@trycompai/db 1.0.0

package/prisma/migrations/20250714153009_remove_stripe_and_add_has_access/migration.sql

@@ -0,0 +1,31 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `hadCall` on the `Organization` table. All the data in the column will be lost.
+  - You are about to drop the column `stripeCustomerId` on the `Organization` table. All the data in the column will be lost.
+  - You are about to drop the column `stripeSubscriptionData` on the `Organization` table. All the data in the column will be lost.
+  - You are about to drop the column `subscriptionType` on the `Organization` table. All the data in the column will be lost.
+
+*/
+-- DropIndex
+DROP INDEX "Organization_stripeCustomerId_idx";
+
+-- DropIndex
+DROP INDEX "Organization_subscriptionType_idx";
+
+-- Add hasAccess column
+ALTER TABLE "Organization" ADD COLUMN "hasAccess" BOOLEAN NOT NULL DEFAULT false;
+
+-- Update all organizations to have access depending on subscription type
+UPDATE "Organization" SET "hasAccess" = true WHERE "subscriptionType" = 'FREE';
+UPDATE "Organization" SET "hasAccess" = true WHERE "subscriptionType" = 'STARTER';
+UPDATE "Organization" SET "hasAccess" = true WHERE "subscriptionType" = 'MANAGED';
+
+-- Drop columns
+ALTER TABLE "Organization" DROP COLUMN "hadCall";
+ALTER TABLE "Organization" DROP COLUMN "stripeCustomerId";
+ALTER TABLE "Organization" DROP COLUMN "stripeSubscriptionData";
+ALTER TABLE "Organization" DROP COLUMN "subscriptionType";
+
+-- Drop subscription type enum
+DROP TYPE "SubscriptionType";

package/prisma/migrations/20250715200054_add_perms_for_has_access_for_retool/migration.sql

@@ -0,0 +1,7 @@
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'retool_write') THEN
+        GRANT UPDATE ("hasAccess") ON "Organization" TO retool_write;
+    END IF;
+END
+$$;

package/prisma/migrations/migration_lock.toml

@@ -0,0 +1,3 @@
+# Please do not edit this file manually
+# It should be added in your version-control system (e.g., Git)
+provider = "postgresql"

package/prisma/randomSecret.sql

@@ -0,0 +1,12 @@
+-- Create function to generate a random secret
+CREATE OR REPLACE FUNCTION generate_random_secret(length integer DEFAULT 32)
+RETURNS text AS $$
+DECLARE
+    result text;
+BEGIN
+    -- Generate random bytes and encode as hex
+    -- Using gen_random_bytes from pgcrypto extension
+    result = encode(gen_random_bytes(length), 'hex');
+    RETURN result;
+END;
+$$ LANGUAGE plpgsql;

package/prisma/schema/attachments.prisma

@@ -0,0 +1,35 @@
+model Attachment {
+    id         String               @id @default(dbgenerated("generate_prefixed_cuid('att'::text)"))
+    name       String
+    url        String
+    type       AttachmentType
+    entityId   String
+    entityType AttachmentEntityType
+
+    // Dates
+    createdAt DateTime @default(now())
+    updatedAt DateTime @updatedAt
+
+    // Relationships
+    organizationId String
+    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+    comment        Comment?     @relation(fields: [commentId], references: [id])
+    commentId      String?
+
+    @@index([entityId, entityType])
+}
+
+enum AttachmentEntityType {
+    task
+    vendor
+    risk
+    comment
+}
+
+enum AttachmentType {
+    image
+    video
+    audio
+    document
+    other
+}

package/prisma/schema/auth.prisma

@@ -0,0 +1,122 @@
+model User {
+    id            String    @id @default(dbgenerated("generate_prefixed_cuid('usr'::text)"))
+    name          String
+    email         String
+    emailVerified Boolean
+    image         String?
+    createdAt     DateTime  @default(now())
+    updatedAt     DateTime  @updatedAt
+    lastLogin     DateTime?
+
+    accounts           Account[]
+    auditLog           AuditLog[]
+    integrationResults IntegrationResult[]
+    invitations        Invitation[]
+    members            Member[]
+    sessions           Session[]
+
+    @@unique([email])
+}
+
+model EmployeeTrainingVideoCompletion {
+    id          String    @id @default(dbgenerated("generate_prefixed_cuid('evc'::text)"))
+    completedAt DateTime?
+    videoId     String
+
+    memberId String
+    member   Member @relation(fields: [memberId], references: [id], onDelete: Cascade)
+
+    @@unique([memberId, videoId])
+    @@index([memberId])
+}
+
+model Session {
+    id                   String   @id @default(dbgenerated("generate_prefixed_cuid('ses'::text)"))
+    expiresAt            DateTime
+    token                String
+    createdAt            DateTime @default(now())
+    updatedAt            DateTime @updatedAt
+    ipAddress            String?
+    userAgent            String?
+    userId               String
+    activeOrganizationId String?
+    user                 User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+    @@unique([token])
+}
+
+model Account {
+    id                    String    @id @default(dbgenerated("generate_prefixed_cuid('acc'::text)"))
+    accountId             String
+    providerId            String
+    userId                String
+    user                  User      @relation(fields: [userId], references: [id], onDelete: Cascade)
+    accessToken           String?
+    refreshToken          String?
+    idToken               String?
+    accessTokenExpiresAt  DateTime?
+    refreshTokenExpiresAt DateTime?
+    scope                 String?
+    password              String?
+    createdAt             DateTime
+    updatedAt             DateTime
+}
+
+model Verification {
+    id         String   @id @default(dbgenerated("generate_prefixed_cuid('ver'::text)"))
+    identifier String
+    value      String
+    expiresAt  DateTime
+    createdAt  DateTime @default(now())
+    updatedAt  DateTime @updatedAt
+}
+
+model Member {
+    id             String       @id @default(dbgenerated("generate_prefixed_cuid('mem'::text)"))
+    organizationId String
+    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+    userId         String
+    user           User         @relation(fields: [userId], references: [id], onDelete: Cascade)
+    role           String // Purposefully a string, since BetterAuth doesn't support enums this way
+    createdAt      DateTime     @default(now())
+
+    department                      Departments                       @default(none)
+    isActive                        Boolean                           @default(true)
+    employeeTrainingVideoCompletion EmployeeTrainingVideoCompletion[]
+    fleetDmLabelId                  Int?
+
+    assignedPolicies Policy[]   @relation("PolicyAssignee") // Policies where this member is an assignee
+    approvedPolicies Policy[]   @relation("PolicyApprover") // Policies where this member is an approver
+    risks            Risk[]
+    tasks            Task[]
+    vendors          Vendor[]
+    comments         Comment[]
+    auditLogs        AuditLog[]
+}
+
+model Invitation {
+    id             String       @id @default(dbgenerated("generate_prefixed_cuid('inv'::text)"))
+    organizationId String
+    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+    email          String
+    role           String // Purposefully a string, since BetterAuth doesn't support enums this way
+    status         String
+    expiresAt      DateTime
+    inviterId      String
+    user           User         @relation(fields: [inviterId], references: [id], onDelete: Cascade)
+}
+
+// This is only for the app to consume, shouldn't be enforced by DB
+// Otherwise it won't work with Better Auth, as per https://www.better-auth.com/docs/plugins/organization#access-control
+enum Role {
+    owner
+    admin
+    auditor
+    employee
+}
+
+enum PolicyStatus {
+    draft
+    published
+    needs_review
+}

package/prisma/schema/comment.prisma

@@ -0,0 +1,27 @@
+model Comment {
+  id         String            @id @default(dbgenerated("generate_prefixed_cuid('cmt'::text)"))
+  content    String
+  entityId   String
+  entityType CommentEntityType
+
+  // Dates
+  createdAt DateTime @default(now())
+
+  // Relationships
+  authorId       String
+  author         Member       @relation(fields: [authorId], references: [id])
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+  // Relation to Attachments
+  attachments Attachment[]
+
+  @@index([entityId])
+}
+
+enum CommentEntityType {
+  task
+  vendor
+  risk
+  policy
+}

package/prisma/schema/context.prisma

@@ -0,0 +1,18 @@
+model Context {
+    id             String       @id @default(dbgenerated("generate_prefixed_cuid('ctx'::text)"))
+    organizationId String
+    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+    question String
+    answer   String
+
+    tags String[]
+
+    createdAt DateTime @default(now())
+    updatedAt DateTime @updatedAt
+
+    @@index([organizationId])
+    @@index([question])
+    @@index([answer])
+    @@index([tags])
+}

package/prisma/schema/control.prisma

@@ -0,0 +1,21 @@
+model Control {
+  // Metadata
+  id          String @id @default(dbgenerated("generate_prefixed_cuid('ctl'::text)"))
+  name        String
+  description String
+
+  // Review dates
+  lastReviewDate DateTime?
+  nextReviewDate DateTime?
+
+  // Relationships
+  organization       Organization                    @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  organizationId     String
+  requirementsMapped RequirementMap[]
+  tasks              Task[]
+  policies           Policy[]
+  controlTemplateId  String?
+  controlTemplate    FrameworkEditorControlTemplate? @relation(fields: [controlTemplateId], references: [id])
+
+  @@index([organizationId])
+}

package/prisma/schema/framework-editor.prisma

@@ -0,0 +1,96 @@
+// --- Data for Framework Editor ---
+model FrameworkEditorVideo {
+    id          String @id @default(dbgenerated("generate_prefixed_cuid('frk_vi'::text)"))
+    title       String
+    description String
+    youtubeId   String
+    url         String
+
+    // Dates
+    createdAt DateTime @default(now())
+    updatedAt DateTime @default(now()) @updatedAt
+}
+
+model FrameworkEditorFramework {
+    id          String  @id @default(dbgenerated("generate_prefixed_cuid('frk'::text)"))
+    name        String // e.g., "soc2", "iso27001"
+    version     String
+    description String
+    visible     Boolean @default(false)
+
+    requirements       FrameworkEditorRequirement[]
+    frameworkInstances FrameworkInstance[]
+
+    // Dates
+    createdAt DateTime @default(now())
+    updatedAt DateTime @default(now()) @updatedAt
+}
+
+model FrameworkEditorRequirement {
+    id          String                   @id @default(dbgenerated("generate_prefixed_cuid('frk_rq'::text)"))
+    frameworkId String
+    framework   FrameworkEditorFramework @relation(fields: [frameworkId], references: [id])
+
+    name        String // Original requirement ID within that framework, e.g., "Privacy"
+    identifier  String @default("") // Unique identifier for the requirement, e.g., "cc1-1"
+    description String
+
+    controlTemplates FrameworkEditorControlTemplate[]
+    requirementMaps  RequirementMap[]
+
+    // Dates
+    createdAt DateTime @default(now())
+    updatedAt DateTime @default(now()) @updatedAt
+}
+
+model FrameworkEditorPolicyTemplate {
+    id          String      @id @default(dbgenerated("generate_prefixed_cuid('frk_pt'::text)"))
+    name        String
+    description String
+    frequency   Frequency // Using the enum from shared.prisma
+    department  Departments // Using the enum from shared.prisma
+    content     Json
+
+    controlTemplates FrameworkEditorControlTemplate[]
+
+    // Dates
+    createdAt DateTime @default(now())
+    updatedAt DateTime @default(now()) @updatedAt
+
+    // Instances
+    policies Policy[]
+}
+
+model FrameworkEditorTaskTemplate {
+    id          String      @id @default(dbgenerated("generate_prefixed_cuid('frk_tt'::text)"))
+    name        String
+    description String
+    frequency   Frequency // Using the enum from shared.prisma
+    department  Departments // Using the enum from shared.prisma
+
+    controlTemplates FrameworkEditorControlTemplate[]
+
+    // Dates
+    createdAt DateTime @default(now())
+    updatedAt DateTime @default(now()) @updatedAt
+
+    // Instances
+    tasks Task[]
+}
+
+model FrameworkEditorControlTemplate {
+    id          String @id @default(dbgenerated("generate_prefixed_cuid('frk_ct'::text)"))
+    name        String
+    description String
+
+    policyTemplates FrameworkEditorPolicyTemplate[]
+    requirements    FrameworkEditorRequirement[]
+    taskTemplates   FrameworkEditorTaskTemplate[]
+
+    // Dates
+    createdAt DateTime @default(now())
+    updatedAt DateTime @default(now()) @updatedAt
+
+    // Instances
+    controls Control[]
+}

package/prisma/schema/framework.prisma

@@ -0,0 +1,14 @@
+model FrameworkInstance {
+  // Metadata
+  id             String @id @default(dbgenerated("generate_prefixed_cuid('frm'::text)"))
+  organizationId String
+
+  frameworkId String
+  framework   FrameworkEditorFramework @relation(fields: [frameworkId], references: [id], onDelete: Cascade)
+
+  // Relationships
+  organization       Organization     @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  requirementsMapped RequirementMap[]
+
+  @@unique([organizationId, frameworkId])
+}

package/prisma/schema/integration.prisma

@@ -0,0 +1,32 @@
+model Integration {
+  id             String              @id @default(dbgenerated("generate_prefixed_cuid('int'::text)"))
+  name           String
+  integrationId  String
+  settings       Json
+  userSettings   Json
+  organizationId String
+  lastRunAt      DateTime?
+  organization   Organization        @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  results        IntegrationResult[]
+
+  @@index([organizationId])
+}
+
+model IntegrationResult {
+  id             String    @id @default(dbgenerated("generate_prefixed_cuid('itr'::text)"))
+  title          String?
+  description    String?
+  remediation    String?
+  status         String?
+  severity       String?
+  resultDetails  Json?
+  completedAt    DateTime? @default(now())
+  integrationId  String
+  organizationId String
+  assignedUserId String?
+
+  assignedUser User?       @relation(fields: [assignedUserId], references: [id], onDelete: Cascade)
+  integration  Integration @relation(fields: [integrationId], references: [id], onDelete: Cascade)
+
+  @@index([integrationId])
+}

package/prisma/schema/onboarding.prisma

@@ -0,0 +1,18 @@
+model Onboarding {
+    organizationId        String       @id
+    organization          Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+    policies              Boolean      @default(false)
+    employees             Boolean      @default(false)
+    vendors               Boolean      @default(false)
+    integrations          Boolean      @default(false)
+    risk                  Boolean      @default(false)
+    team                  Boolean      @default(false)
+    tasks                 Boolean      @default(false)
+    callBooked            Boolean      @default(false)
+    companyBookingDetails Json?
+    companyDetails        Json?
+    triggerJobId          String?
+    triggerJobCompleted   Boolean      @default(false)
+
+    @@index([organizationId])
+}

package/prisma/schema/organization.prisma

@@ -0,0 +1,34 @@
+model Organization {
+  id                  String      @id @default(dbgenerated("generate_prefixed_cuid('org'::text)"))
+  name                String
+  slug                String      @unique @default(dbgenerated("generate_prefixed_cuid('slug'::text)"))
+  logo                String?
+  createdAt           DateTime    @default(now())
+  metadata            String?
+  onboarding          Onboarding?
+  website             String?
+  onboardingCompleted Boolean     @default(false)
+  hasAccess           Boolean     @default(false)
+
+  // FleetDM
+  fleetDmLabelId        Int?
+  isFleetSetupCompleted Boolean @default(false)
+
+  apiKeys            ApiKey[]
+  auditLog           AuditLog[]
+  controls           Control[]
+  frameworkInstances FrameworkInstance[]
+  integrations       Integration[]
+  invitations        Invitation[]
+  members            Member[]
+  policy             Policy[]
+  risk               Risk[]
+  vendors            Vendor[]
+  tasks              Task[]
+  comments           Comment[]
+  attachments        Attachment[]
+  trust              Trust[]
+  context            Context[]
+
+  @@index([slug])
+}

package/prisma/schema/policy.prisma

@@ -0,0 +1,32 @@
+model Policy {
+  id               String       @id @default(dbgenerated("generate_prefixed_cuid('pol'::text)"))
+  name             String
+  description      String?
+  status           PolicyStatus @default(draft)
+  content          Json[]
+  frequency        Frequency?
+  department       Departments?
+  isRequiredToSign Boolean      @default(false)
+  signedBy         String[]     @default([])
+  reviewDate       DateTime?
+  isArchived       Boolean      @default(false)
+
+  // Dates
+  createdAt       DateTime  @default(now())
+  updatedAt       DateTime  @updatedAt
+  lastArchivedAt  DateTime?
+  lastPublishedAt DateTime?
+
+  // Relationships
+  organizationId   String
+  organization     Organization                   @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  assigneeId       String?
+  assignee         Member?                        @relation("PolicyAssignee", fields: [assigneeId], references: [id], onDelete: SetNull, onUpdate: Cascade)
+  approverId       String?
+  approver         Member?                        @relation("PolicyApprover", fields: [approverId], references: [id], onDelete: SetNull, onUpdate: Cascade)
+  policyTemplateId String?
+  policyTemplate   FrameworkEditorPolicyTemplate? @relation(fields: [policyTemplateId], references: [id])
+  controls         Control[]
+
+  @@index([organizationId])
+}

package/prisma/schema/requirement.prisma

@@ -0,0 +1,15 @@
+model RequirementMap {
+    id String @id @default(dbgenerated("generate_prefixed_cuid('req'::text)"))
+
+    requirementId String
+    requirement   FrameworkEditorRequirement @relation(fields: [requirementId], references: [id], onDelete: Cascade)
+
+    controlId String
+    control   Control @relation(fields: [controlId], references: [id], onDelete: Cascade)
+
+    frameworkInstanceId String
+    frameworkInstance   FrameworkInstance @relation(fields: [frameworkInstanceId], references: [id], onDelete: Cascade)
+
+    @@unique([controlId, frameworkInstanceId, requirementId])
+    @@index([requirementId, frameworkInstanceId])
+}

package/prisma/schema/risk.prisma

@@ -0,0 +1,57 @@
+model Risk {
+  // Metadata
+  id                           String            @id @default(dbgenerated("generate_prefixed_cuid('rsk'::text)"))
+  title                        String
+  description                  String
+  category                     RiskCategory
+  department                   Departments?
+  status                       RiskStatus        @default(open)
+  likelihood                   Likelihood        @default(very_unlikely)
+  impact                       Impact            @default(insignificant)
+  residualLikelihood           Likelihood        @default(very_unlikely)
+  residualImpact               Impact            @default(insignificant)
+  treatmentStrategyDescription String?
+  treatmentStrategy            RiskTreatmentType @default(accept)
+
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  // Relationships
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  assigneeId     String?
+  assignee       Member?      @relation(fields: [assigneeId], references: [id])
+  tasks          Task[]
+
+  @@index([organizationId])
+  @@index([category])
+  @@index([status])
+}
+
+enum RiskTreatmentType {
+  accept
+  avoid
+  mitigate
+  transfer
+}
+
+enum RiskCategory {
+  customer
+  governance
+  operations
+  other
+  people
+  regulatory
+  reporting
+  resilience
+  technology
+  vendor_management
+}
+
+enum RiskStatus {
+  open
+  pending
+  closed
+  archived
+}