npm - @secondlayer/shared - Versions diffs - 2.0.0 → 3.0.0-alpha.0 - Mend

@secondlayer/shared 2.0.0 → 3.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/README.md +2 -2
package/dist/src/db/index.d.ts +64 -130
package/dist/src/db/index.js.map +2 -2
package/dist/src/db/jsonb.d.ts +5 -1
package/dist/src/db/jsonb.js.map +2 -2
package/dist/src/db/queries/account-spend-caps.d.ts +379 -0
package/dist/src/db/queries/account-spend-caps.js +60 -0
package/dist/src/db/queries/account-spend-caps.js.map +10 -0
package/dist/src/db/queries/account-usage.d.ts +403 -0
package/dist/src/db/queries/account-usage.js +222 -0
package/dist/src/db/queries/account-usage.js.map +11 -0
package/dist/src/db/queries/accounts.d.ts +61 -108
package/dist/src/db/queries/accounts.js +15 -1
package/dist/src/db/queries/accounts.js.map +3 -3
package/dist/src/db/queries/integrity.d.ts +47 -107
package/dist/src/db/queries/projects.d.ts +47 -107
package/dist/src/db/queries/{workflows.d.ts → provisioning-audit.d.ts} +70 -142
package/dist/src/db/queries/provisioning-audit.js +40 -0
package/dist/src/db/queries/provisioning-audit.js.map +10 -0
package/dist/src/db/queries/subgraph-gaps.d.ts +47 -107
package/dist/src/db/queries/subgraphs.d.ts +47 -108
package/dist/src/db/queries/subgraphs.js +2 -3
package/dist/src/db/queries/subgraphs.js.map +4 -4
package/dist/src/db/queries/{marketplace.d.ts → tenant-compute-addons.d.ts} +66 -159
package/dist/src/db/queries/tenant-compute-addons.js +47 -0
package/dist/src/db/queries/tenant-compute-addons.js.map +10 -0
package/dist/src/db/queries/tenants.d.ts +67 -110
package/dist/src/db/queries/tenants.js +35 -6
package/dist/src/db/queries/tenants.js.map +3 -3
package/dist/src/db/queries/usage.d.ts +48 -132
package/dist/src/db/queries/usage.js +5 -64
package/dist/src/db/queries/usage.js.map +4 -5
package/dist/src/db/schema.d.ts +59 -129
package/dist/src/errors.d.ts +8 -7
package/dist/src/errors.js +11 -12
package/dist/src/errors.js.map +3 -3
package/dist/src/index.d.ts +98 -212
package/dist/src/index.js +69 -80
package/dist/src/index.js.map +6 -6
package/dist/src/mode.d.ts +4 -5
package/dist/src/mode.js.map +2 -2
package/dist/src/node/local-client.d.ts +47 -107
package/dist/src/pricing.d.ts +20 -1
package/dist/src/pricing.js +58 -1
package/dist/src/pricing.js.map +3 -3
package/dist/src/schemas/accounts.d.ts +14 -0
package/dist/src/schemas/{marketplace.js → accounts.js} +4 -14
package/dist/src/schemas/accounts.js.map +10 -0
package/dist/src/schemas/index.d.ts +28 -77
package/dist/src/schemas/index.js +59 -69
package/dist/src/schemas/index.js.map +4 -4
package/migrations/0043_tenant_usage_monthly.ts +36 -0
package/migrations/0044_provisioning_audit_log.ts +40 -0
package/migrations/0045_drop_marketplace_columns.ts +47 -0
package/migrations/0046_tenant_activity_signal.ts +47 -0
package/migrations/0047_usage_daily_tenant_id.ts +73 -0
package/migrations/0048_tenant_compute_addons.ts +49 -0
package/migrations/0049_accounts_stripe_customer_id.ts +30 -0
package/migrations/0050_account_spend_caps.ts +45 -0
package/migrations/0051_workflow_ai_usage_daily.ts +40 -0
package/migrations/0052_sentries.ts +61 -0
package/migrations/0053_workflow_runtime.ts +88 -0
package/migrations/0054_accounts_plan_hobby.ts +32 -0
package/migrations/0055_ai_usage_account_scope.ts +108 -0
package/migrations/0056_drop_workflow_sentry_residuals.ts +23 -0
package/package.json +33 -21
package/dist/src/db/queries/marketplace.js +0 -139
package/dist/src/db/queries/marketplace.js.map +0 -10
package/dist/src/db/queries/workflows.js +0 -260
package/dist/src/db/queries/workflows.js.map +0 -12
package/dist/src/lib/plans.d.ts +0 -9
package/dist/src/lib/plans.js +0 -37
package/dist/src/lib/plans.js.map +0 -10
package/dist/src/schemas/marketplace.d.ts +0 -63
package/dist/src/schemas/marketplace.js.map +0 -10
package/dist/src/schemas/workflows.d.ts +0 -70
package/dist/src/schemas/workflows.js +0 -43
package/dist/src/schemas/workflows.js.map +0 -10

package/dist/src/db/queries/{marketplace.d.ts → tenant-compute-addons.d.ts} RENAMED Viewed

@@ -60,10 +60,6 @@ interface SubgraphsTable {
 	handler_code: string | null;
 	source_code: string | null;
 	project_id: string | null;
-	is_public: Generated<boolean>;
-	tags: Generated<string[]>;
-	description: string | null;
-	forked_from_id: string | null;
 	created_at: Generated<Date>;
 	updated_at: Generated<Date>;
 }
@@ -98,6 +94,7 @@ interface AccountsTable {
 	bio: string | null;
 	avatar_url: string | null;
 	slug: string | null;
+	stripe_customer_id: string | null;
 	created_at: Generated<Date>;
 }
 interface SessionsTable {
@@ -123,6 +120,7 @@ interface MagicLinksTable {
 }
 interface UsageDailyTable {
 	account_id: string;
+	tenant_id: string | null;
 	date: string;
 	api_requests: Generated<number>;
 	deliveries: Generated<number>;
@@ -249,83 +247,6 @@ interface ChatMessagesTable {
 	metadata: unknown | null;
 	created_at: Generated<Date>;
 }
-interface WorkflowDefinitionsTable {
-	id: Generated<string>;
-	name: string;
-	version: Generated<string>;
-	status: Generated<string>;
-	trigger_type: string;
-	trigger_config: unknown;
-	handler_path: string;
-	source_code: string | null;
-	retries_config: unknown | null;
-	timeout_ms: number | null;
-	api_key_id: string;
-	project_id: string | null;
-	created_at: Generated<Date>;
-	updated_at: Generated<Date>;
-}
-interface WorkflowRunsTable {
-	id: Generated<string>;
-	definition_id: string;
-	status: Generated<string>;
-	trigger_type: string;
-	trigger_data: unknown | null;
-	dedup_key: string | null;
-	error: string | null;
-	started_at: Date | null;
-	completed_at: Date | null;
-	duration_ms: number | null;
-	total_ai_tokens: Generated<number>;
-	created_at: Generated<Date>;
-}
-interface WorkflowStepsTable {
-	id: Generated<string>;
-	run_id: string;
-	step_index: number;
-	step_id: string;
-	step_type: string;
-	status: Generated<string>;
-	input: unknown | null;
-	output: unknown | null;
-	error: string | null;
-	retry_count: Generated<number>;
-	ai_tokens_used: Generated<number>;
-	started_at: Date | null;
-	completed_at: Date | null;
-	duration_ms: number | null;
-	memo_key: string | null;
-	parent_step_id: string | null;
-	created_at: Generated<Date>;
-}
-interface WorkflowQueueTable {
-	id: Generated<string>;
-	run_id: string;
-	status: Generated<string>;
-	attempts: Generated<number>;
-	max_attempts: Generated<number>;
-	scheduled_for: Generated<Date>;
-	locked_at: Date | null;
-	locked_by: string | null;
-	error: string | null;
-	created_at: Generated<Date>;
-	completed_at: Date | null;
-}
-interface WorkflowSchedulesTable {
-	id: Generated<string>;
-	definition_id: string;
-	cron_expr: string;
-	timezone: Generated<string>;
-	next_run_at: Date;
-	last_run_at: Date | null;
-	enabled: Generated<boolean>;
-	created_at: Generated<Date>;
-}
-interface WorkflowCursorsTable {
-	name: string;
-	block_height: Generated<number>;
-	updated_at: Generated<Date>;
-}
 interface Database {
 	blocks: BlocksTable;
 	transactions: TransactionsTable;
@@ -351,15 +272,11 @@ interface Database {
 	team_invitations: TeamInvitationsTable;
 	chat_sessions: ChatSessionsTable;
 	chat_messages: ChatMessagesTable;
-	workflow_definitions: WorkflowDefinitionsTable;
-	workflow_runs: WorkflowRunsTable;
-	workflow_steps: WorkflowStepsTable;
-	workflow_queue: WorkflowQueueTable;
-	workflow_schedules: WorkflowSchedulesTable;
-	workflow_cursors: WorkflowCursorsTable;
-	workflow_signer_secrets: WorkflowSignerSecretsTable;
-	workflow_budgets: WorkflowBudgetsTable;
 	tenants: TenantsTable;
+	tenant_usage_monthly: TenantUsageMonthlyTable;
+	tenant_compute_addons: TenantComputeAddonsTable;
+	account_spend_caps: AccountSpendCapsTable;
+	provisioning_audit_log: ProvisioningAuditLogTable;
 }
 type TenantStatus = "provisioning" | "active" | "suspended" | "error" | "deleted";
 interface TenantsTable {
@@ -381,92 +298,82 @@ interface TenantsTable {
 	service_key_enc: Buffer;
 	api_url_internal: string;
 	api_url_public: string;
-	trial_ends_at: Date;
 	suspended_at: Date | null;
 	last_health_check_at: Date | null;
+	last_active_at: Generated<Date>;
 	service_gen: Generated<number>;
 	anon_gen: Generated<number>;
 	project_id: string | null;
 	created_at: Generated<Date>;
 	updated_at: Generated<Date>;
 }
-interface WorkflowBudgetsTable {
+interface TenantUsageMonthlyTable {
 	id: Generated<string>;
-	workflow_definition_id: string;
-	/** Period key: "daily:YYYY-MM-DD" | "weekly:YYYY-Www" | "per-run:<uuid>". */
-	period: string;
-	ai_usd_used: Generated<string>;
-	ai_tokens_used: Generated<string>;
-	chain_microstx_used: Generated<string>;
-	chain_tx_count: Generated<number>;
-	run_count: Generated<number>;
-	step_count: Generated<number>;
-	reset_at: Date;
+	tenant_id: string;
+	period_month: Date;
+	storage_peak_mb: Generated<number>;
+	storage_avg_mb: Generated<number>;
+	storage_last_mb: Generated<number>;
+	measurements: Generated<number>;
+	first_at: Generated<Date>;
+	last_at: Generated<Date>;
+}
+interface TenantComputeAddonsTable {
+	id: Generated<string>;
+	tenant_id: string;
+	memory_mb_delta: Generated<number>;
+	cpu_delta: Generated<number | string>;
+	storage_mb_delta: Generated<number>;
+	effective_from: Generated<Date>;
+	effective_until: Date | null;
+	stripe_subscription_item_id: string | null;
 	created_at: Generated<Date>;
+}
+type TenantComputeAddon = Selectable<TenantComputeAddonsTable>;
+interface AccountSpendCapsTable {
+	account_id: string;
+	monthly_cap_cents: number | null;
+	compute_cap_cents: number | null;
+	storage_cap_cents: number | null;
+	ai_cap_cents: number | null;
+	alert_threshold_pct: Generated<number>;
+	alert_sent_at: Date | null;
+	frozen_at: Date | null;
 	updated_at: Generated<Date>;
 }
-interface WorkflowSignerSecretsTable {
+type ProvisioningAuditEvent = "provision.start" | "provision.success" | "provision.failure" | "suspend" | "resume" | "resize" | "keys.rotate" | "bastion.key.upload" | "bastion.key.revoke" | "teardown";
+type ProvisioningAuditStatus = "ok" | "error";
+interface ProvisioningAuditLogTable {
 	id: Generated<string>;
-	account_id: string;
-	name: string;
-	/** AES-GCM ciphertext bytes produced by the runner's KMS on write. */
-	encrypted_value: Buffer;
+	tenant_id: string | null;
+	tenant_slug: string | null;
+	account_id: string | null;
+	actor: string;
+	event: ProvisioningAuditEvent;
+	status: ProvisioningAuditStatus;
+	detail: unknown | null;
+	error: string | null;
 	created_at: Generated<Date>;
-	updated_at: Generated<Date>;
 }
-type Subgraph = Selectable<SubgraphsTable>;
 /**
-* List public subgraphs with creator info and usage stats.
+* Compute add-ons — extras on top of a plan's base spec.
+*
+* Effective compute is NEVER derived from just the `tenants.plan`
+* column — always run `computeEffectiveCompute(tenantId, planBase)`
+* to fold in active add-ons. Provisioning, resize, and Stripe metering
+* all share this source of truth.
 */
-declare function listPublicSubgraphs(db: Kysely<Database>, opts?: {
-	limit?: number
-	offset?: number
-	tags?: string[]
-	search?: string
-	sort?: "recent" | "popular" | "name"
-}): Promise<{
-	data: any[]
-	meta: {
-		total: number
-		limit: number
-		offset: number
-	}
-}>;
-/**
-* Get a single public subgraph by name with creator info.
-*/
-declare function getPublicSubgraph(db: Kysely<Database>, name: string): Promise<any | undefined>;
-/**
-* Get a creator profile by slug with their public subgraphs.
-*/
-declare function getCreatorProfile(db: Kysely<Database>, slug: string): Promise<{
-	account: any
-	subgraphs: any[]
-} | null>;
-/**
-* Publish a subgraph (set is_public = true).
-*/
-declare function publishSubgraph(db: Kysely<Database>, subgraphId: string, opts?: {
-	tags?: string[]
-	description?: string
-}): Promise<Subgraph>;
-/**
-* Unpublish a subgraph (set is_public = false).
-*/
-declare function unpublishSubgraph(db: Kysely<Database>, subgraphId: string): Promise<Subgraph>;
-/**
-* Increment per-subgraph query count for today. Fire-and-forget safe.
-*/
-declare function incrementSubgraphQueryCount(db: Kysely<Database>, subgraphId: string): Promise<void>;
-/**
-* Get daily usage history for a subgraph.
-*/
-declare function getSubgraphUsageHistory(db: Kysely<Database>, subgraphId: string, days: number): Promise<Array<{
-	date: string
-	query_count: number
-}>>;
+/** Active = open-ended (effective_until IS NULL) OR not yet expired. */
+declare function listActiveAddonsForTenant(db: Kysely<Database>, tenantId: string, now?: Date): Promise<TenantComputeAddon[]>;
+interface ComputeSpec {
+	cpus: number;
+	memoryMb: number;
+	storageLimitMb: number;
+}
 /**
-* Get total query count for a subgraph over last N days.
+* Apply active add-ons on top of a base spec. `storageLimitMb` of -1
+* (enterprise unlimited) passes through unchanged — add-ons don't
+* further modify unlimited storage.
 */
-declare function getSubgraphQueryTotal(db: Kysely<Database>, subgraphId: string, days: number): Promise<number>;
-export { unpublishSubgraph, publishSubgraph, listPublicSubgraphs, incrementSubgraphQueryCount, getSubgraphUsageHistory, getSubgraphQueryTotal, getPublicSubgraph, getCreatorProfile };
+declare function computeEffectiveCompute(db: Kysely<Database>, tenantId: string, base: ComputeSpec, now?: Date): Promise<ComputeSpec>;
+export { listActiveAddonsForTenant, computeEffectiveCompute, ComputeSpec };

package/dist/src/db/queries/tenant-compute-addons.js ADDED Viewed

@@ -0,0 +1,47 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+// src/db/queries/tenant-compute-addons.ts
+import { sql } from "kysely";
+async function listActiveAddonsForTenant(db, tenantId, now = new Date) {
+  return db.selectFrom("tenant_compute_addons").selectAll().where("tenant_id", "=", tenantId).where("effective_from", "<=", now).where((eb) => eb.or([
+    eb("effective_until", "is", null),
+    eb("effective_until", ">", now)
+  ])).execute();
+}
+async function computeEffectiveCompute(db, tenantId, base, now = new Date) {
+  const row = await db.selectFrom("tenant_compute_addons").select([
+    sql`coalesce(sum(memory_mb_delta), 0)`.as("mem_delta"),
+    sql`coalesce(sum(cpu_delta), 0)`.as("cpu_delta"),
+    sql`coalesce(sum(storage_mb_delta), 0)`.as("stor_delta")
+  ]).where("tenant_id", "=", tenantId).where("effective_from", "<=", now).where((eb) => eb.or([
+    eb("effective_until", "is", null),
+    eb("effective_until", ">", now)
+  ])).executeTakeFirst();
+  if (!row)
+    return base;
+  const cpus = base.cpus + Number(row.cpu_delta ?? 0);
+  const memoryMb = base.memoryMb + Number(row.mem_delta ?? 0);
+  const storageLimitMb = base.storageLimitMb === -1 ? -1 : base.storageLimitMb + Number(row.stor_delta ?? 0);
+  return { cpus, memoryMb, storageLimitMb };
+}
+export {
+  listActiveAddonsForTenant,
+  computeEffectiveCompute
+};
+//# debugId=70D8508BE398EADC64756E2164756E21
+//# sourceMappingURL=tenant-compute-addons.js.map

package/dist/src/db/queries/tenant-compute-addons.js.map ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../src/db/queries/tenant-compute-addons.ts"],
+  "sourcesContent": [
+    "import { type Kysely, sql } from \"kysely\";\nimport type { Database, TenantComputeAddon } from \"../types.ts\";\n\n/**\n * Compute add-ons — extras on top of a plan's base spec.\n *\n * Effective compute is NEVER derived from just the `tenants.plan`\n * column — always run `computeEffectiveCompute(tenantId, planBase)`\n * to fold in active add-ons. Provisioning, resize, and Stripe metering\n * all share this source of truth.\n */\n\n/** Active = open-ended (effective_until IS NULL) OR not yet expired. */\nexport async function listActiveAddonsForTenant(\n\tdb: Kysely<Database>,\n\ttenantId: string,\n\tnow: Date = new Date(),\n): Promise<TenantComputeAddon[]> {\n\treturn db\n\t\t.selectFrom(\"tenant_compute_addons\")\n\t\t.selectAll()\n\t\t.where(\"tenant_id\", \"=\", tenantId)\n\t\t.where(\"effective_from\", \"<=\", now)\n\t\t.where((eb) =>\n\t\t\teb.or([\n\t\t\t\teb(\"effective_until\", \"is\", null),\n\t\t\t\teb(\"effective_until\", \">\", now),\n\t\t\t]),\n\t\t)\n\t\t.execute();\n}\n\nexport interface ComputeSpec {\n\tcpus: number;\n\tmemoryMb: number;\n\tstorageLimitMb: number;\n}\n\n/**\n * Apply active add-ons on top of a base spec. `storageLimitMb` of -1\n * (enterprise unlimited) passes through unchanged — add-ons don't\n * further modify unlimited storage.\n */\nexport async function computeEffectiveCompute(\n\tdb: Kysely<Database>,\n\ttenantId: string,\n\tbase: ComputeSpec,\n\tnow: Date = new Date(),\n): Promise<ComputeSpec> {\n\tconst row = await db\n\t\t.selectFrom(\"tenant_compute_addons\")\n\t\t.select([\n\t\t\tsql<number>`coalesce(sum(memory_mb_delta), 0)`.as(\"mem_delta\"),\n\t\t\tsql<string>`coalesce(sum(cpu_delta), 0)`.as(\"cpu_delta\"),\n\t\t\tsql<number>`coalesce(sum(storage_mb_delta), 0)`.as(\"stor_delta\"),\n\t\t])\n\t\t.where(\"tenant_id\", \"=\", tenantId)\n\t\t.where(\"effective_from\", \"<=\", now)\n\t\t.where((eb) =>\n\t\t\teb.or([\n\t\t\t\teb(\"effective_until\", \"is\", null),\n\t\t\t\teb(\"effective_until\", \">\", now),\n\t\t\t]),\n\t\t)\n\t\t.executeTakeFirst();\n\n\tif (!row) return base;\n\n\tconst cpus = base.cpus + Number(row.cpu_delta ?? 0);\n\tconst memoryMb = base.memoryMb + Number(row.mem_delta ?? 0);\n\tconst storageLimitMb =\n\t\tbase.storageLimitMb === -1\n\t\t\t? -1\n\t\t\t: base.storageLimitMb + Number(row.stor_delta ?? 0);\n\n\treturn { cpus, memoryMb, storageLimitMb };\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;AAAA;AAaA,eAAsB,yBAAyB,CAC9C,IACA,UACA,MAAY,IAAI,MACgB;AAAA,EAChC,OAAO,GACL,WAAW,uBAAuB,EAClC,UAAU,EACV,MAAM,aAAa,KAAK,QAAQ,EAChC,MAAM,kBAAkB,MAAM,GAAG,EACjC,MAAM,CAAC,OACP,GAAG,GAAG;AAAA,IACL,GAAG,mBAAmB,MAAM,IAAI;AAAA,IAChC,GAAG,mBAAmB,KAAK,GAAG;AAAA,EAC/B,CAAC,CACF,EACC,QAAQ;AAAA;AAcX,eAAsB,uBAAuB,CAC5C,IACA,UACA,MACA,MAAY,IAAI,MACO;AAAA,EACvB,MAAM,MAAM,MAAM,GAChB,WAAW,uBAAuB,EAClC,OAAO;AAAA,IACP,uCAA+C,GAAG,WAAW;AAAA,IAC7D,iCAAyC,GAAG,WAAW;AAAA,IACvD,wCAAgD,GAAG,YAAY;AAAA,EAChE,CAAC,EACA,MAAM,aAAa,KAAK,QAAQ,EAChC,MAAM,kBAAkB,MAAM,GAAG,EACjC,MAAM,CAAC,OACP,GAAG,GAAG;AAAA,IACL,GAAG,mBAAmB,MAAM,IAAI;AAAA,IAChC,GAAG,mBAAmB,KAAK,GAAG;AAAA,EAC/B,CAAC,CACF,EACC,iBAAiB;AAAA,EAEnB,IAAI,CAAC;AAAA,IAAK,OAAO;AAAA,EAEjB,MAAM,OAAO,KAAK,OAAO,OAAO,IAAI,aAAa,CAAC;AAAA,EAClD,MAAM,WAAW,KAAK,WAAW,OAAO,IAAI,aAAa,CAAC;AAAA,EAC1D,MAAM,iBACL,KAAK,mBAAmB,KACrB,KACA,KAAK,iBAAiB,OAAO,IAAI,cAAc,CAAC;AAAA,EAEpD,OAAO,EAAE,MAAM,UAAU,eAAe;AAAA;",
+  "debugId": "70D8508BE398EADC64756E2164756E21",
+  "names": []
+}

package/dist/src/db/queries/tenants.d.ts CHANGED Viewed

@@ -60,10 +60,6 @@ interface SubgraphsTable {
 	handler_code: string | null;
 	source_code: string | null;
 	project_id: string | null;
-	is_public: Generated<boolean>;
-	tags: Generated<string[]>;
-	description: string | null;
-	forked_from_id: string | null;
 	created_at: Generated<Date>;
 	updated_at: Generated<Date>;
 }
@@ -98,6 +94,7 @@ interface AccountsTable {
 	bio: string | null;
 	avatar_url: string | null;
 	slug: string | null;
+	stripe_customer_id: string | null;
 	created_at: Generated<Date>;
 }
 interface SessionsTable {
@@ -123,6 +120,7 @@ interface MagicLinksTable {
 }
 interface UsageDailyTable {
 	account_id: string;
+	tenant_id: string | null;
 	date: string;
 	api_requests: Generated<number>;
 	deliveries: Generated<number>;
@@ -249,83 +247,6 @@ interface ChatMessagesTable {
 	metadata: unknown | null;
 	created_at: Generated<Date>;
 }
-interface WorkflowDefinitionsTable {
-	id: Generated<string>;
-	name: string;
-	version: Generated<string>;
-	status: Generated<string>;
-	trigger_type: string;
-	trigger_config: unknown;
-	handler_path: string;
-	source_code: string | null;
-	retries_config: unknown | null;
-	timeout_ms: number | null;
-	api_key_id: string;
-	project_id: string | null;
-	created_at: Generated<Date>;
-	updated_at: Generated<Date>;
-}
-interface WorkflowRunsTable {
-	id: Generated<string>;
-	definition_id: string;
-	status: Generated<string>;
-	trigger_type: string;
-	trigger_data: unknown | null;
-	dedup_key: string | null;
-	error: string | null;
-	started_at: Date | null;
-	completed_at: Date | null;
-	duration_ms: number | null;
-	total_ai_tokens: Generated<number>;
-	created_at: Generated<Date>;
-}
-interface WorkflowStepsTable {
-	id: Generated<string>;
-	run_id: string;
-	step_index: number;
-	step_id: string;
-	step_type: string;
-	status: Generated<string>;
-	input: unknown | null;
-	output: unknown | null;
-	error: string | null;
-	retry_count: Generated<number>;
-	ai_tokens_used: Generated<number>;
-	started_at: Date | null;
-	completed_at: Date | null;
-	duration_ms: number | null;
-	memo_key: string | null;
-	parent_step_id: string | null;
-	created_at: Generated<Date>;
-}
-interface WorkflowQueueTable {
-	id: Generated<string>;
-	run_id: string;
-	status: Generated<string>;
-	attempts: Generated<number>;
-	max_attempts: Generated<number>;
-	scheduled_for: Generated<Date>;
-	locked_at: Date | null;
-	locked_by: string | null;
-	error: string | null;
-	created_at: Generated<Date>;
-	completed_at: Date | null;
-}
-interface WorkflowSchedulesTable {
-	id: Generated<string>;
-	definition_id: string;
-	cron_expr: string;
-	timezone: Generated<string>;
-	next_run_at: Date;
-	last_run_at: Date | null;
-	enabled: Generated<boolean>;
-	created_at: Generated<Date>;
-}
-interface WorkflowCursorsTable {
-	name: string;
-	block_height: Generated<number>;
-	updated_at: Generated<Date>;
-}
 interface Database {
 	blocks: BlocksTable;
 	transactions: TransactionsTable;
@@ -351,15 +272,11 @@ interface Database {
 	team_invitations: TeamInvitationsTable;
 	chat_sessions: ChatSessionsTable;
 	chat_messages: ChatMessagesTable;
-	workflow_definitions: WorkflowDefinitionsTable;
-	workflow_runs: WorkflowRunsTable;
-	workflow_steps: WorkflowStepsTable;
-	workflow_queue: WorkflowQueueTable;
-	workflow_schedules: WorkflowSchedulesTable;
-	workflow_cursors: WorkflowCursorsTable;
-	workflow_signer_secrets: WorkflowSignerSecretsTable;
-	workflow_budgets: WorkflowBudgetsTable;
 	tenants: TenantsTable;
+	tenant_usage_monthly: TenantUsageMonthlyTable;
+	tenant_compute_addons: TenantComputeAddonsTable;
+	account_spend_caps: AccountSpendCapsTable;
+	provisioning_audit_log: ProvisioningAuditLogTable;
 }
 type TenantStatus = "provisioning" | "active" | "suspended" | "error" | "deleted";
 interface TenantsTable {
@@ -381,9 +298,9 @@ interface TenantsTable {
 	service_key_enc: Buffer;
 	api_url_internal: string;
 	api_url_public: string;
-	trial_ends_at: Date;
 	suspended_at: Date | null;
 	last_health_check_at: Date | null;
+	last_active_at: Generated<Date>;
 	service_gen: Generated<number>;
 	anon_gen: Generated<number>;
 	project_id: string | null;
@@ -391,29 +308,52 @@ interface TenantsTable {
 	updated_at: Generated<Date>;
 }
 type Tenant = Selectable<TenantsTable>;
-interface WorkflowBudgetsTable {
+interface TenantUsageMonthlyTable {
+	id: Generated<string>;
+	tenant_id: string;
+	period_month: Date;
+	storage_peak_mb: Generated<number>;
+	storage_avg_mb: Generated<number>;
+	storage_last_mb: Generated<number>;
+	measurements: Generated<number>;
+	first_at: Generated<Date>;
+	last_at: Generated<Date>;
+}
+interface TenantComputeAddonsTable {
 	id: Generated<string>;
-	workflow_definition_id: string;
-	/** Period key: "daily:YYYY-MM-DD" | "weekly:YYYY-Www" | "per-run:<uuid>". */
-	period: string;
-	ai_usd_used: Generated<string>;
-	ai_tokens_used: Generated<string>;
-	chain_microstx_used: Generated<string>;
-	chain_tx_count: Generated<number>;
-	run_count: Generated<number>;
-	step_count: Generated<number>;
-	reset_at: Date;
+	tenant_id: string;
+	memory_mb_delta: Generated<number>;
+	cpu_delta: Generated<number | string>;
+	storage_mb_delta: Generated<number>;
+	effective_from: Generated<Date>;
+	effective_until: Date | null;
+	stripe_subscription_item_id: string | null;
 	created_at: Generated<Date>;
+}
+interface AccountSpendCapsTable {
+	account_id: string;
+	monthly_cap_cents: number | null;
+	compute_cap_cents: number | null;
+	storage_cap_cents: number | null;
+	ai_cap_cents: number | null;
+	alert_threshold_pct: Generated<number>;
+	alert_sent_at: Date | null;
+	frozen_at: Date | null;
 	updated_at: Generated<Date>;
 }
-interface WorkflowSignerSecretsTable {
+type ProvisioningAuditEvent = "provision.start" | "provision.success" | "provision.failure" | "suspend" | "resume" | "resize" | "keys.rotate" | "bastion.key.upload" | "bastion.key.revoke" | "teardown";
+type ProvisioningAuditStatus = "ok" | "error";
+interface ProvisioningAuditLogTable {
 	id: Generated<string>;
-	account_id: string;
-	name: string;
-	/** AES-GCM ciphertext bytes produced by the runner's KMS on write. */
-	encrypted_value: Buffer;
+	tenant_id: string | null;
+	tenant_slug: string | null;
+	account_id: string | null;
+	actor: string;
+	event: ProvisioningAuditEvent;
+	status: ProvisioningAuditStatus;
+	detail: unknown | null;
+	error: string | null;
 	created_at: Generated<Date>;
-	updated_at: Generated<Date>;
 }
 /**
 * Tenant registry queries. Encrypted columns are stored as `bytea` and
@@ -439,17 +379,34 @@ interface NewTenantInput {
 	serviceKey: string;
 	apiUrlInternal: string;
 	apiUrlPublic: string;
-	trialEndsAt: Date;
 	projectId?: string;
 }
 declare function insertTenant(db: Kysely<Database>, input: NewTenantInput): Promise<Tenant>;
 declare function getTenantByAccount(db: Kysely<Database>, accountId: string): Promise<Tenant | null>;
 declare function getTenantBySlug(db: Kysely<Database>, slug: string): Promise<Tenant | null>;
 declare function listTenantsByStatus(db: Kysely<Database>, status: TenantStatus): Promise<Tenant[]>;
-declare function listExpiredTrials(db: Kysely<Database>, now?: Date): Promise<Tenant[]>;
+/**
+* Tenants considered "idle" for auto-pause on the Hobby tier. Active = any
+* successful tenant-API query OR workflow run wrote `last_active_at` within
+* the threshold.
+*/
+declare function listIdleHobbyTenants(db: Kysely<Database>, idleSince: Date): Promise<Tenant[]>;
+/**
+* Bump `last_active_at` for a tenant. Callers are expected to throttle
+* (don't hammer on every request) — the activity middleware + workflow-
+* runner enforce a 60s per-tenant min between writes.
+*/
+declare function bumpTenantActivity(db: Kysely<Database>, slug: string): Promise<void>;
 declare function listSuspendedOlderThan(db: Kysely<Database>, olderThan: Date): Promise<Tenant[]>;
 declare function setTenantStatus(db: Kysely<Database>, slug: string, status: TenantStatus): Promise<void>;
 declare function recordHealthCheck(db: Kysely<Database>, slug: string, storageUsedMb: number | null): Promise<void>;
+/**
+* Record a storage measurement into the current calendar month's bucket.
+* Maintains peak, running average, and the most recent value in a single
+* upsert. Billing will consume this later; for now the table just gives
+* us evidence of usage over time.
+*/
+declare function recordMonthlyUsage(db: Kysely<Database>, tenantId: string, storageMb: number): Promise<void>;
 declare function updateTenantPlan(db: Kysely<Database>, slug: string, plan: string, cpus: number, memoryMb: number, storageLimitMb: number): Promise<void>;
 type RotateType = "service" | "anon" | "both";
 /**
@@ -490,4 +447,4 @@ interface TenantCredentials {
 * CLI). Never log the returned object.
 */
 declare function getTenantCredentials(db: Kysely<Database>, slug: string): Promise<TenantCredentials | null>;
-export { updateTenantPlan, updateTenantKeys, setTenantStatus, recordHealthCheck, listTenantsByStatus, listSuspendedOlderThan, listExpiredTrials, insertTenant, getTenantCredentials, getTenantBySlug, getTenantByAccount, deleteTenant, bumpTenantKeyGen, TenantCredentials, RotateType, NewTenantInput };
+export { updateTenantPlan, updateTenantKeys, setTenantStatus, recordMonthlyUsage, recordHealthCheck, listTenantsByStatus, listSuspendedOlderThan, listIdleHobbyTenants, insertTenant, getTenantCredentials, getTenantBySlug, getTenantByAccount, deleteTenant, bumpTenantKeyGen, bumpTenantActivity, TenantCredentials, RotateType, NewTenantInput };

package/dist/src/db/queries/tenants.js CHANGED Viewed

@@ -61,6 +61,7 @@ function generateSecretsKey() {
 }
 // src/db/queries/tenants.ts
+import { sql } from "kysely";
 async function insertTenant(db, input) {
   const row = {
     account_id: input.accountId,
@@ -79,7 +80,6 @@ async function insertTenant(db, input) {
     service_key_enc: encryptSecret(input.serviceKey),
     api_url_internal: input.apiUrlInternal,
     api_url_public: input.apiUrlPublic,
-    trial_ends_at: input.trialEndsAt,
     project_id: input.projectId ?? null
   };
   return db.insertInto("tenants").values(row).returningAll().executeTakeFirstOrThrow();
@@ -95,8 +95,11 @@ async function getTenantBySlug(db, slug) {
 async function listTenantsByStatus(db, status) {
   return db.selectFrom("tenants").selectAll().where("status", "=", status).execute();
 }
-async function listExpiredTrials(db, now = new Date) {
-  return db.selectFrom("tenants").selectAll().where("status", "in", ["provisioning", "active"]).where("trial_ends_at", "<", now).execute();
+async function listIdleHobbyTenants(db, idleSince) {
+  return db.selectFrom("tenants").selectAll().where("status", "=", "active").where("plan", "=", "hobby").where("last_active_at", "<", idleSince).execute();
+}
+async function bumpTenantActivity(db, slug) {
+  await db.updateTable("tenants").set({ last_active_at: new Date }).where("slug", "=", slug).execute();
 }
 async function listSuspendedOlderThan(db, olderThan) {
   return db.selectFrom("tenants").selectAll().where("status", "=", "suspended").where("suspended_at", "<", olderThan).execute();
@@ -119,6 +122,30 @@ async function recordHealthCheck(db, slug, storageUsedMb) {
     updated_at: new Date
   }).where("slug", "=", slug).execute();
 }
+async function recordMonthlyUsage(db, tenantId, storageMb) {
+  const now = new Date;
+  const periodMonth = new Date(Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), 1));
+  await sql`
+		INSERT INTO tenant_usage_monthly (
+			tenant_id, period_month,
+			storage_peak_mb, storage_avg_mb, storage_last_mb,
+			measurements, first_at, last_at
+		) VALUES (
+			${tenantId}, ${periodMonth},
+			${storageMb}, ${storageMb}, ${storageMb},
+			1, now(), now()
+		)
+		ON CONFLICT (tenant_id, period_month) DO UPDATE SET
+			storage_peak_mb = GREATEST(tenant_usage_monthly.storage_peak_mb, EXCLUDED.storage_last_mb),
+			storage_avg_mb = (
+				(tenant_usage_monthly.storage_avg_mb * tenant_usage_monthly.measurements + EXCLUDED.storage_last_mb)
+				/ (tenant_usage_monthly.measurements + 1)
+			),
+			storage_last_mb = EXCLUDED.storage_last_mb,
+			measurements = tenant_usage_monthly.measurements + 1,
+			last_at = now()
+	`.execute(db);
+}
 async function updateTenantPlan(db, slug, plan, cpus, memoryMb, storageLimitMb) {
   await db.updateTable("tenants").set({
     plan,
@@ -178,17 +205,19 @@ export {
   updateTenantPlan,
   updateTenantKeys,
   setTenantStatus,
+  recordMonthlyUsage,
   recordHealthCheck,
   listTenantsByStatus,
   listSuspendedOlderThan,
-  listExpiredTrials,
+  listIdleHobbyTenants,
   insertTenant,
   getTenantCredentials,
   getTenantBySlug,
   getTenantByAccount,
   deleteTenant,
-  bumpTenantKeyGen
+  bumpTenantKeyGen,
+  bumpTenantActivity
 };
-//# debugId=1D0DA0A21FCE7D7664756E2164756E21
+//# debugId=D0CC1ED1445094FE64756E2164756E21
 //# sourceMappingURL=tenants.js.map