// Non-default first-party MCP token permissions (manager-style sessions);
|
|
278
|
+
// null means the fixed worker default set in @opengeni/runtime.
|
|
279
|
+
firstPartyMcpPermissions: jsonb("first_party_mcp_permissions").$type(),
|
|
280
|
+
// The manager session that spawned this one via session_create. Set only
|
|
281
|
+
// when the creating grant carried a worker-signed sessionId claim (a session
|
|
282
|
+
// spawning a worker); null for direct API creates and scheduled-task runs.
|
|
283
|
+
// When set, this worker's terminal-for-now transitions wake the parent so a
|
|
284
|
+
// manager can orchestrate workers without busy-polling. Self-referencing FK,
|
|
285
|
+
// ON DELETE SET NULL so deleting a manager never cascades into its workers.
|
|
286
|
+
parentSessionId: uuid("parent_session_id"),
|
|
287
|
+
// Workspace-scoped CREATE idempotency key. NULL means the create carried no
|
|
288
|
+
// key (each such create is independent). When set, the partial unique index
|
|
289
|
+
// below collapses concurrent/retried creates with the same key in the same
|
|
290
|
+
// workspace to a single session row — the dedup that closes the
|
|
291
|
+
// double-submit/double-dispatch stuck-queued bug.
|
|
292
|
+
createIdempotencyKey: text("create_idempotency_key"),
|
|
293
|
+
temporalWorkflowId: text("temporal_workflow_id"),
|
|
294
|
+
activeTurnId: uuid("active_turn_id"),
|
|
295
|
+
// Actual input tokens reported for the last model call of the most recent
|
|
296
|
+
// turn. The pre-turn client-side compaction trigger reads this as its budget
|
|
297
|
+
// signal (char/4 estimate is the same-turn fallback). Null until a turn with
|
|
298
|
+
// usage has completed.
|
|
299
|
+
lastInputTokens: integer("last_input_tokens"),
|
|
300
|
+
// Operator /compact request flag (client-side compaction path). The API sets
|
|
301
|
+
// it true; the worker honors it BEFORE the next turn's model call by forcing
|
|
302
|
+
// a compaction, then clears it. A durable flag (not a transient signal) so
|
|
303
|
+
// the trigger survives a worker restart and converges before the next turn.
|
|
304
|
+
compactRequested: boolean("compact_requested").notNull().default(false),
|
|
305
|
+
lastSequence: integer("last_sequence").notNull().default(0),
|
|
306
|
+
// The session's PINNED Codex account (manual override from the in-session
|
|
307
|
+
// switcher). NULL ⇒ follow the workspace active pointer. FK declared in the
|
|
308
|
+
// migration with ON DELETE SET NULL (a disconnected pin degrades to "follow
|
|
309
|
+
// active", never dangles), same pattern as activeSandboxId.
|
|
310
|
+
codexPinnedCredentialId: uuid("codex_pinned_credential_id"),
|
|
311
|
+
// The Codex account the session's most recent turn ACTUALLY ran on — drives
|
|
312
|
+
// the "Running on:" indicator. Written by the worker at the turn boundary. FK
|
|
313
|
+
// ON DELETE SET NULL (migration).
|
|
314
|
+
codexLastCredentialId: uuid("codex_last_credential_id"),
|
|
315
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
316
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
317
|
+
}, (table) => ({
|
|
318
|
+
workspaceCreated: index("sessions_workspace_created_idx").on(table.workspaceId, table.createdAt),
|
|
319
|
+
environment: index("sessions_environment_idx").on(table.workspaceId, table.environmentId),
|
|
320
|
+
parent: index("sessions_parent_idx").on(table.workspaceId, table.parentSessionId),
|
|
321
|
+
// Routing index: resolve session_id -> sandbox_group_id at every lease entry
|
|
322
|
+
// point and enumerate all sessions in a group for attribution/disclosure.
|
|
323
|
+
sandboxGroup: index("sessions_sandbox_group_idx").on(table.workspaceId, table.sandboxGroupId),
|
|
324
|
+
// Partial unique index: one session per (workspace, create_idempotency_key)
|
|
325
|
+
// when a key is present. Concurrent creates racing on the same key see a
|
|
326
|
+
// unique violation on all but one; the domain layer catches it and returns
|
|
327
|
+
// the winning row instead of erroring.
|
|
328
|
+
createIdempotency: uniqueIndex("sessions_workspace_create_idempotency_idx").on(table.workspaceId, table.createIdempotencyKey).where(sql`${table.createIdempotencyKey} is not null`)
|
|
329
|
+
}));
|
|
330
|
+
var files = pgTable("files", {
|
|
331
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
332
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
333
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
334
|
+
status: text("status").notNull().default("pending_upload"),
|
|
335
|
+
filename: text("filename").notNull(),
|
|
336
|
+
safeFilename: text("safe_filename").notNull(),
|
|
337
|
+
contentType: text("content_type").notNull(),
|
|
338
|
+
sizeBytes: bigint("size_bytes", { mode: "number" }).notNull(),
|
|
339
|
+
sha256: text("sha256"),
|
|
340
|
+
bucket: text("bucket").notNull(),
|
|
341
|
+
objectKey: text("object_key").notNull(),
|
|
342
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
343
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
344
|
+
}, (table) => ({
|
|
345
|
+
workspaceCreated: index("files_workspace_created_idx").on(table.workspaceId, table.createdAt),
|
|
346
|
+
objectKey: uniqueIndex("files_object_key_idx").on(table.objectKey),
|
|
347
|
+
status: index("files_status_idx").on(table.status)
|
|
348
|
+
}));
|
|
349
|
+
var fileUploads = pgTable("file_uploads", {
|
|
350
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
351
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
352
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
353
|
+
fileId: uuid("file_id").notNull().references(() => files.id, { onDelete: "cascade" }),
|
|
354
|
+
status: text("status").notNull().default("pending"),
|
|
355
|
+
expiresAt: timestamp("expires_at", { withTimezone: true }).notNull(),
|
|
356
|
+
completedAt: timestamp("completed_at", { withTimezone: true }),
|
|
357
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
358
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
359
|
+
}, (table) => ({
|
|
360
|
+
workspace: index("file_uploads_workspace_idx").on(table.workspaceId),
|
|
361
|
+
fileId: index("file_uploads_file_id_idx").on(table.fileId),
|
|
362
|
+
status: index("file_uploads_status_idx").on(table.status)
|
|
363
|
+
}));
|
|
364
|
+
var documentBases = pgTable("document_bases", {
|
|
365
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
366
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
367
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
368
|
+
name: text("name").notNull(),
|
|
369
|
+
description: text("description"),
|
|
370
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
371
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
372
|
+
}, (table) => ({
|
|
373
|
+
workspaceCreated: index("document_bases_workspace_created_idx").on(table.workspaceId, table.createdAt)
|
|
374
|
+
}));
|
|
375
|
+
var documents = pgTable("documents", {
|
|
376
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
377
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
378
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
379
|
+
baseId: uuid("base_id").notNull().references(() => documentBases.id, { onDelete: "cascade" }),
|
|
380
|
+
fileId: uuid("file_id").notNull().references(() => files.id, { onDelete: "restrict" }),
|
|
381
|
+
status: text("status").notNull().default("queued"),
|
|
382
|
+
title: text("title").notNull(),
|
|
383
|
+
parser: text("parser").notNull().default("liteparse"),
|
|
384
|
+
chunkCount: integer("chunk_count").notNull().default(0),
|
|
385
|
+
error: text("error"),
|
|
386
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
387
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
388
|
+
}, (table) => ({
|
|
389
|
+
baseFile: uniqueIndex("documents_workspace_base_file_idx").on(table.workspaceId, table.baseId, table.fileId),
|
|
390
|
+
baseStatus: index("documents_workspace_base_status_idx").on(table.workspaceId, table.baseId, table.status)
|
|
391
|
+
}));
|
|
392
|
+
var documentChunks = pgTable("document_chunks", {
|
|
393
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
394
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
395
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
396
|
+
documentId: uuid("document_id").notNull().references(() => documents.id, { onDelete: "cascade" }),
|
|
397
|
+
baseId: uuid("base_id").notNull().references(() => documentBases.id, { onDelete: "cascade" }),
|
|
398
|
+
fileId: uuid("file_id").notNull().references(() => files.id, { onDelete: "restrict" }),
|
|
399
|
+
chunkIndex: integer("chunk_index").notNull(),
|
|
400
|
+
text: text("text").notNull(),
|
|
401
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
402
|
+
embedding: vector("embedding").notNull(),
|
|
403
|
+
embeddingModel: text("embedding_model").notNull(),
|
|
404
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
405
|
+
}, (table) => ({
|
|
406
|
+
documentIndex: uniqueIndex("document_chunks_workspace_document_index_idx").on(table.workspaceId, table.documentId, table.chunkIndex),
|
|
407
|
+
base: index("document_chunks_workspace_base_idx").on(table.workspaceId, table.baseId)
|
|
408
|
+
}));
|
|
409
|
+
var sessionTurns = pgTable("session_turns", {
|
|
410
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
411
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
412
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
413
|
+
sessionId: uuid("session_id").notNull().references(() => sessions.id, { onDelete: "cascade" }),
|
|
414
|
+
triggerEventId: uuid("trigger_event_id").notNull(),
|
|
415
|
+
temporalWorkflowId: text("temporal_workflow_id").notNull(),
|
|
416
|
+
status: text("status").notNull(),
|
|
417
|
+
source: text("source").notNull().default("user"),
|
|
418
|
+
position: integer("position").notNull(),
|
|
419
|
+
prompt: text("prompt").notNull(),
|
|
420
|
+
resources: jsonb("resources").$type().notNull().default([]),
|
|
421
|
+
tools: jsonb("tools").$type().notNull().default([]),
|
|
422
|
+
model: text("model").notNull(),
|
|
423
|
+
reasoningEffort: text("reasoning_effort").notNull(),
|
|
424
|
+
sandboxBackend: text("sandbox_backend").notNull(),
|
|
425
|
+
// Per-turn OS override. NULL = inherit the session's sandbox_os. CHECK-
|
|
426
|
+
// constrained to the SandboxOs enum (or NULL) in migration 0018.
|
|
427
|
+
sandboxOs: text("sandbox_os"),
|
|
428
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
429
|
+
startedAt: timestamp("started_at", { withTimezone: true }),
|
|
430
|
+
finishedAt: timestamp("finished_at", { withTimezone: true }),
|
|
431
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
432
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
433
|
+
}, (table) => ({
|
|
434
|
+
queue: index("session_turns_workspace_queue_idx").on(table.workspaceId, table.sessionId, table.status, table.position)
|
|
435
|
+
}));
|
|
436
|
+
var sessionGoals = pgTable("session_goals", {
|
|
437
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
438
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
439
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
440
|
+
sessionId: uuid("session_id").notNull().references(() => sessions.id, { onDelete: "cascade" }),
|
|
441
|
+
status: text("status").notNull().default("active"),
|
|
442
|
+
// active | paused | completed
|
|
443
|
+
text: text("text").notNull(),
|
|
444
|
+
successCriteria: text("success_criteria"),
|
|
445
|
+
evidence: text("evidence"),
|
|
446
|
+
// set by goal_complete
|
|
447
|
+
rationale: text("rationale"),
|
|
448
|
+
// set by goal_pause
|
|
449
|
+
pausedReason: text("paused_reason"),
|
|
450
|
+
// agent | user_interrupt | api | no_progress | max_auto_continuations | limits
|
|
451
|
+
createdBy: text("created_by").notNull().default("api"),
|
|
452
|
+
// api | agent | scheduled_task
|
|
453
|
+
version: integer("version").notNull().default(1),
|
|
454
|
+
// bumped on every set/update; progress signal
|
|
455
|
+
autoContinuations: integer("auto_continuations").notNull().default(0),
|
|
456
|
+
noProgressStreak: integer("no_progress_streak").notNull().default(0),
|
|
457
|
+
maxAutoContinuations: integer("max_auto_continuations"),
|
|
458
|
+
// per-goal override; a configured settings cap (if any) remains the hard ceiling
|
|
459
|
+
lastContinuationTurnId: uuid("last_continuation_turn_id"),
|
|
460
|
+
versionAtLastContinuation: integer("version_at_last_continuation"),
|
|
461
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
462
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
463
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
464
|
+
}, (table) => ({
|
|
465
|
+
workspaceSession: uniqueIndex("session_goals_workspace_session_idx").on(table.workspaceId, table.sessionId),
|
|
466
|
+
status: index("session_goals_workspace_status_idx").on(table.workspaceId, table.status)
|
|
467
|
+
}));
|
|
468
|
+
var sessionEvents = pgTable("session_events", {
|
|
469
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
470
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
471
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
472
|
+
sessionId: uuid("session_id").notNull().references(() => sessions.id, { onDelete: "cascade" }),
|
|
473
|
+
turnId: uuid("turn_id"),
|
|
474
|
+
sequence: integer("sequence").notNull(),
|
|
475
|
+
type: text("type").notNull(),
|
|
476
|
+
payload: jsonb("payload").$type().notNull().default({}),
|
|
477
|
+
clientEventId: text("client_event_id"),
|
|
478
|
+
producerId: text("producer_id"),
|
|
479
|
+
producerSeq: integer("producer_seq"),
|
|
480
|
+
occurredAt: timestamp("occurred_at", { withTimezone: true }).notNull().defaultNow(),
|
|
481
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
482
|
+
}, (table) => ({
|
|
483
|
+
sessionSequence: uniqueIndex("session_events_workspace_session_sequence_idx").on(table.workspaceId, table.sessionId, table.sequence),
|
|
484
|
+
clientEvent: uniqueIndex("session_events_workspace_client_event_idx").on(table.workspaceId, table.sessionId, table.clientEventId).where(sql`${table.clientEventId} is not null`),
|
|
485
|
+
producer: uniqueIndex("session_events_workspace_producer_idx").on(table.workspaceId, table.sessionId, table.producerId, table.producerSeq).where(sql`${table.producerId} is not null and ${table.producerSeq} is not null`),
|
|
486
|
+
sessionCreated: index("session_events_workspace_session_created_idx").on(table.workspaceId, table.sessionId, table.createdAt)
|
|
487
|
+
}));
|
|
488
|
+
var agentRunStates = pgTable("agent_run_states", {
|
|
489
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
490
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
491
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
492
|
+
sessionId: uuid("session_id").notNull().references(() => sessions.id, { onDelete: "cascade" }),
|
|
493
|
+
turnId: uuid("turn_id").references(() => sessionTurns.id, { onDelete: "set null" }),
|
|
494
|
+
stateVersion: integer("state_version").notNull(),
|
|
495
|
+
serializedRunState: text("serialized_run_state").notNull(),
|
|
496
|
+
pendingApprovals: jsonb("pending_approvals").$type().notNull().default([]),
|
|
497
|
+
// The Codex account that FROZE this run state: the turn's resolved codex
|
|
498
|
+
// credential id (pin > workspace-active), or NULL when frozen on the
|
|
499
|
+
// non-codex / Azure path (or before this column existed). The serialized
|
|
500
|
+
// RunState blob round-trips `reasoning.encrypted_content` minted by the
|
|
501
|
+
// ChatGPT/Codex backend — account/org-bound, so a foreign blob 400s — and the
|
|
502
|
+
// foreign reasoning ids the Responses backend validates; but the blob carries
|
|
503
|
+
// NO per-item producer tag (those live only on session_history_items). So we
|
|
504
|
+
// stamp the freezing account here: on a resume (approval decision, or the
|
|
505
|
+
// items-mode run-state fallback) whose codex account DIFFERS from this value,
|
|
506
|
+
// the replay path neutralizes every reasoning item's account-bound identity
|
|
507
|
+
// (encrypted_content + provider id) in the blob before it reaches the model.
|
|
508
|
+
// Deliberately NO FK: provenance must OUTLIVE the account's hard-disconnect (a
|
|
509
|
+
// stale-but-null tag still mismatches a live codex id, so the strip stays
|
|
510
|
+
// correct either way). NULL on both sides (non-codex freeze + non-codex
|
|
511
|
+
// resume) is a no-op, so single-account and non-codex sessions are unchanged.
|
|
512
|
+
frozenCodexCredentialId: uuid("frozen_codex_credential_id"),
|
|
513
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
514
|
+
});
|
|
515
|
+
var sessionHistoryItems = pgTable("session_history_items", {
|
|
516
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
517
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
518
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
519
|
+
sessionId: uuid("session_id").notNull().references(() => sessions.id, { onDelete: "cascade" }),
|
|
520
|
+
turnId: uuid("turn_id").references(() => sessionTurns.id, { onDelete: "set null" }),
|
|
521
|
+
// Numeric (not integer) so the synthetic compaction-summary row can be
|
|
522
|
+
// inserted at a FRACTIONAL position (boundaryPosition - 0.5) that sorts ahead
|
|
523
|
+
// of the kept tail without colliding with — and thus overwriting — the real
|
|
524
|
+
// prefix row at boundaryPosition - 1. Normally-appended rows keep whole-number
|
|
525
|
+
// positions; only the summary uses the half-step. `mode: "number"` maps the
|
|
526
|
+
// postgres.js string back to a JS number so every reader stays numeric.
|
|
527
|
+
position: numeric("position", { mode: "number" }).notNull(),
|
|
528
|
+
item: jsonb("item").$type().notNull(),
|
|
529
|
+
// Live-row flag for client-side context compaction. The read path selects
|
|
530
|
+
// only active rows; a compaction supersedes the summarized prefix (sets this
|
|
531
|
+
// false — never deletes, so the full transcript stays as an audit trail) and
|
|
532
|
+
// inserts ONE synthetic active summary row at the boundary. Defaults true so
|
|
533
|
+
// every existing and normally-appended row is live.
|
|
534
|
+
active: boolean("active").notNull().default(true),
|
|
535
|
+
// The Codex account that PRODUCED these items: the per-turn resolved codex
|
|
536
|
+
// credential id (pin > workspace-active), or NULL when produced on the
|
|
537
|
+
// non-codex / Azure path (or before this column existed). Used to strip
|
|
538
|
+
// cross-account `reasoning.encrypted_content` blobs — those are account/org-
|
|
539
|
+
// bound, minted by the ChatGPT/Codex backend, so replaying account A's blob
|
|
540
|
+
// into a turn running on account B 400s. The read path drops the encrypted
|
|
541
|
+
// reasoning of any item whose producer != the turn's current codex account.
|
|
542
|
+
// Deliberately NO FK: provenance must OUTLIVE the account's hard-disconnect
|
|
543
|
+
// (an ON DELETE SET NULL would erase the tag, and a stale-but-null tag still
|
|
544
|
+
// mismatches a live codex id so the strip stays correct either way).
|
|
545
|
+
producerCodexCredentialId: uuid("producer_codex_credential_id"),
|
|
546
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
547
|
+
}, (table) => ({
|
|
548
|
+
positionIdx: uniqueIndex("session_history_items_position_idx").on(table.workspaceId, table.sessionId, table.position)
|
|
549
|
+
}));
|
|
550
|
+
var sandboxSessionEnvelopes = pgTable("sandbox_session_envelopes", {
|
|
551
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
552
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
553
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
554
|
+
sessionId: uuid("session_id").notNull().references(() => sessions.id, { onDelete: "cascade" }),
|
|
555
|
+
envelope: jsonb("envelope").$type().notNull(),
|
|
556
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
557
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
558
|
+
}, (table) => ({
|
|
559
|
+
sessionIdx: uniqueIndex("sandbox_session_envelopes_session_idx").on(table.workspaceId, table.sessionId)
|
|
560
|
+
}));
|
|
561
|
+
var sandboxLeaseLivenessValues = ["cold", "warming", "warm", "draining"];
|
|
562
|
+
var sandboxLeases = pgTable("sandbox_leases", {
|
|
563
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
564
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
565
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
566
|
+
sandboxGroupId: uuid("sandbox_group_id").notNull(),
|
|
567
|
+
liveness: text("liveness", { enum: sandboxLeaseLivenessValues }).notNull().default("cold"),
|
|
568
|
+
refcount: integer("refcount").notNull().default(0),
|
|
569
|
+
turnHolders: integer("turn_holders").notNull().default(0),
|
|
570
|
+
viewerHolders: integer("viewer_holders").notNull().default(0),
|
|
571
|
+
instanceId: text("instance_id"),
|
|
572
|
+
backend: text("backend").notNull(),
|
|
573
|
+
os: text("os").notNull().default("linux"),
|
|
574
|
+
// The container IMAGE the group box runs (Modal image ref / docker image). A shared
|
|
575
|
+
// box is SHARED STATE: all its sessions run the SAME filesystem, so they must run the
|
|
576
|
+
// same image. This column stamps the image the live box was created with; a resume
|
|
577
|
+
// whose resolved image DIFFERS is a conflict (B3): a solo holder recreates the box on
|
|
578
|
+
// the new image, N-holders are rejected (SandboxImageConflictError). Nullable — a
|
|
579
|
+
// legacy/cold row reads NULL = "image unknown", which never conflicts.
|
|
580
|
+
image: text("image"),
|
|
581
|
+
dataPlaneUrl: text("data_plane_url"),
|
|
582
|
+
// The REAL PTY terminal (ttyd pty-ws) rides a SEPARATE provider tunnel (7681)
|
|
583
|
+
// from the desktop noVNC (6080), so its resolved URL is cached independently.
|
|
584
|
+
// Recorded under the epoch fence by recordLeaseTerminalDataPlaneUrl; reset to
|
|
585
|
+
// null on every box re-key (warm-commit / fail / drain), symmetric with
|
|
586
|
+
// data_plane_url.
|
|
587
|
+
terminalDataPlaneUrl: text("terminal_data_plane_url"),
|
|
588
|
+
// integer (NOT bigint): the lease-epoch spike proved a raw int8 read returns a
|
|
589
|
+
// JS STRING from postgres-js, breaking the strict epoch-fence comparison (it
|
|
590
|
+
// was always-true → every turn fenced); int4 returns a JS number, the fix.
|
|
591
|
+
// Epochs never approach 2^31, so the narrower type loses nothing.
|
|
592
|
+
leaseEpoch: integer("lease_epoch").notNull().default(0),
|
|
593
|
+
// The group box-envelope (the "envelope split" Critical): the small recovery
|
|
594
|
+
// descriptor to resume()-by-id the group's box without a per-session join.
|
|
595
|
+
resumeBackendId: text("resume_backend_id"),
|
|
596
|
+
resumeState: jsonb("resume_state").$type(),
|
|
597
|
+
// Warm-time billing cursor: last_meter_at = accrual cursor; last_meter_tick =
|
|
598
|
+
// idempotency tick (warm_seconds accrued idempotent on
|
|
599
|
+
// (sandbox_group_id, lease_epoch, last_meter_tick) in P2.1).
|
|
600
|
+
lastMeterAt: timestamp("last_meter_at", { withTimezone: true }),
|
|
601
|
+
lastMeterTick: integer("last_meter_tick").notNull().default(0),
|
|
602
|
+
expiresAt: timestamp("expires_at", { withTimezone: true }).notNull(),
|
|
603
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
604
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
605
|
+
}, (table) => ({
|
|
606
|
+
groupIdx: uniqueIndex("sandbox_leases_group_idx").on(table.workspaceId, table.sandboxGroupId),
|
|
607
|
+
reaperIdx: index("sandbox_leases_reaper_idx").on(table.expiresAt).where(sql`${table.liveness} in ('warming','warm','draining')`)
|
|
608
|
+
}));
|
|
609
|
+
var sandboxLeaseHolders = pgTable("sandbox_lease_holders", {
|
|
610
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
611
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
612
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
613
|
+
leaseId: uuid("lease_id").notNull().references(() => sandboxLeases.id, { onDelete: "cascade" }),
|
|
614
|
+
kind: text("kind", { enum: ["turn", "viewer"] }).notNull(),
|
|
615
|
+
holderId: text("holder_id").notNull(),
|
|
616
|
+
// The attributing session within the (possibly shared) group.
|
|
617
|
+
subjectId: uuid("subject_id"),
|
|
618
|
+
lastHeartbeatAt: timestamp("last_heartbeat_at", { withTimezone: true }).notNull().defaultNow(),
|
|
619
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
620
|
+
}, (table) => ({
|
|
621
|
+
holderIdx: uniqueIndex("sandbox_lease_holders_holder_idx").on(table.leaseId, table.kind, table.holderId),
|
|
622
|
+
staleIdx: index("sandbox_lease_holders_stale_idx").on(table.kind, table.lastHeartbeatAt),
|
|
623
|
+
leaseIdx: index("sandbox_lease_holders_lease_idx").on(table.leaseId)
|
|
624
|
+
}));
|
|
625
|
+
var sessionRecordingStateValues = ["recording", "finalizing", "available", "failed"];
|
|
626
|
+
var sessionRecordingModeValues = ["manual", "on-turn", "on-verify"];
|
|
627
|
+
var sessionRecordingCodecValues = ["h264-mp4", "vp9-webm"];
|
|
628
|
+
var sessionRecordings = pgTable("session_recordings", {
|
|
629
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
630
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
631
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
632
|
+
sessionId: uuid("session_id").notNull().references(() => sessions.id, { onDelete: "cascade" }),
|
|
633
|
+
turnId: uuid("turn_id").references(() => sessionTurns.id, { onDelete: "set null" }),
|
|
634
|
+
state: text("state", { enum: sessionRecordingStateValues }).notNull(),
|
|
635
|
+
mode: text("mode", { enum: sessionRecordingModeValues }).notNull(),
|
|
636
|
+
codec: text("codec", { enum: sessionRecordingCodecValues }).notNull(),
|
|
637
|
+
storageKey: text("storage_key"),
|
|
638
|
+
sizeBytes: bigint("size_bytes", { mode: "number" }),
|
|
639
|
+
durationSeconds: numeric("duration_seconds").$type(),
|
|
640
|
+
width: integer("width").notNull(),
|
|
641
|
+
height: integer("height").notNull(),
|
|
642
|
+
reason: text("reason"),
|
|
643
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
644
|
+
finalizedAt: timestamp("finalized_at", { withTimezone: true })
|
|
645
|
+
}, (table) => ({
|
|
646
|
+
sessionIdx: index("session_recordings_session_idx").on(table.workspaceId, table.sessionId, table.createdAt)
|
|
647
|
+
}));
|
|
648
|
+
var sandboxPtySessions = pgTable("sandbox_pty_sessions", {
|
|
649
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
650
|
+
// == ptyId on the wire
|
|
651
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
652
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
653
|
+
sessionId: uuid("session_id").notNull().references(() => sessions.id, { onDelete: "cascade" }),
|
|
654
|
+
// The SDK numeric exec-session id used by writeStdin({ sessionId }). Null until
|
|
655
|
+
// the open exec yields a still-running process (a fast-exiting shell has none).
|
|
656
|
+
execSessionId: integer("exec_session_id"),
|
|
657
|
+
leaseEpoch: integer("lease_epoch").notNull(),
|
|
658
|
+
// fenced to the box that opened it
|
|
659
|
+
cols: integer("cols").notNull(),
|
|
660
|
+
rows: integer("rows").notNull(),
|
|
661
|
+
shell: text("shell").notNull(),
|
|
662
|
+
cwd: text("cwd").notNull(),
|
|
663
|
+
status: text("status").notNull().default("open"),
|
|
664
|
+
// 'open' | 'closed'
|
|
665
|
+
// The viewer grant/subject that opened it (free-text — access subjects are not
|
|
666
|
+
// always UUIDs, M5; so a text column, never a uuid NOT NULL).
|
|
667
|
+
openedBy: text("opened_by").notNull(),
|
|
668
|
+
lastInputAt: timestamp("last_input_at", { withTimezone: true }).notNull().defaultNow(),
|
|
669
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
670
|
+
closedAt: timestamp("closed_at", { withTimezone: true })
|
|
671
|
+
}, (table) => ({
|
|
672
|
+
openIdx: index("sandbox_pty_sessions_session_idx").on(table.workspaceId, table.sessionId).where(sql`${table.status} = 'open'`)
|
|
673
|
+
}));
|
|
674
|
+
var enrollmentExposureValues = ["whole-machine"];
|
|
675
|
+
var enrollmentStatusValues = ["active", "revoked"];
|
|
676
|
+
var enrollmentOsValues = ["linux", "macos", "windows"];
|
|
677
|
+
var sandboxKindValues = ["modal", "selfhosted"];
|
|
678
|
+
var enrollments = pgTable("enrollments", {
|
|
679
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
680
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
681
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
682
|
+
// The agent's ed25519 public key (the machine identity).
|
|
683
|
+
pubkey: text("pubkey").notNull(),
|
|
684
|
+
exposure: text("exposure", { enum: enrollmentExposureValues }).notNull().default("whole-machine"),
|
|
685
|
+
hasDisplay: boolean("has_display").notNull().default(false),
|
|
686
|
+
allowScreenControl: boolean("allow_screen_control").notNull().default(false),
|
|
687
|
+
status: text("status", { enum: enrollmentStatusValues }).notNull().default("active"),
|
|
688
|
+
os: text("os", { enum: enrollmentOsValues }).notNull().default("linux"),
|
|
689
|
+
arch: text("arch").notNull().default("x86_64"),
|
|
690
|
+
// Heartbeat liveness cursor. Null until the first connect.
|
|
691
|
+
lastSeenAt: timestamp("last_seen_at", { withTimezone: true }),
|
|
692
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
693
|
+
revokedAt: timestamp("revoked_at", { withTimezone: true }),
|
|
694
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
695
|
+
}, (table) => ({
|
|
696
|
+
// One enrollment per (workspace, pubkey): a re-enroll is an idempotent upsert.
|
|
697
|
+
workspacePubkey: uniqueIndex("enrollments_workspace_pubkey_idx").on(table.workspaceId, table.pubkey),
|
|
698
|
+
// List a workspace's ACTIVE machines without scanning revoked rows.
|
|
699
|
+
workspaceStatus: index("enrollments_workspace_status_idx").on(table.workspaceId, table.status)
|
|
700
|
+
}));
|
|
701
|
+
var deviceEnrollmentStatusValues = ["pending", "approved", "denied", "consumed"];
|
|
702
|
+
var deviceEnrollmentRequests = pgTable("device_enrollment_requests", {
|
|
703
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
704
|
+
// The opaque code the agent polls with (unguessable, single-use). Unique.
|
|
705
|
+
deviceCode: text("device_code").notNull(),
|
|
706
|
+
// The short human-typed code (e.g. "WDJB-MJHT"). Unique among LIVE (pending)
|
|
707
|
+
// rows via a partial unique index so a recycled code never collides with a
|
|
708
|
+
// terminal row.
|
|
709
|
+
userCode: text("user_code").notNull(),
|
|
710
|
+
// The workspace this request was started for (resolved from the deployment-edge
|
|
711
|
+
// request context — the agent presents the access key, the flow binds to the
|
|
712
|
+
// single managed workspace OR a workspace hint). account_id rides along for RLS.
|
|
713
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
714
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
715
|
+
// The agent's ed25519 public key (the machine identity the enrollment binds to).
|
|
716
|
+
pubkey: text("pubkey").notNull(),
|
|
717
|
+
os: text("os", { enum: enrollmentOsValues }).notNull().default("linux"),
|
|
718
|
+
arch: text("arch").notNull().default("x86_64"),
|
|
719
|
+
machineName: text("machine_name"),
|
|
720
|
+
// The exposure the agent REQUESTED (whole-machine in v1; loudly consented at
|
|
721
|
+
// approve). Mirrors the enrollment column domain.
|
|
722
|
+
requestedExposure: text("requested_exposure", { enum: enrollmentExposureValues }).notNull().default("whole-machine"),
|
|
723
|
+
// The agent CAN offer a display (a real screen / Xvfb is available) — gates
|
|
724
|
+
// whether screen-control consent is even meaningful. has_display on the
|
|
725
|
+
// resulting enrollment is derived from this.
|
|
726
|
+
canOfferDisplay: boolean("can_offer_display").notNull().default(false),
|
|
727
|
+
// The agent REQUESTS screen control (computer-use). The user's allow_screen_control
|
|
728
|
+
// at approve is the AUTHORITATIVE consent; this is only the agent's request.
|
|
729
|
+
requestsScreenControl: boolean("requests_screen_control").notNull().default(false),
|
|
730
|
+
status: text("status", { enum: deviceEnrollmentStatusValues }).notNull().default("pending"),
|
|
731
|
+
// ── LOUD CONSENT capture (who/when/what), stamped at approve ──────────────
|
|
732
|
+
approvedBySubjectId: text("approved_by_subject_id"),
|
|
733
|
+
approvedBySubjectLabel: text("approved_by_subject_label"),
|
|
734
|
+
// The user's screen-control consent decision (whole-machine is mandatory at
|
|
735
|
+
// approve; screen-control is opt-in per this flag).
|
|
736
|
+
allowScreenControl: boolean("allow_screen_control").notNull().default(false),
|
|
737
|
+
approvedAt: timestamp("approved_at", { withTimezone: true }),
|
|
738
|
+
// The enrollment + sandbox the approve produced (acceptance #2: an enrollment
|
|
739
|
+
// row AND a sandbox row appear). Null until approved.
|
|
740
|
+
enrollmentId: uuid("enrollment_id").references(() => enrollments.id, { onDelete: "set null" }),
|
|
741
|
+
sandboxId: uuid("sandbox_id").references(() => sandboxes.id, { onDelete: "set null" }),
|
|
742
|
+
// The short-TTL expiry; a pending row past this is EXPIRED on poll.
|
|
743
|
+
expiresAt: timestamp("expires_at", { withTimezone: true }).notNull(),
|
|
744
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
745
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
746
|
+
}, (table) => ({
|
|
747
|
+
// The device_code is the agent's poll key — globally unique + indexed.
|
|
748
|
+
deviceCode: uniqueIndex("device_enrollment_requests_device_code_idx").on(table.deviceCode),
|
|
749
|
+
// The user_code must be unique among LIVE (pending) rows so the approve lookup
|
|
750
|
+
// is unambiguous; a terminal row's code may be recycled.
|
|
751
|
+
userCodePending: uniqueIndex("device_enrollment_requests_user_code_pending_idx").on(table.userCode).where(sql`${table.status} = 'pending'`),
|
|
752
|
+
workspaceCreated: index("device_enrollment_requests_workspace_created_idx").on(table.workspaceId, table.createdAt),
|
|
753
|
+
expires: index("device_enrollment_requests_expires_idx").on(table.expiresAt)
|
|
754
|
+
}));
|
|
755
|
+
var sandboxes = pgTable("sandboxes", {
|
|
756
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
757
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
758
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
759
|
+
kind: text("kind", { enum: sandboxKindValues }).notNull(),
|
|
760
|
+
name: text("name").notNull(),
|
|
761
|
+
enrollmentId: uuid("enrollment_id").references(() => enrollments.id, { onDelete: "set null" }),
|
|
762
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
763
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
764
|
+
}, (table) => ({
|
|
765
|
+
workspaceCreated: index("sandboxes_workspace_created_idx").on(table.workspaceId, table.createdAt),
|
|
766
|
+
enrollment: index("sandboxes_enrollment_idx").on(table.enrollmentId).where(sql`${table.enrollmentId} is not null`)
|
|
767
|
+
}));
|
|
768
|
+
var machineMetricsLatest = pgTable("machine_metrics_latest", {
|
|
769
|
+
enrollmentId: uuid("enrollment_id").primaryKey().references(() => enrollments.id, { onDelete: "cascade" }),
|
|
770
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
771
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
772
|
+
cpuPercent: numeric("cpu_percent").$type(),
|
|
773
|
+
load1: numeric("load1").$type(),
|
|
774
|
+
load5: numeric("load5").$type(),
|
|
775
|
+
load15: numeric("load15").$type(),
|
|
776
|
+
memUsedBytes: bigint("mem_used_bytes", { mode: "number" }),
|
|
777
|
+
memTotalBytes: bigint("mem_total_bytes", { mode: "number" }),
|
|
778
|
+
diskUsedBytes: bigint("disk_used_bytes", { mode: "number" }),
|
|
779
|
+
diskTotalBytes: bigint("disk_total_bytes", { mode: "number" }),
|
|
780
|
+
gpuUtilPercent: numeric("gpu_util_percent").$type(),
|
|
781
|
+
gpuMemUsedBytes: bigint("gpu_mem_used_bytes", { mode: "number" }),
|
|
782
|
+
gpuMemTotalBytes: bigint("gpu_mem_total_bytes", { mode: "number" }),
|
|
783
|
+
contention: numeric("contention").$type(),
|
|
784
|
+
sampledAt: timestamp("sampled_at", { withTimezone: true }).notNull(),
|
|
785
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
786
|
+
}, (table) => ({
|
|
787
|
+
workspace: index("machine_metrics_latest_workspace_idx").on(table.workspaceId)
|
|
788
|
+
}));
|
|
789
|
+
var machineMetricsSeries = pgTable("machine_metrics_series", {
|
|
790
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
791
|
+
enrollmentId: uuid("enrollment_id").notNull().references(() => enrollments.id, { onDelete: "cascade" }),
|
|
792
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
793
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
794
|
+
cpuPercent: numeric("cpu_percent").$type(),
|
|
795
|
+
load1: numeric("load1").$type(),
|
|
796
|
+
load5: numeric("load5").$type(),
|
|
797
|
+
load15: numeric("load15").$type(),
|
|
798
|
+
memUsedBytes: bigint("mem_used_bytes", { mode: "number" }),
|
|
799
|
+
memTotalBytes: bigint("mem_total_bytes", { mode: "number" }),
|
|
800
|
+
diskUsedBytes: bigint("disk_used_bytes", { mode: "number" }),
|
|
801
|
+
diskTotalBytes: bigint("disk_total_bytes", { mode: "number" }),
|
|
802
|
+
gpuUtilPercent: numeric("gpu_util_percent").$type(),
|
|
803
|
+
gpuMemUsedBytes: bigint("gpu_mem_used_bytes", { mode: "number" }),
|
|
804
|
+
gpuMemTotalBytes: bigint("gpu_mem_total_bytes", { mode: "number" }),
|
|
805
|
+
contention: numeric("contention").$type(),
|
|
806
|
+
sampledAt: timestamp("sampled_at", { withTimezone: true }).notNull(),
|
|
807
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
808
|
+
}, (table) => ({
|
|
809
|
+
enrollmentSampled: index("machine_metrics_series_enrollment_sampled_idx").on(table.enrollmentId, table.sampledAt),
|
|
810
|
+
sampled: index("machine_metrics_series_sampled_idx").on(table.sampledAt)
|
|
811
|
+
}));
|
|
812
|
+
var scheduledTasks = pgTable("scheduled_tasks", {
|
|
813
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
814
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
815
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
816
|
+
name: text("name").notNull(),
|
|
817
|
+
status: text("status").notNull().default("active"),
|
|
818
|
+
schedule: jsonb("schedule").$type().notNull(),
|
|
819
|
+
temporalScheduleId: text("temporal_schedule_id").notNull(),
|
|
820
|
+
runMode: text("run_mode").notNull().default("new_session_per_run"),
|
|
821
|
+
overlapPolicy: text("overlap_policy").notNull().default("allow_concurrent"),
|
|
822
|
+
agentConfig: jsonb("agent_config").$type().notNull(),
|
|
823
|
+
reusableSessionId: uuid("reusable_session_id").references(() => sessions.id, { onDelete: "set null" }),
|
|
824
|
+
environmentId: uuid("environment_id").references(() => workspaceEnvironments.id, { onDelete: "restrict" }),
|
|
825
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
826
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
827
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
828
|
+
}, (table) => ({
|
|
829
|
+
temporalScheduleId: uniqueIndex("scheduled_tasks_workspace_temporal_schedule_id_idx").on(table.workspaceId, table.temporalScheduleId),
|
|
830
|
+
status: index("scheduled_tasks_workspace_status_idx").on(table.workspaceId, table.status),
|
|
831
|
+
environment: index("scheduled_tasks_environment_idx").on(table.workspaceId, table.environmentId)
|
|
832
|
+
}));
|
|
833
|
+
var scheduledTaskRuns = pgTable("scheduled_task_runs", {
|
|
834
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
835
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
836
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
837
|
+
taskId: uuid("task_id").notNull().references(() => scheduledTasks.id, { onDelete: "cascade" }),
|
|
838
|
+
status: text("status").notNull().default("queued"),
|
|
839
|
+
triggerType: text("trigger_type").notNull(),
|
|
840
|
+
scheduledAt: timestamp("scheduled_at", { withTimezone: true }),
|
|
841
|
+
firedAt: timestamp("fired_at", { withTimezone: true }).notNull().defaultNow(),
|
|
842
|
+
sessionId: uuid("session_id").references(() => sessions.id, { onDelete: "set null" }),
|
|
843
|
+
triggerEventId: uuid("trigger_event_id"),
|
|
844
|
+
error: text("error"),
|
|
845
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
846
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
847
|
+
}, (table) => ({
|
|
848
|
+
taskCreated: index("scheduled_task_runs_workspace_task_created_idx").on(table.workspaceId, table.taskId, table.createdAt),
|
|
849
|
+
session: index("scheduled_task_runs_workspace_session_idx").on(table.workspaceId, table.sessionId)
|
|
850
|
+
}));
|
|
851
|
+
var githubInstallations = pgTable("github_installations", {
|
|
852
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
853
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
854
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
855
|
+
installationId: integer("installation_id").notNull(),
|
|
856
|
+
accountLogin: text("account_login"),
|
|
857
|
+
accountType: text("account_type"),
|
|
858
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
859
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
860
|
+
}, (table) => ({
|
|
861
|
+
workspaceInstallation: uniqueIndex("github_installations_workspace_installation_idx").on(table.workspaceId, table.installationId),
|
|
862
|
+
installation: index("github_installations_installation_idx").on(table.installationId),
|
|
863
|
+
workspace: index("github_installations_workspace_idx").on(table.workspaceId)
|
|
864
|
+
}));
|
|
865
|
+
var usageEvents = pgTable("usage_events", {
|
|
866
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
867
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
868
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
869
|
+
subjectId: text("subject_id"),
|
|
870
|
+
eventType: text("event_type").notNull(),
|
|
871
|
+
quantity: bigint("quantity", { mode: "number" }).notNull(),
|
|
872
|
+
unit: text("unit").notNull(),
|
|
873
|
+
sourceResourceType: text("source_resource_type"),
|
|
874
|
+
sourceResourceId: text("source_resource_id"),
|
|
875
|
+
idempotencyKey: text("idempotency_key").notNull(),
|
|
876
|
+
occurredAt: timestamp("occurred_at", { withTimezone: true }).notNull(),
|
|
877
|
+
recordedAt: timestamp("recorded_at", { withTimezone: true }).notNull().defaultNow(),
|
|
878
|
+
exportedToBillingAt: timestamp("exported_to_billing_at", { withTimezone: true }),
|
|
879
|
+
billingProviderEventId: text("billing_provider_event_id")
|
|
880
|
+
}, (table) => ({
|
|
881
|
+
idempotency: uniqueIndex("usage_events_idempotency_idx").on(table.idempotencyKey),
|
|
882
|
+
workspaceMetric: index("usage_events_workspace_metric_idx").on(table.workspaceId, table.eventType, table.occurredAt),
|
|
883
|
+
accountMetric: index("usage_events_account_metric_idx").on(table.accountId, table.eventType, table.occurredAt)
|
|
884
|
+
}));
|
|
885
|
+
var creditLedgerEntries = pgTable("credit_ledger_entries", {
|
|
886
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
887
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
888
|
+
workspaceId: uuid("workspace_id").references(() => workspaces.id, { onDelete: "set null" }),
|
|
889
|
+
type: text("type").notNull(),
|
|
890
|
+
amountMicros: bigint("amount_micros", { mode: "number" }).notNull(),
|
|
891
|
+
currency: text("currency").notNull().default("usd"),
|
|
892
|
+
sourceType: text("source_type"),
|
|
893
|
+
sourceId: text("source_id"),
|
|
894
|
+
idempotencyKey: text("idempotency_key").notNull(),
|
|
895
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
896
|
+
occurredAt: timestamp("occurred_at", { withTimezone: true }).notNull().defaultNow(),
|
|
897
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
898
|
+
}, (table) => ({
|
|
899
|
+
idempotency: uniqueIndex("credit_ledger_entries_idempotency_idx").on(table.idempotencyKey),
|
|
900
|
+
accountCreated: index("credit_ledger_entries_account_created_idx").on(table.accountId, table.createdAt)
|
|
901
|
+
}));
|
|
902
|
+
var billingCustomers = pgTable("billing_customers", {
|
|
903
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
904
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
905
|
+
provider: text("provider").notNull().default("stripe"),
|
|
906
|
+
providerCustomerId: text("provider_customer_id").notNull(),
|
|
907
|
+
email: text("email"),
|
|
908
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
909
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
910
|
+
}, (table) => ({
|
|
911
|
+
accountProvider: uniqueIndex("billing_customers_account_provider_idx").on(table.accountId, table.provider),
|
|
912
|
+
providerCustomer: uniqueIndex("billing_customers_provider_customer_idx").on(table.provider, table.providerCustomerId)
|
|
913
|
+
}));
|
|
914
|
+
var stripeWebhookEvents = pgTable("stripe_webhook_events", {
|
|
915
|
+
id: text("id").primaryKey(),
|
|
916
|
+
type: text("type").notNull(),
|
|
917
|
+
livemode: text("livemode").notNull().default("false"),
|
|
918
|
+
payload: jsonb("payload").$type().notNull(),
|
|
919
|
+
processedAt: timestamp("processed_at", { withTimezone: true }),
|
|
920
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
921
|
+
});
|
|
922
|
+
var auditEvents = pgTable("audit_events", {
|
|
923
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
924
|
+
accountId: uuid("account_id").references(() => managedAccounts.id, { onDelete: "set null" }),
|
|
925
|
+
workspaceId: uuid("workspace_id").references(() => workspaces.id, { onDelete: "set null" }),
|
|
926
|
+
subjectId: text("subject_id"),
|
|
927
|
+
action: text("action").notNull(),
|
|
928
|
+
targetType: text("target_type"),
|
|
929
|
+
targetId: text("target_id"),
|
|
930
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
931
|
+
occurredAt: timestamp("occurred_at", { withTimezone: true }).notNull().defaultNow()
|
|
932
|
+
}, (table) => ({
|
|
933
|
+
accountCreated: index("audit_events_account_created_idx").on(table.accountId, table.occurredAt),
|
|
934
|
+
workspaceCreated: index("audit_events_workspace_created_idx").on(table.workspaceId, table.occurredAt)
|
|
935
|
+
}));
|
|
936
|
+
var packInstallations = pgTable("pack_installations", {
|
|
937
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
938
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
939
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
940
|
+
packId: text("pack_id").notNull(),
|
|
941
|
+
status: text("status").notNull().default("active"),
|
|
942
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
943
|
+
enabledAt: timestamp("enabled_at", { withTimezone: true }).notNull().defaultNow(),
|
|
944
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
945
|
+
}, (table) => ({
|
|
946
|
+
workspacePack: uniqueIndex("pack_installations_workspace_pack_idx").on(table.workspaceId, table.packId),
|
|
947
|
+
status: index("pack_installations_workspace_status_idx").on(table.workspaceId, table.status)
|
|
948
|
+
}));
|
|
949
|
+
var workspacePacks = pgTable("workspace_packs", {
|
|
950
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
951
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
952
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
953
|
+
packId: text("pack_id").notNull(),
|
|
954
|
+
manifest: jsonb("manifest").$type().notNull(),
|
|
955
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
956
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
957
|
+
}, (table) => ({
|
|
958
|
+
workspacePack: uniqueIndex("workspace_packs_workspace_pack_idx").on(table.workspaceId, table.packId)
|
|
959
|
+
}));
|
|
960
|
+
var capabilityCatalogItems = pgTable("capability_catalog_items", {
|
|
961
|
+
id: text("id").notNull(),
|
|
962
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
963
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
964
|
+
kind: text("kind").notNull(),
|
|
965
|
+
source: text("source").notNull().default("manual"),
|
|
966
|
+
name: text("name").notNull(),
|
|
967
|
+
description: text("description"),
|
|
968
|
+
category: text("category").notNull().default("custom"),
|
|
969
|
+
tags: jsonb("tags").$type().notNull().default([]),
|
|
970
|
+
homepageUrl: text("homepage_url"),
|
|
971
|
+
endpointUrl: text("endpoint_url"),
|
|
972
|
+
installUrl: text("install_url"),
|
|
973
|
+
authModel: text("auth_model"),
|
|
974
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
975
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
976
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
977
|
+
}, (table) => ({
|
|
978
|
+
workspaceCapability: uniqueIndex("capability_catalog_items_workspace_capability_idx").on(table.workspaceId, table.id),
|
|
979
|
+
kind: index("capability_catalog_items_workspace_kind_idx").on(table.workspaceId, table.kind),
|
|
980
|
+
category: index("capability_catalog_items_workspace_category_idx").on(table.workspaceId, table.category),
|
|
981
|
+
source: index("capability_catalog_items_workspace_source_idx").on(table.workspaceId, table.source)
|
|
982
|
+
}));
|
|
983
|
+
var capabilityInstallations = pgTable("capability_installations", {
|
|
984
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
985
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
986
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
987
|
+
capabilityId: text("capability_id").notNull(),
|
|
988
|
+
kind: text("kind").notNull(),
|
|
989
|
+
status: text("status").notNull().default("active"),
|
|
990
|
+
config: jsonb("config").$type().notNull().default({}),
|
|
991
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
992
|
+
enabledAt: timestamp("enabled_at", { withTimezone: true }).notNull().defaultNow(),
|
|
993
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
994
|
+
}, (table) => ({
|
|
995
|
+
workspaceCapability: uniqueIndex("capability_installations_workspace_capability_idx").on(table.workspaceId, table.capabilityId),
|
|
996
|
+
kind: index("capability_installations_workspace_kind_idx").on(table.workspaceId, table.kind),
|
|
997
|
+
status: index("capability_installations_workspace_status_idx").on(table.workspaceId, table.status)
|
|
998
|
+
}));
|
|
999
|
+
var socialConnections = pgTable("social_connections", {
|
|
1000
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
1001
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
1002
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
1003
|
+
provider: text("provider").notNull(),
|
|
1004
|
+
accountHandle: text("account_handle").notNull(),
|
|
1005
|
+
accountName: text("account_name"),
|
|
1006
|
+
externalAccountId: text("external_account_id"),
|
|
1007
|
+
status: text("status").notNull().default("connected"),
|
|
1008
|
+
scopes: jsonb("scopes").$type().notNull().default([]),
|
|
1009
|
+
credentialRef: text("credential_ref"),
|
|
1010
|
+
tokenMetadata: jsonb("token_metadata").$type().notNull().default({}),
|
|
1011
|
+
metadata: jsonb("metadata").$type().notNull().default({}),
|
|
1012
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
1013
|
+
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
|
|
1014
|
+
}, (table) => ({
|
|
1015
|
+
workspaceProviderHandle: uniqueIndex("social_connections_workspace_provider_handle_idx").on(table.workspaceId, table.provider, table.accountHandle),
|
|
1016
|
+
providerStatus: index("social_connections_workspace_provider_status_idx").on(table.workspaceId, table.provider, table.status)
|
|
1017
|
+
}));
|
|
1018
|
+
var socialPosts = pgTable("social_posts", {
|
|
1019
|
+
id: uuid("id").primaryKey().defaultRandom(),
|
|
1020
|
+
accountId: uuid("account_id").notNull().references(() => managedAccounts.id, { onDelete: "cascade" }),
|
|
1021
|
+
workspaceId: uuid("workspace_id").notNull().references(() => workspaces.id, { onDelete: "cascade" }),
|
|
1022
|
+
connectionId: uuid("connection_id").notNull().references(() => socialConnections.id, { onDelete: "cascade" }),
|
|
1023
|
+
provider: text("provider").notNull(),
|
|
1024
|
+
externalPostId: text("external_post_id"),
|
|
1025
|
+
url: text("url"),
|
|
1026
|
+
authorHandle: text("author_handle"),
|
|
1027
|
+
text: text("text").notNull(),
|
|
1028
|
+
publishedAt: timestamp("published_at", { withTimezone: true }).notNull(),
|
|
1029
|
+
metrics: jsonb("metrics").$type().notNull().default({}),
|
|
1030
|
+
raw: jsonb("raw").$type().notNull().default({}),
|
|
1031
|
+
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
|
|
1032
|
+
}, (table) => ({
|
|
1033
|
+
connectionExternalPost: uniqueIndex("social_posts_workspace_connection_external_post_idx").on(table.workspaceId, table.connectionId, table.externalPostId),
|
|
1034
|
+
connectionPublished: index("social_posts_workspace_connection_published_idx").on(table.workspaceId, table.connectionId, table.publishedAt),
|
|
1035
|
+
providerPublished: index("social_posts_workspace_provider_published_idx").on(table.workspaceId, table.provider, table.publishedAt)
|
|
1036
|
+
}));
|
|
1037
|
+
|
|
1038
|
+
export {
|
|
1039
|
+
managedAccounts,
|
|
1040
|
+
workspaces,
|
|
1041
|
+
workspaceMemberships,
|
|
1042
|
+
apiKeys,
|
|
1043
|
+
workspaceEnvironments,
|
|
1044
|
+
workspaceEnvironmentVariables,
|
|
1045
|
+
codexSubscriptionCredentials,
|
|
1046
|
+
codexRotationSettings,
|
|
1047
|
+
sessions,
|
|
1048
|
+
files,
|
|
1049
|
+
fileUploads,
|
|
1050
|
+
documentBases,
|
|
1051
|
+
documents,
|
|
1052
|
+
documentChunks,
|
|
1053
|
+
sessionTurns,
|
|
1054
|
+
sessionGoals,
|
|
1055
|
+
sessionEvents,
|
|
1056
|
+
agentRunStates,
|
|
1057
|
+
sessionHistoryItems,
|
|
1058
|
+
sandboxSessionEnvelopes,
|
|
1059
|
+
sandboxLeaseLivenessValues,
|
|
1060
|
+
sandboxLeases,
|
|
1061
|
+
sandboxLeaseHolders,
|
|
1062
|
+
sessionRecordingStateValues,
|
|
1063
|
+
sessionRecordingModeValues,
|
|
1064
|
+
sessionRecordingCodecValues,
|
|
1065
|
+
sessionRecordings,
|
|
1066
|
+
sandboxPtySessions,
|
|
1067
|
+
enrollmentExposureValues,
|
|
1068
|
+
enrollmentStatusValues,
|
|
1069
|
+
enrollmentOsValues,
|
|
1070
|
+
sandboxKindValues,
|
|
1071
|
+
enrollments,
|
|
1072
|
+
deviceEnrollmentStatusValues,
|
|
1073
|
+
deviceEnrollmentRequests,
|
|
1074
|
+
sandboxes,
|
|
1075
|
+
machineMetricsLatest,
|
|
1076
|
+
machineMetricsSeries,
|
|
1077
|
+
scheduledTasks,
|
|
1078
|
+
scheduledTaskRuns,
|
|
1079
|
+
githubInstallations,
|
|
1080
|
+
usageEvents,
|
|
1081
|
+
creditLedgerEntries,
|
|
1082
|
+
billingCustomers,
|
|
1083
|
+
stripeWebhookEvents,
|
|
1084
|
+
auditEvents,
|
|
1085
|
+
packInstallations,
|
|
1086
|
+
workspacePacks,
|
|
1087
|
+
capabilityCatalogItems,
|
|
1088
|
+
capabilityInstallations,
|
|
1089
|
+
socialConnections,
|
|
1090
|
+
socialPosts,
|
|
1091
|
+
schema_exports
|
|
1092
|
+
};
|
|
1093
|
+
//# sourceMappingURL=chunk-PSX56ZTL.js.map
|