@secondlayer/shared 2.0.0 → 3.0.0-alpha.0

package/dist/src/db/queries/projects.d.ts

@@ -60,10 +60,6 @@ interface SubgraphsTable {
 	handler_code: string | null;
 	source_code: string | null;
 	project_id: string | null;
-	is_public: Generated<boolean>;
-	tags: Generated<string[]>;
-	description: string | null;
-	forked_from_id: string | null;
 	created_at: Generated<Date>;
 	updated_at: Generated<Date>;
 }
@@ -98,6 +94,7 @@ interface AccountsTable {
 	bio: string | null;
 	avatar_url: string | null;
 	slug: string | null;
+	stripe_customer_id: string | null;
 	created_at: Generated<Date>;
 }
 interface SessionsTable {
@@ -123,6 +120,7 @@ interface MagicLinksTable {
 }
 interface UsageDailyTable {
 	account_id: string;
+	tenant_id: string | null;
 	date: string;
 	api_requests: Generated<number>;
 	deliveries: Generated<number>;
@@ -249,83 +247,6 @@ interface ChatMessagesTable {
 	metadata: unknown | null;
 	created_at: Generated<Date>;
 }
-interface WorkflowDefinitionsTable {
-	id: Generated<string>;
-	name: string;
-	version: Generated<string>;
-	status: Generated<string>;
-	trigger_type: string;
-	trigger_config: unknown;
-	handler_path: string;
-	source_code: string | null;
-	retries_config: unknown | null;
-	timeout_ms: number | null;
-	api_key_id: string;
-	project_id: string | null;
-	created_at: Generated<Date>;
-	updated_at: Generated<Date>;
-}
-interface WorkflowRunsTable {
-	id: Generated<string>;
-	definition_id: string;
-	status: Generated<string>;
-	trigger_type: string;
-	trigger_data: unknown | null;
-	dedup_key: string | null;
-	error: string | null;
-	started_at: Date | null;
-	completed_at: Date | null;
-	duration_ms: number | null;
-	total_ai_tokens: Generated<number>;
-	created_at: Generated<Date>;
-}
-interface WorkflowStepsTable {
-	id: Generated<string>;
-	run_id: string;
-	step_index: number;
-	step_id: string;
-	step_type: string;
-	status: Generated<string>;
-	input: unknown | null;
-	output: unknown | null;
-	error: string | null;
-	retry_count: Generated<number>;
-	ai_tokens_used: Generated<number>;
-	started_at: Date | null;
-	completed_at: Date | null;
-	duration_ms: number | null;
-	memo_key: string | null;
-	parent_step_id: string | null;
-	created_at: Generated<Date>;
-}
-interface WorkflowQueueTable {
-	id: Generated<string>;
-	run_id: string;
-	status: Generated<string>;
-	attempts: Generated<number>;
-	max_attempts: Generated<number>;
-	scheduled_for: Generated<Date>;
-	locked_at: Date | null;
-	locked_by: string | null;
-	error: string | null;
-	created_at: Generated<Date>;
-	completed_at: Date | null;
-}
-interface WorkflowSchedulesTable {
-	id: Generated<string>;
-	definition_id: string;
-	cron_expr: string;
-	timezone: Generated<string>;
-	next_run_at: Date;
-	last_run_at: Date | null;
-	enabled: Generated<boolean>;
-	created_at: Generated<Date>;
-}
-interface WorkflowCursorsTable {
-	name: string;
-	block_height: Generated<number>;
-	updated_at: Generated<Date>;
-}
 interface Database {
 	blocks: BlocksTable;
 	transactions: TransactionsTable;
@@ -351,15 +272,11 @@ interface Database {
 	team_invitations: TeamInvitationsTable;
 	chat_sessions: ChatSessionsTable;
 	chat_messages: ChatMessagesTable;
-	workflow_definitions: WorkflowDefinitionsTable;
-	workflow_runs: WorkflowRunsTable;
-	workflow_steps: WorkflowStepsTable;
-	workflow_queue: WorkflowQueueTable;
-	workflow_schedules: WorkflowSchedulesTable;
-	workflow_cursors: WorkflowCursorsTable;
-	workflow_signer_secrets: WorkflowSignerSecretsTable;
-	workflow_budgets: WorkflowBudgetsTable;
 	tenants: TenantsTable;
+	tenant_usage_monthly: TenantUsageMonthlyTable;
+	tenant_compute_addons: TenantComputeAddonsTable;
+	account_spend_caps: AccountSpendCapsTable;
+	provisioning_audit_log: ProvisioningAuditLogTable;
 }
 type TenantStatus = "provisioning" | "active" | "suspended" | "error" | "deleted";
 interface TenantsTable {
@@ -381,38 +298,61 @@ interface TenantsTable {
 	service_key_enc: Buffer;
 	api_url_internal: string;
 	api_url_public: string;
-	trial_ends_at: Date;
 	suspended_at: Date | null;
 	last_health_check_at: Date | null;
+	last_active_at: Generated<Date>;
 	service_gen: Generated<number>;
 	anon_gen: Generated<number>;
 	project_id: string | null;
 	created_at: Generated<Date>;
 	updated_at: Generated<Date>;
 }
-interface WorkflowBudgetsTable {
+interface TenantUsageMonthlyTable {
 	id: Generated<string>;
-	workflow_definition_id: string;
-	/** Period key: "daily:YYYY-MM-DD" | "weekly:YYYY-Www" | "per-run:<uuid>". */
-	period: string;
-	ai_usd_used: Generated<string>;
-	ai_tokens_used: Generated<string>;
-	chain_microstx_used: Generated<string>;
-	chain_tx_count: Generated<number>;
-	run_count: Generated<number>;
-	step_count: Generated<number>;
-	reset_at: Date;
+	tenant_id: string;
+	period_month: Date;
+	storage_peak_mb: Generated<number>;
+	storage_avg_mb: Generated<number>;
+	storage_last_mb: Generated<number>;
+	measurements: Generated<number>;
+	first_at: Generated<Date>;
+	last_at: Generated<Date>;
+}
+interface TenantComputeAddonsTable {
+	id: Generated<string>;
+	tenant_id: string;
+	memory_mb_delta: Generated<number>;
+	cpu_delta: Generated<number | string>;
+	storage_mb_delta: Generated<number>;
+	effective_from: Generated<Date>;
+	effective_until: Date | null;
+	stripe_subscription_item_id: string | null;
 	created_at: Generated<Date>;
+}
+interface AccountSpendCapsTable {
+	account_id: string;
+	monthly_cap_cents: number | null;
+	compute_cap_cents: number | null;
+	storage_cap_cents: number | null;
+	ai_cap_cents: number | null;
+	alert_threshold_pct: Generated<number>;
+	alert_sent_at: Date | null;
+	frozen_at: Date | null;
 	updated_at: Generated<Date>;
 }
-interface WorkflowSignerSecretsTable {
+type ProvisioningAuditEvent = "provision.start" | "provision.success" | "provision.failure" | "suspend" | "resume" | "resize" | "keys.rotate" | "bastion.key.upload" | "bastion.key.revoke" | "teardown";
+type ProvisioningAuditStatus = "ok" | "error";
+interface ProvisioningAuditLogTable {
 	id: Generated<string>;
-	account_id: string;
-	name: string;
-	/** AES-GCM ciphertext bytes produced by the runner's KMS on write. */
-	encrypted_value: Buffer;
+	tenant_id: string | null;
+	tenant_slug: string | null;
+	account_id: string | null;
+	actor: string;
+	event: ProvisioningAuditEvent;
+	status: ProvisioningAuditStatus;
+	detail: unknown | null;
+	error: string | null;
 	created_at: Generated<Date>;
-	updated_at: Generated<Date>;
 }
 type Project = Selectable<ProjectsTable>;
 type TeamInvitation = Selectable<TeamInvitationsTable>;

package/dist/src/db/queries/{workflows.d.ts → provisioning-audit.d.ts}

@@ -60,10 +60,6 @@ interface SubgraphsTable {
 	handler_code: string | null;
 	source_code: string | null;
 	project_id: string | null;
-	is_public: Generated<boolean>;
-	tags: Generated<string[]>;
-	description: string | null;
-	forked_from_id: string | null;
 	created_at: Generated<Date>;
 	updated_at: Generated<Date>;
 }
@@ -98,6 +94,7 @@ interface AccountsTable {
 	bio: string | null;
 	avatar_url: string | null;
 	slug: string | null;
+	stripe_customer_id: string | null;
 	created_at: Generated<Date>;
 }
 interface SessionsTable {
@@ -123,6 +120,7 @@ interface MagicLinksTable {
 }
 interface UsageDailyTable {
 	account_id: string;
+	tenant_id: string | null;
 	date: string;
 	api_requests: Generated<number>;
 	deliveries: Generated<number>;
@@ -249,83 +247,6 @@ interface ChatMessagesTable {
 	metadata: unknown | null;
 	created_at: Generated<Date>;
 }
-interface WorkflowDefinitionsTable {
-	id: Generated<string>;
-	name: string;
-	version: Generated<string>;
-	status: Generated<string>;
-	trigger_type: string;
-	trigger_config: unknown;
-	handler_path: string;
-	source_code: string | null;
-	retries_config: unknown | null;
-	timeout_ms: number | null;
-	api_key_id: string;
-	project_id: string | null;
-	created_at: Generated<Date>;
-	updated_at: Generated<Date>;
-}
-interface WorkflowRunsTable {
-	id: Generated<string>;
-	definition_id: string;
-	status: Generated<string>;
-	trigger_type: string;
-	trigger_data: unknown | null;
-	dedup_key: string | null;
-	error: string | null;
-	started_at: Date | null;
-	completed_at: Date | null;
-	duration_ms: number | null;
-	total_ai_tokens: Generated<number>;
-	created_at: Generated<Date>;
-}
-interface WorkflowStepsTable {
-	id: Generated<string>;
-	run_id: string;
-	step_index: number;
-	step_id: string;
-	step_type: string;
-	status: Generated<string>;
-	input: unknown | null;
-	output: unknown | null;
-	error: string | null;
-	retry_count: Generated<number>;
-	ai_tokens_used: Generated<number>;
-	started_at: Date | null;
-	completed_at: Date | null;
-	duration_ms: number | null;
-	memo_key: string | null;
-	parent_step_id: string | null;
-	created_at: Generated<Date>;
-}
-interface WorkflowQueueTable {
-	id: Generated<string>;
-	run_id: string;
-	status: Generated<string>;
-	attempts: Generated<number>;
-	max_attempts: Generated<number>;
-	scheduled_for: Generated<Date>;
-	locked_at: Date | null;
-	locked_by: string | null;
-	error: string | null;
-	created_at: Generated<Date>;
-	completed_at: Date | null;
-}
-interface WorkflowSchedulesTable {
-	id: Generated<string>;
-	definition_id: string;
-	cron_expr: string;
-	timezone: Generated<string>;
-	next_run_at: Date;
-	last_run_at: Date | null;
-	enabled: Generated<boolean>;
-	created_at: Generated<Date>;
-}
-interface WorkflowCursorsTable {
-	name: string;
-	block_height: Generated<number>;
-	updated_at: Generated<Date>;
-}
 interface Database {
 	blocks: BlocksTable;
 	transactions: TransactionsTable;
@@ -351,15 +272,11 @@ interface Database {
 	team_invitations: TeamInvitationsTable;
 	chat_sessions: ChatSessionsTable;
 	chat_messages: ChatMessagesTable;
-	workflow_definitions: WorkflowDefinitionsTable;
-	workflow_runs: WorkflowRunsTable;
-	workflow_steps: WorkflowStepsTable;
-	workflow_queue: WorkflowQueueTable;
-	workflow_schedules: WorkflowSchedulesTable;
-	workflow_cursors: WorkflowCursorsTable;
-	workflow_signer_secrets: WorkflowSignerSecretsTable;
-	workflow_budgets: WorkflowBudgetsTable;
 	tenants: TenantsTable;
+	tenant_usage_monthly: TenantUsageMonthlyTable;
+	tenant_compute_addons: TenantComputeAddonsTable;
+	account_spend_caps: AccountSpendCapsTable;
+	provisioning_audit_log: ProvisioningAuditLogTable;
 }
 type TenantStatus = "provisioning" | "active" | "suspended" | "error" | "deleted";
 interface TenantsTable {
@@ -381,71 +298,82 @@ interface TenantsTable {
 	service_key_enc: Buffer;
 	api_url_internal: string;
 	api_url_public: string;
-	trial_ends_at: Date;
 	suspended_at: Date | null;
 	last_health_check_at: Date | null;
+	last_active_at: Generated<Date>;
 	service_gen: Generated<number>;
 	anon_gen: Generated<number>;
 	project_id: string | null;
 	created_at: Generated<Date>;
 	updated_at: Generated<Date>;
 }
-interface WorkflowBudgetsTable {
+interface TenantUsageMonthlyTable {
 	id: Generated<string>;
-	workflow_definition_id: string;
-	/** Period key: "daily:YYYY-MM-DD" | "weekly:YYYY-Www" | "per-run:<uuid>". */
-	period: string;
-	ai_usd_used: Generated<string>;
-	ai_tokens_used: Generated<string>;
-	chain_microstx_used: Generated<string>;
-	chain_tx_count: Generated<number>;
-	run_count: Generated<number>;
-	step_count: Generated<number>;
-	reset_at: Date;
+	tenant_id: string;
+	period_month: Date;
+	storage_peak_mb: Generated<number>;
+	storage_avg_mb: Generated<number>;
+	storage_last_mb: Generated<number>;
+	measurements: Generated<number>;
+	first_at: Generated<Date>;
+	last_at: Generated<Date>;
+}
+interface TenantComputeAddonsTable {
+	id: Generated<string>;
+	tenant_id: string;
+	memory_mb_delta: Generated<number>;
+	cpu_delta: Generated<number | string>;
+	storage_mb_delta: Generated<number>;
+	effective_from: Generated<Date>;
+	effective_until: Date | null;
+	stripe_subscription_item_id: string | null;
 	created_at: Generated<Date>;
+}
+interface AccountSpendCapsTable {
+	account_id: string;
+	monthly_cap_cents: number | null;
+	compute_cap_cents: number | null;
+	storage_cap_cents: number | null;
+	ai_cap_cents: number | null;
+	alert_threshold_pct: Generated<number>;
+	alert_sent_at: Date | null;
+	frozen_at: Date | null;
 	updated_at: Generated<Date>;
 }
-interface WorkflowSignerSecretsTable {
+type ProvisioningAuditEvent = "provision.start" | "provision.success" | "provision.failure" | "suspend" | "resume" | "resize" | "keys.rotate" | "bastion.key.upload" | "bastion.key.revoke" | "teardown";
+type ProvisioningAuditStatus = "ok" | "error";
+interface ProvisioningAuditLogTable {
 	id: Generated<string>;
-	account_id: string;
-	name: string;
-	/** AES-GCM ciphertext bytes produced by the runner's KMS on write. */
-	encrypted_value: Buffer;
+	tenant_id: string | null;
+	tenant_slug: string | null;
+	account_id: string | null;
+	actor: string;
+	event: ProvisioningAuditEvent;
+	status: ProvisioningAuditStatus;
+	detail: unknown | null;
+	error: string | null;
 	created_at: Generated<Date>;
-	updated_at: Generated<Date>;
 }
-type WorkflowDefinition = Selectable<WorkflowDefinitionsTable>;
-type WorkflowRun = Selectable<WorkflowRunsTable>;
-type WorkflowStep = Selectable<WorkflowStepsTable>;
-/** Bump the patch digit of a semver string. Falls back to "1.0.1" on malformed input. */
-declare function bumpPatch(version: string): string;
-declare function listWorkflowDefinitions(db: Kysely<Database>, apiKeyIds?: string[]): Promise<WorkflowDefinition[]>;
-declare function getWorkflowDefinition(db: Kysely<Database>, name: string, apiKeyIds?: string[]): Promise<WorkflowDefinition | null>;
-declare function upsertWorkflowDefinition(db: Kysely<Database>, data: {
-	name: string
-	triggerType: string
-	triggerConfig: Record<string, unknown>
-	handlerPath: string
-	apiKeyId: string
-	projectId?: string
-	retriesConfig?: Record<string, unknown>
-	timeoutMs?: number
-	sourceCode?: string
-	expectedVersion?: string
-}): Promise<WorkflowDefinition>;
-declare function updateWorkflowStatus(db: Kysely<Database>, name: string, apiKeyId: string, status: string): Promise<void>;
-declare function deleteWorkflowDefinition(db: Kysely<Database>, name: string, apiKeyId: string): Promise<void>;
-declare function createWorkflowRun(db: Kysely<Database>, data: {
-	definitionId: string
-	triggerType: string
-	triggerData?: Record<string, unknown>
-	dedupKey?: string
-}): Promise<WorkflowRun>;
-declare function getWorkflowRun(db: Kysely<Database>, runId: string): Promise<WorkflowRun | null>;
-declare function listWorkflowRuns(db: Kysely<Database>, definitionId: string, params?: {
-	status?: string
-	limit?: number
-	offset?: number
-}): Promise<WorkflowRun[]>;
-declare function getWorkflowSteps(db: Kysely<Database>, runId: string): Promise<WorkflowStep[]>;
-export { upsertWorkflowDefinition, updateWorkflowStatus, listWorkflowRuns, listWorkflowDefinitions, getWorkflowSteps, getWorkflowRun, getWorkflowDefinition, deleteWorkflowDefinition, createWorkflowRun, bumpPatch };
+type ProvisioningAuditLog = Selectable<ProvisioningAuditLogTable>;
+/**
+* Provisioning audit trail — every lifecycle event that mutates a tenant
+* lands here. Write on both happy and sad paths so we can reconstruct
+* what was attempted and what failed.
+*
+* `actor` is the logical source (e.g. `account:<uuid>`, `worker:tenant-health`,
+* `admin:<uuid>`). Keep it grep-able — this is the only breadcrumb when
+* something goes sideways.
+*/
+interface AuditInput {
+	tenantId?: string | null;
+	tenantSlug?: string | null;
+	accountId?: string | null;
+	actor: string;
+	event: ProvisioningAuditEvent;
+	status: ProvisioningAuditStatus;
+	detail?: unknown;
+	error?: string;
+}
+declare function recordProvisioningAudit(db: Kysely<Database>, input: AuditInput): Promise<void>;
+declare function listAuditForTenant(db: Kysely<Database>, tenantId: string, limit?: number): Promise<ProvisioningAuditLog[]>;
+export { recordProvisioningAudit, listAuditForTenant, AuditInput };

package/dist/src/db/queries/provisioning-audit.js

@@ -0,0 +1,40 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+
+// src/db/queries/provisioning-audit.ts
+async function recordProvisioningAudit(db, input) {
+  const row = {
+    tenant_id: input.tenantId ?? null,
+    tenant_slug: input.tenantSlug ?? null,
+    account_id: input.accountId ?? null,
+    actor: input.actor,
+    event: input.event,
+    status: input.status,
+    detail: input.detail ?? null,
+    error: input.error ?? null
+  };
+  await db.insertInto("provisioning_audit_log").values(row).execute();
+}
+async function listAuditForTenant(db, tenantId, limit = 50) {
+  return db.selectFrom("provisioning_audit_log").selectAll().where("tenant_id", "=", tenantId).orderBy("created_at", "desc").limit(limit).execute();
+}
+export {
+  recordProvisioningAudit,
+  listAuditForTenant
+};
+
+//# debugId=DF2744A82ED5118E64756E2164756E21
+//# sourceMappingURL=provisioning-audit.js.map

package/dist/src/db/queries/provisioning-audit.js.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../src/db/queries/provisioning-audit.ts"],
+  "sourcesContent": [
+    "import type { Kysely } from \"kysely\";\nimport type {\n\tDatabase,\n\tInsertProvisioningAuditLog,\n\tProvisioningAuditEvent,\n\tProvisioningAuditLog,\n\tProvisioningAuditStatus,\n} from \"../types.ts\";\n\n/**\n * Provisioning audit trail — every lifecycle event that mutates a tenant\n * lands here. Write on both happy and sad paths so we can reconstruct\n * what was attempted and what failed.\n *\n * `actor` is the logical source (e.g. `account:<uuid>`, `worker:tenant-health`,\n * `admin:<uuid>`). Keep it grep-able — this is the only breadcrumb when\n * something goes sideways.\n */\n\nexport interface AuditInput {\n\ttenantId?: string | null;\n\ttenantSlug?: string | null;\n\taccountId?: string | null;\n\tactor: string;\n\tevent: ProvisioningAuditEvent;\n\tstatus: ProvisioningAuditStatus;\n\tdetail?: unknown;\n\terror?: string;\n}\n\nexport async function recordProvisioningAudit(\n\tdb: Kysely<Database>,\n\tinput: AuditInput,\n): Promise<void> {\n\tconst row: InsertProvisioningAuditLog = {\n\t\ttenant_id: input.tenantId ?? null,\n\t\ttenant_slug: input.tenantSlug ?? null,\n\t\taccount_id: input.accountId ?? null,\n\t\tactor: input.actor,\n\t\tevent: input.event,\n\t\tstatus: input.status,\n\t\tdetail: input.detail ?? null,\n\t\terror: input.error ?? null,\n\t};\n\tawait db.insertInto(\"provisioning_audit_log\").values(row).execute();\n}\n\nexport async function listAuditForTenant(\n\tdb: Kysely<Database>,\n\ttenantId: string,\n\tlimit = 50,\n): Promise<ProvisioningAuditLog[]> {\n\treturn db\n\t\t.selectFrom(\"provisioning_audit_log\")\n\t\t.selectAll()\n\t\t.where(\"tenant_id\", \"=\", tenantId)\n\t\t.orderBy(\"created_at\", \"desc\")\n\t\t.limit(limit)\n\t\t.execute();\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;AA8BA,eAAsB,uBAAuB,CAC5C,IACA,OACgB;AAAA,EAChB,MAAM,MAAkC;AAAA,IACvC,WAAW,MAAM,YAAY;AAAA,IAC7B,aAAa,MAAM,cAAc;AAAA,IACjC,YAAY,MAAM,aAAa;AAAA,IAC/B,OAAO,MAAM;AAAA,IACb,OAAO,MAAM;AAAA,IACb,QAAQ,MAAM;AAAA,IACd,QAAQ,MAAM,UAAU;AAAA,IACxB,OAAO,MAAM,SAAS;AAAA,EACvB;AAAA,EACA,MAAM,GAAG,WAAW,wBAAwB,EAAE,OAAO,GAAG,EAAE,QAAQ;AAAA;AAGnE,eAAsB,kBAAkB,CACvC,IACA,UACA,QAAQ,IAC0B;AAAA,EAClC,OAAO,GACL,WAAW,wBAAwB,EACnC,UAAU,EACV,MAAM,aAAa,KAAK,QAAQ,EAChC,QAAQ,cAAc,MAAM,EAC5B,MAAM,KAAK,EACX,QAAQ;AAAA;",
+  "debugId": "DF2744A82ED5118E64756E2164756E21",
+  "names": []
+}