@opentrust/db 7.1.0

package/dist/schema/sqlite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlite.d.ts","sourceRoot":"","sources":["../../src/schema/sqlite.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAInB,CAAC;AAGH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkBlB,CAAC;AAGF,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgB9B,CAAC;AAGF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiBpB,CAAC;AAGF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmBrB,CAAC;AAGF,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmB5B,CAAC;AAGF,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyBhC,CAAC;AAIF,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EActB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAaxB,CAAC;AAGF,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqB5B,CAAC"}

package/dist/schema/sqlite.js

@@ -0,0 +1,153 @@
+import { sqliteTable, text, integer, real, index } from "drizzle-orm/sqlite-core";
+// ─── Settings ─────────────────────────────────────────────────
+export const settings = sqliteTable("settings", {
+    key: text("key").primaryKey(),
+    value: text("value").notNull(),
+    updatedAt: text("updated_at").notNull().$defaultFn(() => new Date().toISOString()),
+});
+// ─── Agents ─────────────────────────────────────────────────────
+export const agents = sqliteTable("agents", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    tenantId: text("tenant_id").notNull().default("default"),
+    name: text("name").notNull(),
+    description: text("description"),
+    provider: text("provider").notNull().default("custom"),
+    status: text("status").notNull().default("inactive"),
+    lastSeenAt: text("last_seen_at"),
+    metadata: text("metadata", { mode: "json" }).notNull().default({}),
+    createdAt: text("created_at").notNull().$defaultFn(() => new Date().toISOString()),
+    updatedAt: text("updated_at").notNull().$defaultFn(() => new Date().toISOString()),
+}, (table) => ({
+    statusIdx: index("idx_agents_status").on(table.status),
+    tenantIdIdx: index("idx_agents_tenant_id").on(table.tenantId),
+}));
+// ─── Scanner Definitions ────────────────────────────────────────
+export const scannerDefinitions = sqliteTable("scanner_definitions", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    tenantId: text("tenant_id").notNull().default("default"),
+    scannerId: text("scanner_id").notNull(),
+    name: text("name").notNull(),
+    description: text("description").notNull(),
+    config: text("config", { mode: "json" }).notNull().default({}),
+    isEnabled: integer("is_enabled", { mode: "boolean" }).notNull().default(true),
+    isDefault: integer("is_default", { mode: "boolean" }).notNull().default(false),
+}, (table) => ({
+    scannerIdIdx: index("idx_scanner_defs_scanner_id").on(table.scannerId),
+    tenantIdIdx: index("idx_scanner_defs_tenant_id").on(table.tenantId),
+}));
+// ─── Policies ───────────────────────────────────────────────────
+export const policies = sqliteTable("policies", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    tenantId: text("tenant_id").notNull().default("default"),
+    name: text("name").notNull(),
+    description: text("description"),
+    scannerIds: text("scanner_ids", { mode: "json" }).notNull().default([]),
+    action: text("action").notNull().default("log"),
+    sensitivityThreshold: real("sensitivity_threshold").notNull().default(0.5),
+    isEnabled: integer("is_enabled", { mode: "boolean" }).notNull().default(true),
+    createdAt: text("created_at").notNull().$defaultFn(() => new Date().toISOString()),
+    updatedAt: text("updated_at").notNull().$defaultFn(() => new Date().toISOString()),
+}, (table) => ({
+    tenantIdIdx: index("idx_policies_tenant_id").on(table.tenantId),
+}));
+// ─── Usage Logs ─────────────────────────────────────────────────
+export const usageLogs = sqliteTable("usage_logs", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    tenantId: text("tenant_id").notNull().default("default"),
+    agentId: text("agent_id"),
+    endpoint: text("endpoint").notNull(),
+    statusCode: integer("status_code").notNull(),
+    responseSafe: integer("response_safe", { mode: "boolean" }),
+    categories: text("categories", { mode: "json" }).notNull().default([]),
+    latencyMs: integer("latency_ms").notNull(),
+    requestId: text("request_id").notNull(),
+    createdAt: text("created_at").notNull().$defaultFn(() => new Date().toISOString()),
+}, (table) => ({
+    agentIdIdx: index("idx_usage_logs_agent_id").on(table.agentId),
+    createdAtIdx: index("idx_usage_logs_created_at").on(table.createdAt),
+    tenantIdIdx: index("idx_usage_logs_tenant_id").on(table.tenantId),
+}));
+// ─── Detection Results ──────────────────────────────────────────
+export const detectionResults = sqliteTable("detection_results", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    tenantId: text("tenant_id").notNull().default("default"),
+    agentId: text("agent_id"),
+    safe: integer("safe", { mode: "boolean" }).notNull(),
+    categories: text("categories", { mode: "json" }).notNull().default([]),
+    sensitivityScore: real("sensitivity_score").notNull().default(0),
+    findings: text("findings", { mode: "json" }).notNull().default([]),
+    latencyMs: integer("latency_ms").notNull(),
+    requestId: text("request_id").notNull(),
+    createdAt: text("created_at").notNull().$defaultFn(() => new Date().toISOString()),
+}, (table) => ({
+    agentIdIdx: index("idx_detection_results_agent_id").on(table.agentId),
+    createdAtIdx: index("idx_detection_results_created_at").on(table.createdAt),
+    tenantIdIdx: index("idx_detection_results_tenant_id").on(table.tenantId),
+}));
+// ─── Tool Call Observations ─────────────────────────────────────
+export const toolCallObservations = sqliteTable("tool_call_observations", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    tenantId: text("tenant_id").notNull().default("default"),
+    agentId: text("agent_id").notNull(),
+    sessionKey: text("session_key"),
+    toolName: text("tool_name").notNull(),
+    category: text("category"),
+    accessPattern: text("access_pattern"),
+    paramsJson: text("params_json", { mode: "json" }),
+    phase: text("phase").notNull(),
+    resultJson: text("result_json", { mode: "json" }),
+    error: text("error"),
+    durationMs: integer("duration_ms"),
+    blocked: integer("blocked", { mode: "boolean" }).notNull().default(false),
+    blockReason: text("block_reason"),
+    timestamp: text("timestamp").notNull().$defaultFn(() => new Date().toISOString()),
+}, (table) => ({
+    agentIdIdx: index("idx_tool_obs_agent_id").on(table.agentId),
+    toolNameIdx: index("idx_tool_obs_tool_name").on(table.toolName),
+    timestampIdx: index("idx_tool_obs_timestamp").on(table.timestamp),
+    tenantIdIdx: index("idx_tool_obs_tenant_id").on(table.tenantId),
+}));
+// ─── Magic Links ─────────────────────────────────────────────
+// One-time login tokens sent via email (15-min TTL)
+export const magicLinks = sqliteTable("magic_links", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    email: text("email").notNull(),
+    token: text("token").notNull().unique(),
+    expiresAt: text("expires_at").notNull(),
+    usedAt: text("used_at"),
+    createdAt: text("created_at").notNull().$defaultFn(() => new Date().toISOString()),
+}, (table) => ({
+    tokenIdx: index("idx_magic_links_token").on(table.token),
+    emailIdx: index("idx_magic_links_email").on(table.email),
+}));
+// ─── User Sessions ────────────────────────────────────────────
+// Persistent sessions created after magic link verification (30-day TTL)
+export const userSessions = sqliteTable("user_sessions", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    email: text("email").notNull(),
+    token: text("token").notNull().unique(),
+    expiresAt: text("expires_at").notNull(),
+    createdAt: text("created_at").notNull().$defaultFn(() => new Date().toISOString()),
+}, (table) => ({
+    tokenIdx: index("idx_user_sessions_token").on(table.token),
+    emailIdx: index("idx_user_sessions_email").on(table.email),
+}));
+// ─── Agent Permissions ────────────────────────────────────────
+export const agentPermissions = sqliteTable("agent_permissions", {
+    id: text("id").primaryKey().$defaultFn(() => crypto.randomUUID()),
+    tenantId: text("tenant_id").notNull().default("default"),
+    agentId: text("agent_id").notNull(),
+    toolName: text("tool_name").notNull(),
+    category: text("category"),
+    accessPattern: text("access_pattern"),
+    targetsJson: text("targets_json", { mode: "json" }).notNull().default([]),
+    callCount: integer("call_count").notNull().default(0),
+    errorCount: integer("error_count").notNull().default(0),
+    firstSeen: text("first_seen").notNull().$defaultFn(() => new Date().toISOString()),
+    lastSeen: text("last_seen").notNull().$defaultFn(() => new Date().toISOString()),
+}, (table) => ({
+    agentIdIdx: index("idx_agent_perms_agent_id").on(table.agentId),
+    toolNameIdx: index("idx_agent_perms_tool_name").on(table.toolName),
+    tenantIdIdx: index("idx_agent_perms_tenant_id").on(table.tenantId),
+    uniqueAgentTool: index("idx_agent_perms_unique").on(table.tenantId, table.agentId, table.toolName),
+}));

package/dist/seed.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=seed.d.ts.map

package/dist/seed.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seed.d.ts","sourceRoot":"","sources":["../src/seed.ts"],"names":[],"mappings":""}

package/dist/seed.js

@@ -0,0 +1,49 @@
+import { config } from "dotenv";
+import { resolve, dirname } from "path";
+import { fileURLToPath } from "url";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+config({ path: resolve(__dirname, "../../../.env") });
+async function seed() {
+    const { db } = await import("./client.js");
+    const { scannerDefinitions } = await import("./schema/index.js");
+    const { DEFAULT_SCANNERS, DEFAULT_TENANT_ID } = await import("@opentrust/shared");
+    const { getDialect } = await import("./dialect.js");
+    const { eq } = await import("drizzle-orm");
+    console.log(`Seeding default scanners (dialect: ${getDialect()})...`);
+    for (const scanner of DEFAULT_SCANNERS) {
+        const id = crypto.randomUUID();
+        const values = {
+            id,
+            scannerId: scanner.scannerId,
+            name: scanner.name,
+            description: scanner.description,
+            isEnabled: true,
+            isDefault: true,
+            tenantId: DEFAULT_TENANT_ID,
+        };
+        try {
+            const existing = await db
+                .select()
+                .from(scannerDefinitions)
+                .where(eq(scannerDefinitions.scannerId, scanner.scannerId))
+                .limit(1);
+            if (existing.length === 0) {
+                await db.insert(scannerDefinitions).values(values);
+                console.log(`  Seeded ${scanner.scannerId}: ${scanner.name}`);
+            }
+            else {
+                console.log(`  Skipped ${scanner.scannerId}: already exists`);
+            }
+        }
+        catch (err) {
+            console.warn(`  Warning: ${scanner.scannerId} seed failed:`, err);
+        }
+    }
+    console.log("Seeding complete.");
+    process.exit(0);
+}
+seed().catch((err) => {
+    console.error("Seed failed:", err);
+    process.exit(1);
+});

package/drizzle/sqlite/0000_serious_martin_li.sql

@@ -0,0 +1,143 @@
+CREATE TABLE `agent_permissions` (
+	`id` text PRIMARY KEY NOT NULL,
+	`tenant_id` text DEFAULT 'default' NOT NULL,
+	`agent_id` text NOT NULL,
+	`tool_name` text NOT NULL,
+	`category` text,
+	`access_pattern` text,
+	`targets_json` text DEFAULT '[]' NOT NULL,
+	`call_count` integer DEFAULT 0 NOT NULL,
+	`error_count` integer DEFAULT 0 NOT NULL,
+	`first_seen` text NOT NULL,
+	`last_seen` text NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX `idx_agent_perms_agent_id` ON `agent_permissions` (`agent_id`);--> statement-breakpoint
+CREATE INDEX `idx_agent_perms_tool_name` ON `agent_permissions` (`tool_name`);--> statement-breakpoint
+CREATE INDEX `idx_agent_perms_tenant_id` ON `agent_permissions` (`tenant_id`);--> statement-breakpoint
+CREATE INDEX `idx_agent_perms_unique` ON `agent_permissions` (`tenant_id`,`agent_id`,`tool_name`);--> statement-breakpoint
+CREATE TABLE `agents` (
+	`id` text PRIMARY KEY NOT NULL,
+	`tenant_id` text DEFAULT 'default' NOT NULL,
+	`name` text NOT NULL,
+	`description` text,
+	`provider` text DEFAULT 'custom' NOT NULL,
+	`status` text DEFAULT 'inactive' NOT NULL,
+	`last_seen_at` text,
+	`metadata` text DEFAULT '{}' NOT NULL,
+	`created_at` text NOT NULL,
+	`updated_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX `idx_agents_status` ON `agents` (`status`);--> statement-breakpoint
+CREATE INDEX `idx_agents_tenant_id` ON `agents` (`tenant_id`);--> statement-breakpoint
+CREATE TABLE `detection_results` (
+	`id` text PRIMARY KEY NOT NULL,
+	`tenant_id` text DEFAULT 'default' NOT NULL,
+	`agent_id` text,
+	`safe` integer NOT NULL,
+	`categories` text DEFAULT '[]' NOT NULL,
+	`sensitivity_score` real DEFAULT 0 NOT NULL,
+	`findings` text DEFAULT '[]' NOT NULL,
+	`latency_ms` integer NOT NULL,
+	`request_id` text NOT NULL,
+	`created_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX `idx_detection_results_agent_id` ON `detection_results` (`agent_id`);--> statement-breakpoint
+CREATE INDEX `idx_detection_results_created_at` ON `detection_results` (`created_at`);--> statement-breakpoint
+CREATE INDEX `idx_detection_results_tenant_id` ON `detection_results` (`tenant_id`);--> statement-breakpoint
+CREATE TABLE `magic_links` (
+	`id` text PRIMARY KEY NOT NULL,
+	`email` text NOT NULL,
+	`token` text NOT NULL,
+	`expires_at` text NOT NULL,
+	`used_at` text,
+	`created_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `magic_links_token_unique` ON `magic_links` (`token`);--> statement-breakpoint
+CREATE INDEX `idx_magic_links_token` ON `magic_links` (`token`);--> statement-breakpoint
+CREATE INDEX `idx_magic_links_email` ON `magic_links` (`email`);--> statement-breakpoint
+CREATE TABLE `policies` (
+	`id` text PRIMARY KEY NOT NULL,
+	`tenant_id` text DEFAULT 'default' NOT NULL,
+	`name` text NOT NULL,
+	`description` text,
+	`scanner_ids` text DEFAULT '[]' NOT NULL,
+	`action` text DEFAULT 'log' NOT NULL,
+	`sensitivity_threshold` real DEFAULT 0.5 NOT NULL,
+	`is_enabled` integer DEFAULT true NOT NULL,
+	`created_at` text NOT NULL,
+	`updated_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX `idx_policies_tenant_id` ON `policies` (`tenant_id`);--> statement-breakpoint
+CREATE TABLE `scanner_definitions` (
+	`id` text PRIMARY KEY NOT NULL,
+	`tenant_id` text DEFAULT 'default' NOT NULL,
+	`scanner_id` text NOT NULL,
+	`name` text NOT NULL,
+	`description` text NOT NULL,
+	`config` text DEFAULT '{}' NOT NULL,
+	`is_enabled` integer DEFAULT true NOT NULL,
+	`is_default` integer DEFAULT false NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX `idx_scanner_defs_scanner_id` ON `scanner_definitions` (`scanner_id`);--> statement-breakpoint
+CREATE INDEX `idx_scanner_defs_tenant_id` ON `scanner_definitions` (`tenant_id`);--> statement-breakpoint
+CREATE TABLE `settings` (
+	`key` text PRIMARY KEY NOT NULL,
+	`value` text NOT NULL,
+	`updated_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE `tool_call_observations` (
+	`id` text PRIMARY KEY NOT NULL,
+	`tenant_id` text DEFAULT 'default' NOT NULL,
+	`agent_id` text NOT NULL,
+	`session_key` text,
+	`tool_name` text NOT NULL,
+	`category` text,
+	`access_pattern` text,
+	`params_json` text,
+	`phase` text NOT NULL,
+	`result_json` text,
+	`error` text,
+	`duration_ms` integer,
+	`blocked` integer DEFAULT false NOT NULL,
+	`block_reason` text,
+	`timestamp` text NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX `idx_tool_obs_agent_id` ON `tool_call_observations` (`agent_id`);--> statement-breakpoint
+CREATE INDEX `idx_tool_obs_tool_name` ON `tool_call_observations` (`tool_name`);--> statement-breakpoint
+CREATE INDEX `idx_tool_obs_timestamp` ON `tool_call_observations` (`timestamp`);--> statement-breakpoint
+CREATE INDEX `idx_tool_obs_tenant_id` ON `tool_call_observations` (`tenant_id`);--> statement-breakpoint
+CREATE TABLE `usage_logs` (
+	`id` text PRIMARY KEY NOT NULL,
+	`tenant_id` text DEFAULT 'default' NOT NULL,
+	`agent_id` text,
+	`endpoint` text NOT NULL,
+	`status_code` integer NOT NULL,
+	`response_safe` integer,
+	`categories` text DEFAULT '[]' NOT NULL,
+	`latency_ms` integer NOT NULL,
+	`request_id` text NOT NULL,
+	`created_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX `idx_usage_logs_agent_id` ON `usage_logs` (`agent_id`);--> statement-breakpoint
+CREATE INDEX `idx_usage_logs_created_at` ON `usage_logs` (`created_at`);--> statement-breakpoint
+CREATE INDEX `idx_usage_logs_tenant_id` ON `usage_logs` (`tenant_id`);--> statement-breakpoint
+CREATE TABLE `user_sessions` (
+	`id` text PRIMARY KEY NOT NULL,
+	`email` text NOT NULL,
+	`token` text NOT NULL,
+	`expires_at` text NOT NULL,
+	`created_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `user_sessions_token_unique` ON `user_sessions` (`token`);--> statement-breakpoint
+CREATE INDEX `idx_user_sessions_token` ON `user_sessions` (`token`);--> statement-breakpoint
+CREATE INDEX `idx_user_sessions_email` ON `user_sessions` (`email`);