npm - @secondlayer/shared - Versions diffs - 1.1.0 → 2.1.0 - Mend

@secondlayer/shared 1.1.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/dist/src/db/index.d.ts +89 -6
package/dist/src/db/index.js +53 -29
package/dist/src/db/index.js.map +4 -4
package/dist/src/db/jsonb.js.map +2 -2
package/dist/src/db/queries/accounts.d.ts +58 -2
package/dist/src/db/queries/integrity.d.ts +58 -2
package/dist/src/db/queries/projects.d.ts +58 -2
package/dist/src/db/queries/projects.js.map +2 -2
package/dist/src/db/queries/{marketplace.d.ts → provisioning-audit.d.ts} +79 -56
package/dist/src/db/queries/provisioning-audit.js +40 -0
package/dist/src/db/queries/provisioning-audit.js.map +10 -0
package/dist/src/db/queries/subgraph-gaps.d.ts +58 -2
package/dist/src/db/queries/subgraphs.d.ts +62 -5
package/dist/src/db/queries/subgraphs.js +3 -9
package/dist/src/db/queries/subgraphs.js.map +4 -4
package/dist/src/db/queries/tenants.d.ts +527 -0
package/dist/src/db/queries/tenants.js +220 -0
package/dist/src/db/queries/tenants.js.map +11 -0
package/dist/src/db/queries/usage.d.ts +58 -2
package/dist/src/db/queries/usage.js +3 -3
package/dist/src/db/queries/usage.js.map +3 -3
package/dist/src/db/queries/workflows.d.ts +58 -2
package/dist/src/db/queries/workflows.js +31 -3
package/dist/src/db/queries/workflows.js.map +4 -4
package/dist/src/db/schema.d.ts +67 -3
package/dist/src/env.d.ts +10 -0
package/dist/src/env.js +3 -1
package/dist/src/env.js.map +3 -3
package/dist/src/errors.d.ts +17 -3
package/dist/src/errors.js +34 -3
package/dist/src/errors.js.map +3 -3
package/dist/src/index.d.ts +142 -84
package/dist/src/index.js +146 -99
package/dist/src/index.js.map +8 -8
package/dist/src/logger.js +3 -1
package/dist/src/logger.js.map +3 -3
package/dist/src/mode.d.ts +29 -0
package/dist/src/mode.js +43 -0
package/dist/src/mode.js.map +10 -0
package/dist/src/node/archive-client.js +3 -1
package/dist/src/node/archive-client.js.map +3 -3
package/dist/src/node/hiro-client.js +3 -1
package/dist/src/node/hiro-client.js.map +3 -3
package/dist/src/node/local-client.d.ts +58 -2
package/dist/src/queue/listener.d.ts +11 -2
package/dist/src/queue/listener.js +11 -12
package/dist/src/queue/listener.js.map +3 -3
package/dist/src/schemas/accounts.d.ts +14 -0
package/dist/src/schemas/{marketplace.js → accounts.js} +4 -14
package/dist/src/schemas/accounts.js.map +10 -0
package/dist/src/schemas/index.d.ts +28 -77
package/dist/src/schemas/index.js +59 -69
package/dist/src/schemas/index.js.map +4 -4
package/dist/src/types.d.ts +10 -0
package/migrations/0037_nullable_api_key.ts +35 -0
package/migrations/0038_drop_workflow_tables.ts +46 -0
package/migrations/0039_tenants.ts +66 -0
package/migrations/0040_tenant_key_generations.ts +29 -0
package/migrations/0041_subgraphs_drop_api_key_id.ts +49 -0
package/migrations/0042_tenant_project_id.ts +25 -0
package/migrations/0043_tenant_usage_monthly.ts +36 -0
package/migrations/0044_provisioning_audit_log.ts +40 -0
package/package.json +15 -7
package/dist/src/db/queries/marketplace.js +0 -142
package/dist/src/db/queries/marketplace.js.map +0 -10
package/dist/src/schemas/marketplace.d.ts +0 -63
package/dist/src/schemas/marketplace.js.map +0 -10

package/dist/src/db/queries/tenants.d.ts ADDED Viewed

@@ -0,0 +1,527 @@
+import { Kysely } from "kysely";
+import { ColumnType, Generated, Selectable } from "kysely";
+interface BlocksTable {
+	height: number;
+	hash: string;
+	parent_hash: string;
+	burn_block_height: number;
+	timestamp: number;
+	canonical: Generated<boolean>;
+	created_at: Generated<Date>;
+}
+interface TransactionsTable {
+	tx_id: string;
+	block_height: number;
+	tx_index: Generated<number>;
+	type: string;
+	sender: string;
+	status: string;
+	contract_id: string | null;
+	function_name: string | null;
+	function_args: Generated<unknown | null>;
+	raw_result: Generated<string | null>;
+	raw_tx: string;
+	created_at: Generated<Date>;
+}
+interface EventsTable {
+	id: Generated<string>;
+	tx_id: string;
+	block_height: number;
+	event_index: number;
+	type: string;
+	data: unknown;
+	created_at: Generated<Date>;
+}
+interface IndexProgressTable {
+	network: string;
+	last_indexed_block: Generated<number>;
+	last_contiguous_block: Generated<number>;
+	highest_seen_block: Generated<number>;
+	updated_at: Generated<Date>;
+}
+interface SubgraphsTable {
+	id: Generated<string>;
+	name: string;
+	version: Generated<string>;
+	status: Generated<string>;
+	definition: Record<string, unknown>;
+	schema_hash: string;
+	handler_path: string;
+	schema_name: string | null;
+	start_block: Generated<number>;
+	last_processed_block: Generated<number>;
+	reindex_from_block: number | null;
+	reindex_to_block: number | null;
+	last_error: string | null;
+	last_error_at: Date | null;
+	total_processed: Generated<number>;
+	total_errors: Generated<number>;
+	account_id: string;
+	handler_code: string | null;
+	source_code: string | null;
+	project_id: string | null;
+	is_public: Generated<boolean>;
+	tags: Generated<string[]>;
+	description: string | null;
+	forked_from_id: string | null;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+interface SubgraphGapsTable {
+	id: Generated<string>;
+	subgraph_id: string;
+	subgraph_name: string;
+	gap_start: number;
+	gap_end: number;
+	reason: string;
+	detected_at: Generated<Date>;
+	resolved_at: Date | null;
+}
+interface ApiKeysTable {
+	id: Generated<string>;
+	key_hash: string;
+	key_prefix: string;
+	name: string | null;
+	status: Generated<string>;
+	rate_limit: Generated<number>;
+	ip_address: string;
+	account_id: string;
+	last_used_at: Date | null;
+	revoked_at: Date | null;
+	created_at: Generated<Date>;
+}
+interface AccountsTable {
+	id: Generated<string>;
+	email: string;
+	plan: Generated<string>;
+	display_name: string | null;
+	bio: string | null;
+	avatar_url: string | null;
+	slug: string | null;
+	created_at: Generated<Date>;
+}
+interface SessionsTable {
+	id: Generated<string>;
+	token_hash: string;
+	token_prefix: string;
+	account_id: string;
+	ip_address: string;
+	expires_at: Generated<Date>;
+	revoked_at: Date | null;
+	last_used_at: Date | null;
+	created_at: Generated<Date>;
+}
+interface MagicLinksTable {
+	id: Generated<string>;
+	email: string;
+	token: string;
+	code: string | null;
+	expires_at: Date;
+	used_at: Date | null;
+	failed_attempts: Generated<number>;
+	created_at: Generated<Date>;
+}
+interface UsageDailyTable {
+	account_id: string;
+	date: string;
+	api_requests: Generated<number>;
+	deliveries: Generated<number>;
+}
+interface UsageSnapshotsTable {
+	id: Generated<string>;
+	account_id: string;
+	measured_at: Generated<Date>;
+	storage_bytes: Generated<number>;
+}
+interface WaitlistTable {
+	id: Generated<string>;
+	email: string;
+	source: Generated<string>;
+	status: Generated<string>;
+	created_at: Generated<Date>;
+}
+interface AccountInsightsTable {
+	id: Generated<string>;
+	account_id: string;
+	category: string;
+	insight_type: string;
+	resource_id: string | null;
+	severity: string;
+	title: string;
+	body: string;
+	data: unknown;
+	dismissed_at: Date | null;
+	expires_at: Date | null;
+	created_at: Generated<Date>;
+}
+interface AccountAgentRunsTable {
+	id: Generated<string>;
+	account_id: string;
+	started_at: Generated<Date>;
+	completed_at: Date | null;
+	status: Generated<string>;
+	input_tokens: Generated<number>;
+	output_tokens: Generated<number>;
+	cost_usd: Generated<number>;
+	insights_created: Generated<number>;
+	error: string | null;
+}
+interface SubgraphProcessingStatsTable {
+	id: Generated<string>;
+	subgraph_name: string;
+	api_key_id: string | null;
+	bucket_start: Date | null;
+	bucket_end: Date | null;
+	blocks_processed: number | null;
+	total_time_ms: number | null;
+	handler_time_ms: number | null;
+	flush_time_ms: number | null;
+	max_block_time_ms: number | null;
+	max_handler_time_ms: number | null;
+	avg_ops_per_block: number | null;
+	is_catchup: Generated<boolean>;
+	created_at: Generated<Date>;
+}
+interface SubgraphTableSnapshotsTable {
+	id: Generated<string>;
+	subgraph_name: string;
+	api_key_id: string | null;
+	table_name: string;
+	row_count: number | null;
+	created_at: Generated<Date>;
+}
+interface SubgraphHealthSnapshotsTable {
+	id: Generated<string>;
+	subgraph_id: string;
+	total_processed: number;
+	total_errors: number;
+	last_processed_block: number | null;
+	captured_at: Generated<Date>;
+}
+interface SubgraphUsageDailyTable {
+	subgraph_id: string;
+	date: string;
+	query_count: Generated<number>;
+}
+interface ProjectsTable {
+	id: Generated<string>;
+	name: string;
+	slug: string;
+	account_id: string;
+	settings: Generated<Record<string, unknown>>;
+	network: Generated<string>;
+	node_rpc: string | null;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+interface TeamMembersTable {
+	id: Generated<string>;
+	project_id: string;
+	account_id: string;
+	role: Generated<string>;
+	invited_by: string | null;
+	created_at: Generated<Date>;
+}
+interface TeamInvitationsTable {
+	id: Generated<string>;
+	project_id: string;
+	email: string;
+	role: Generated<string>;
+	token: string;
+	invited_by: string | null;
+	expires_at: Date;
+	accepted_at: Date | null;
+	created_at: Generated<Date>;
+}
+interface ChatSessionsTable {
+	id: Generated<string>;
+	account_id: string;
+	title: string | null;
+	summary: unknown | null;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+interface ChatMessagesTable {
+	id: Generated<string>;
+	chat_session_id: string;
+	role: string;
+	parts: unknown;
+	metadata: unknown | null;
+	created_at: Generated<Date>;
+}
+interface WorkflowDefinitionsTable {
+	id: Generated<string>;
+	name: string;
+	version: Generated<string>;
+	status: Generated<string>;
+	trigger_type: string;
+	trigger_config: unknown;
+	handler_path: string;
+	source_code: string | null;
+	retries_config: unknown | null;
+	timeout_ms: number | null;
+	api_key_id: string;
+	project_id: string | null;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+interface WorkflowRunsTable {
+	id: Generated<string>;
+	definition_id: string;
+	status: Generated<string>;
+	trigger_type: string;
+	trigger_data: unknown | null;
+	dedup_key: string | null;
+	error: string | null;
+	started_at: Date | null;
+	completed_at: Date | null;
+	duration_ms: number | null;
+	total_ai_tokens: Generated<number>;
+	created_at: Generated<Date>;
+}
+interface WorkflowStepsTable {
+	id: Generated<string>;
+	run_id: string;
+	step_index: number;
+	step_id: string;
+	step_type: string;
+	status: Generated<string>;
+	input: unknown | null;
+	output: unknown | null;
+	error: string | null;
+	retry_count: Generated<number>;
+	ai_tokens_used: Generated<number>;
+	started_at: Date | null;
+	completed_at: Date | null;
+	duration_ms: number | null;
+	memo_key: string | null;
+	parent_step_id: string | null;
+	created_at: Generated<Date>;
+}
+interface WorkflowQueueTable {
+	id: Generated<string>;
+	run_id: string;
+	status: Generated<string>;
+	attempts: Generated<number>;
+	max_attempts: Generated<number>;
+	scheduled_for: Generated<Date>;
+	locked_at: Date | null;
+	locked_by: string | null;
+	error: string | null;
+	created_at: Generated<Date>;
+	completed_at: Date | null;
+}
+interface WorkflowSchedulesTable {
+	id: Generated<string>;
+	definition_id: string;
+	cron_expr: string;
+	timezone: Generated<string>;
+	next_run_at: Date;
+	last_run_at: Date | null;
+	enabled: Generated<boolean>;
+	created_at: Generated<Date>;
+}
+interface WorkflowCursorsTable {
+	name: string;
+	block_height: Generated<number>;
+	updated_at: Generated<Date>;
+}
+interface Database {
+	blocks: BlocksTable;
+	transactions: TransactionsTable;
+	events: EventsTable;
+	index_progress: IndexProgressTable;
+	subgraphs: SubgraphsTable;
+	api_keys: ApiKeysTable;
+	accounts: AccountsTable;
+	sessions: SessionsTable;
+	magic_links: MagicLinksTable;
+	usage_daily: UsageDailyTable;
+	usage_snapshots: UsageSnapshotsTable;
+	waitlist: WaitlistTable;
+	account_insights: AccountInsightsTable;
+	account_agent_runs: AccountAgentRunsTable;
+	subgraph_health_snapshots: SubgraphHealthSnapshotsTable;
+	subgraph_processing_stats: SubgraphProcessingStatsTable;
+	subgraph_table_snapshots: SubgraphTableSnapshotsTable;
+	subgraph_gaps: SubgraphGapsTable;
+	subgraph_usage_daily: SubgraphUsageDailyTable;
+	projects: ProjectsTable;
+	team_members: TeamMembersTable;
+	team_invitations: TeamInvitationsTable;
+	chat_sessions: ChatSessionsTable;
+	chat_messages: ChatMessagesTable;
+	workflow_definitions: WorkflowDefinitionsTable;
+	workflow_runs: WorkflowRunsTable;
+	workflow_steps: WorkflowStepsTable;
+	workflow_queue: WorkflowQueueTable;
+	workflow_schedules: WorkflowSchedulesTable;
+	workflow_cursors: WorkflowCursorsTable;
+	workflow_signer_secrets: WorkflowSignerSecretsTable;
+	workflow_budgets: WorkflowBudgetsTable;
+	tenants: TenantsTable;
+	tenant_usage_monthly: TenantUsageMonthlyTable;
+	provisioning_audit_log: ProvisioningAuditLogTable;
+}
+type TenantStatus = "provisioning" | "active" | "suspended" | "error" | "deleted";
+interface TenantsTable {
+	id: Generated<string>;
+	account_id: string;
+	slug: string;
+	status: ColumnType<TenantStatus, TenantStatus | undefined, TenantStatus>;
+	plan: string;
+	cpus: ColumnType<number, number | string, number | string>;
+	memory_mb: number;
+	storage_limit_mb: number;
+	storage_used_mb: number | null;
+	pg_container_id: string | null;
+	api_container_id: string | null;
+	processor_container_id: string | null;
+	target_database_url_enc: Buffer;
+	tenant_jwt_secret_enc: Buffer;
+	anon_key_enc: Buffer;
+	service_key_enc: Buffer;
+	api_url_internal: string;
+	api_url_public: string;
+	trial_ends_at: Date;
+	suspended_at: Date | null;
+	last_health_check_at: Date | null;
+	service_gen: Generated<number>;
+	anon_gen: Generated<number>;
+	project_id: string | null;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+type Tenant = Selectable<TenantsTable>;
+interface TenantUsageMonthlyTable {
+	id: Generated<string>;
+	tenant_id: string;
+	period_month: Date;
+	storage_peak_mb: Generated<number>;
+	storage_avg_mb: Generated<number>;
+	storage_last_mb: Generated<number>;
+	measurements: Generated<number>;
+	first_at: Generated<Date>;
+	last_at: Generated<Date>;
+}
+type ProvisioningAuditEvent = "provision.start" | "provision.success" | "provision.failure" | "suspend" | "resume" | "resize" | "keys.rotate" | "bastion.key.upload" | "bastion.key.revoke" | "teardown";
+type ProvisioningAuditStatus = "ok" | "error";
+interface ProvisioningAuditLogTable {
+	id: Generated<string>;
+	tenant_id: string | null;
+	tenant_slug: string | null;
+	account_id: string | null;
+	actor: string;
+	event: ProvisioningAuditEvent;
+	status: ProvisioningAuditStatus;
+	detail: unknown | null;
+	error: string | null;
+	created_at: Generated<Date>;
+}
+interface WorkflowBudgetsTable {
+	id: Generated<string>;
+	workflow_definition_id: string;
+	/** Period key: "daily:YYYY-MM-DD" | "weekly:YYYY-Www" | "per-run:<uuid>". */
+	period: string;
+	ai_usd_used: Generated<string>;
+	ai_tokens_used: Generated<string>;
+	chain_microstx_used: Generated<string>;
+	chain_tx_count: Generated<number>;
+	run_count: Generated<number>;
+	step_count: Generated<number>;
+	reset_at: Date;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+interface WorkflowSignerSecretsTable {
+	id: Generated<string>;
+	account_id: string;
+	name: string;
+	/** AES-GCM ciphertext bytes produced by the runner's KMS on write. */
+	encrypted_value: Buffer;
+	created_at: Generated<Date>;
+	updated_at: Generated<Date>;
+}
+/**
+* Tenant registry queries. Encrypted columns are stored as `bytea` and
+* transparently encrypted/decrypted via `encryptSecret`/`decryptSecret`.
+*
+* Never return decrypted values from listTenants — only `getTenantCredentials`
+* surfaces plaintext, and only when explicitly called by a caller that
+* needs to hand creds to a CLI or dashboard session.
+*/
+interface NewTenantInput {
+	accountId: string;
+	slug: string;
+	plan: string;
+	cpus: number;
+	memoryMb: number;
+	storageLimitMb: number;
+	pgContainerId: string;
+	apiContainerId: string;
+	processorContainerId: string;
+	targetDatabaseUrl: string;
+	tenantJwtSecret: string;
+	anonKey: string;
+	serviceKey: string;
+	apiUrlInternal: string;
+	apiUrlPublic: string;
+	trialEndsAt: Date;
+	projectId?: string;
+}
+declare function insertTenant(db: Kysely<Database>, input: NewTenantInput): Promise<Tenant>;
+declare function getTenantByAccount(db: Kysely<Database>, accountId: string): Promise<Tenant | null>;
+declare function getTenantBySlug(db: Kysely<Database>, slug: string): Promise<Tenant | null>;
+declare function listTenantsByStatus(db: Kysely<Database>, status: TenantStatus): Promise<Tenant[]>;
+declare function listExpiredTrials(db: Kysely<Database>, now?: Date): Promise<Tenant[]>;
+declare function listSuspendedOlderThan(db: Kysely<Database>, olderThan: Date): Promise<Tenant[]>;
+declare function setTenantStatus(db: Kysely<Database>, slug: string, status: TenantStatus): Promise<void>;
+declare function recordHealthCheck(db: Kysely<Database>, slug: string, storageUsedMb: number | null): Promise<void>;
+/**
+* Record a storage measurement into the current calendar month's bucket.
+* Maintains peak, running average, and the most recent value in a single
+* upsert. Billing will consume this later; for now the table just gives
+* us evidence of usage over time.
+*/
+declare function recordMonthlyUsage(db: Kysely<Database>, tenantId: string, storageMb: number): Promise<void>;
+declare function updateTenantPlan(db: Kysely<Database>, slug: string, plan: string, cpus: number, memoryMb: number, storageLimitMb: number): Promise<void>;
+type RotateType = "service" | "anon" | "both";
+/**
+* Bump the selected gen counter(s) by 1 and return the new values.
+* Used by the key-rotate endpoint to force the tenant API to reject
+* previously-issued tokens of the rotated role(s).
+*/
+declare function bumpTenantKeyGen(db: Kysely<Database>, slug: string, type: RotateType): Promise<{
+	serviceGen: number
+	anonGen: number
+}>;
+/**
+* Replace the encrypted key columns after a successful rotate. Only the
+* rotated column(s) are written — the other stays untouched.
+*/
+declare function updateTenantKeys(db: Kysely<Database>, slug: string, keys: {
+	serviceKey?: string
+	anonKey?: string
+}): Promise<void>;
+/**
+* Hard-delete a tenant row. Call only AFTER the provisioner has torn down
+* containers + volume; otherwise orphaned resources linger. Returns whether
+* a row was actually deleted.
+*/
+declare function deleteTenant(db: Kysely<Database>, slug: string): Promise<boolean>;
+interface TenantCredentials {
+	slug: string;
+	targetDatabaseUrl: string;
+	tenantJwtSecret: string;
+	anonKey: string;
+	serviceKey: string;
+	apiUrlInternal: string;
+	apiUrlPublic: string;
+}
+/**
+* Decrypts the four encrypted columns and returns them plaintext. Call
+* this only when surfacing credentials to an authorized caller (dashboard,
+* CLI). Never log the returned object.
+*/
+declare function getTenantCredentials(db: Kysely<Database>, slug: string): Promise<TenantCredentials | null>;
+export { updateTenantPlan, updateTenantKeys, setTenantStatus, recordMonthlyUsage, recordHealthCheck, listTenantsByStatus, listSuspendedOlderThan, listExpiredTrials, insertTenant, getTenantCredentials, getTenantBySlug, getTenantByAccount, deleteTenant, bumpTenantKeyGen, TenantCredentials, RotateType, NewTenantInput };