@trycompai/db 1.3.17 → 1.3.18

package/dist/schema.prisma

@@ -14,161 +14,165 @@ datasource db {
 
 // ===== attachments.prisma =====
 model Attachment {
-    id         String               @id @default(dbgenerated("generate_prefixed_cuid('att'::text)"))
-    name       String
-    url        String
-    type       AttachmentType
-    entityId   String
-    entityType AttachmentEntityType
+  id         String               @id @default(dbgenerated("generate_prefixed_cuid('att'::text)"))
+  name       String
+  url        String
+  type       AttachmentType
+  entityId   String
+  entityType AttachmentEntityType
 
-    // Dates
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    // Relationships
-    organizationId String
-    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-    comment        Comment?     @relation(fields: [commentId], references: [id])
-    commentId      String?
+  // Relationships
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  comment        Comment?     @relation(fields: [commentId], references: [id])
+  commentId      String?
 
-    @@index([entityId, entityType])
+  @@index([entityId, entityType])
 }
 
 enum AttachmentEntityType {
-    task
-    vendor
-    risk
-    comment
+  task
+  vendor
+  risk
+  comment
+  trust_nda
 }
 
 enum AttachmentType {
-    image
-    video
-    audio
-    document
-    other
+  image
+  video
+  audio
+  document
+  other
 }
 
 
 // ===== auth.prisma =====
 model User {
-    id            String    @id @default(dbgenerated("generate_prefixed_cuid('usr'::text)"))
-    name          String
-    email         String
-    emailVerified Boolean
-    image         String?
-    createdAt     DateTime  @default(now())
-    updatedAt     DateTime  @updatedAt
-    lastLogin     DateTime?
-
-    accounts           Account[]
-    auditLog           AuditLog[]
-    integrationResults IntegrationResult[]
-    invitations        Invitation[]
-    members            Member[]
-    sessions           Session[]
+  id            String    @id @default(dbgenerated("generate_prefixed_cuid('usr'::text)"))
+  name          String
+  email         String
+  emailVerified Boolean
+  image         String?
+  createdAt     DateTime  @default(now())
+  updatedAt     DateTime  @updatedAt
+  lastLogin     DateTime?
+
+  accounts           Account[]
+  auditLog           AuditLog[]
+  integrationResults IntegrationResult[]
+  invitations        Invitation[]
+  members            Member[]
+  sessions           Session[]
 
-    @@unique([email])
+  @@unique([email])
 }
 
 model EmployeeTrainingVideoCompletion {
-    id          String    @id @default(dbgenerated("generate_prefixed_cuid('evc'::text)"))
-    completedAt DateTime?
-    videoId     String
+  id          String    @id @default(dbgenerated("generate_prefixed_cuid('evc'::text)"))
+  completedAt DateTime?
+  videoId     String
 
-    memberId String
-    member   Member @relation(fields: [memberId], references: [id], onDelete: Cascade)
+  memberId String
+  member   Member @relation(fields: [memberId], references: [id], onDelete: Cascade)
 
-    @@unique([memberId, videoId])
-    @@index([memberId])
+  @@unique([memberId, videoId])
+  @@index([memberId])
 }
 
 model Session {
-    id                   String   @id @default(dbgenerated("generate_prefixed_cuid('ses'::text)"))
-    expiresAt            DateTime
-    token                String
-    createdAt            DateTime @default(now())
-    updatedAt            DateTime @updatedAt
-    ipAddress            String?
-    userAgent            String?
-    userId               String
-    activeOrganizationId String?
-    user                 User     @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-    @@unique([token])
+  id                   String   @id @default(dbgenerated("generate_prefixed_cuid('ses'::text)"))
+  expiresAt            DateTime
+  token                String
+  createdAt            DateTime @default(now())
+  updatedAt            DateTime @updatedAt
+  ipAddress            String?
+  userAgent            String?
+  userId               String
+  activeOrganizationId String?
+  user                 User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@unique([token])
 }
 
 model Account {
-    id                    String    @id @default(dbgenerated("generate_prefixed_cuid('acc'::text)"))
-    accountId             String
-    providerId            String
-    userId                String
-    user                  User      @relation(fields: [userId], references: [id], onDelete: Cascade)
-    accessToken           String?
-    refreshToken          String?
-    idToken               String?
-    accessTokenExpiresAt  DateTime?
-    refreshTokenExpiresAt DateTime?
-    scope                 String?
-    password              String?
-    createdAt             DateTime
-    updatedAt             DateTime
+  id                    String    @id @default(dbgenerated("generate_prefixed_cuid('acc'::text)"))
+  accountId             String
+  providerId            String
+  userId                String
+  user                  User      @relation(fields: [userId], references: [id], onDelete: Cascade)
+  accessToken           String?
+  refreshToken          String?
+  idToken               String?
+  accessTokenExpiresAt  DateTime?
+  refreshTokenExpiresAt DateTime?
+  scope                 String?
+  password              String?
+  createdAt             DateTime
+  updatedAt             DateTime
 }
 
 model Verification {
-    id         String   @id @default(dbgenerated("generate_prefixed_cuid('ver'::text)"))
-    identifier String
-    value      String
-    expiresAt  DateTime
-    createdAt  DateTime @default(now())
-    updatedAt  DateTime @updatedAt
+  id         String   @id @default(dbgenerated("generate_prefixed_cuid('ver'::text)"))
+  identifier String
+  value      String
+  expiresAt  DateTime
+  createdAt  DateTime @default(now())
+  updatedAt  DateTime @updatedAt
 }
 
 // JWT Plugin - Required by Better Auth JWT plugin
 // https://www.better-auth.com/docs/plugins/jwt
 model Jwks {
-    id         String   @id @default(dbgenerated("generate_prefixed_cuid('jwk'::text)"))
-    publicKey  String
-    privateKey String
-    createdAt  DateTime @default(now())
+  id         String   @id @default(dbgenerated("generate_prefixed_cuid('jwk'::text)"))
+  publicKey  String
+  privateKey String
+  createdAt  DateTime @default(now())
 
-    @@map("jwks")
+  @@map("jwks")
 }
 
 model Member {
-    id             String       @id @default(dbgenerated("generate_prefixed_cuid('mem'::text)"))
-    organizationId String
-    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-    userId         String
-    user           User         @relation(fields: [userId], references: [id], onDelete: Cascade)
-    role           String // Purposefully a string, since BetterAuth doesn't support enums this way
-    createdAt      DateTime     @default(now())
-
-    department                      Departments                       @default(none)
-    isActive                        Boolean                           @default(true)
-    deactivated                     Boolean                           @default(false)
-    employeeTrainingVideoCompletion EmployeeTrainingVideoCompletion[]
-    fleetDmLabelId                  Int?
+  id             String       @id @default(dbgenerated("generate_prefixed_cuid('mem'::text)"))
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  userId         String
+  user           User         @relation(fields: [userId], references: [id], onDelete: Cascade)
+  role           String // Purposefully a string, since BetterAuth doesn't support enums this way
+  createdAt      DateTime     @default(now())
 
-    assignedPolicies Policy[]   @relation("PolicyAssignee") // Policies where this member is an assignee
-    approvedPolicies Policy[]   @relation("PolicyApprover") // Policies where this member is an approver
-    risks            Risk[]
-    tasks            Task[]
-    vendors          Vendor[]
-    comments         Comment[]
-    auditLogs        AuditLog[]
+  department                      Departments                       @default(none)
+  isActive                        Boolean                           @default(true)
+    deactivated                     Boolean                           @default(false)
+  employeeTrainingVideoCompletion EmployeeTrainingVideoCompletion[]
+  fleetDmLabelId                  Int?
+
+  assignedPolicies       Policy[]             @relation("PolicyAssignee") // Policies where this member is an assignee
+  approvedPolicies       Policy[]             @relation("PolicyApprover") // Policies where this member is an approver
+  risks                  Risk[]
+  tasks                  Task[]
+  vendors                Vendor[]
+  comments               Comment[]
+  auditLogs              AuditLog[]
+  reviewedAccessRequests TrustAccessRequest[] @relation("TrustAccessRequestReviewer")
+  issuedGrants           TrustAccessGrant[]   @relation("IssuedGrants")
+  revokedGrants          TrustAccessGrant[]   @relation("RevokedGrants")
 }
 
 model Invitation {
-    id             String       @id @default(dbgenerated("generate_prefixed_cuid('inv'::text)"))
-    organizationId String
-    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-    email          String
-    role           String // Purposefully a string, since BetterAuth doesn't support enums this way
-    status         String
-    expiresAt      DateTime
-    inviterId      String
-    user           User         @relation(fields: [inviterId], references: [id], onDelete: Cascade)
+  id             String       @id @default(dbgenerated("generate_prefixed_cuid('inv'::text)"))
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  email          String
+  role           String // Purposefully a string, since BetterAuth doesn't support enums this way
+  status         String
+  expiresAt      DateTime
+  inviterId      String
+  user           User         @relation(fields: [inviterId], references: [id], onDelete: Cascade)
 }
 
 // This is only for the app to consume, shouldn't be enforced by DB
@@ -182,111 +186,111 @@ enum Role {
 }
 
 enum PolicyStatus {
-    draft
-    published
-    needs_review
+  draft
+  published
+  needs_review
 }
 
 
 // ===== automation-run.prisma =====
 model EvidenceAutomationRun {
-    id        String   @id @default(dbgenerated("generate_prefixed_cuid('ear'::text)"))
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
-
-    // Relations
-    evidenceAutomationId String
-    evidenceAutomation   EvidenceAutomation @relation(fields: [evidenceAutomationId], references: [id], onDelete: Cascade)
-
-    // Run details
-    status      EvidenceAutomationRunStatus @default(pending)
-    startedAt   DateTime?
-    completedAt DateTime?
-
-    // Results
-    success Boolean?
-    error   String?
-    logs    Json?
-    output  Json?
-
-    // Evaluation
-    evaluationStatus EvidenceAutomationEvaluationStatus?
-    evaluationReason String?
-
-    // Metadata
-    triggeredBy EvidenceAutomationTrigger @default(scheduled)
-    runDuration Int? // in milliseconds
-    version     Int? // Version number that was executed (null = draft)
-    Task        Task?                     @relation(fields: [taskId], references: [id])
-    taskId      String?
-
-    @@index([evidenceAutomationId])
-    @@index([status])
-    @@index([createdAt])
-    @@index([version])
+  id        String   @id @default(dbgenerated("generate_prefixed_cuid('ear'::text)"))
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  // Relations
+  evidenceAutomationId String
+  evidenceAutomation   EvidenceAutomation @relation(fields: [evidenceAutomationId], references: [id], onDelete: Cascade)
+
+  // Run details
+  status      EvidenceAutomationRunStatus @default(pending)
+  startedAt   DateTime?
+  completedAt DateTime?
+
+  // Results
+  success Boolean?
+  error   String?
+  logs    Json?
+  output  Json?
+
+  // Evaluation
+  evaluationStatus EvidenceAutomationEvaluationStatus?
+  evaluationReason String?
+
+  // Metadata
+  triggeredBy EvidenceAutomationTrigger @default(scheduled)
+  runDuration Int? // in milliseconds
+  version     Int? // Version number that was executed (null = draft)
+  Task        Task?                     @relation(fields: [taskId], references: [id])
+  taskId      String?
+
+  @@index([evidenceAutomationId])
+  @@index([status])
+  @@index([createdAt])
+  @@index([version])
 }
 
 enum EvidenceAutomationRunStatus {
-    pending
-    running
-    completed
-    failed
-    cancelled
+  pending
+  running
+  completed
+  failed
+  cancelled
 }
 
 enum EvidenceAutomationTrigger {
-    manual
-    scheduled
-    api
+  manual
+  scheduled
+  api
 }
 
 enum EvidenceAutomationEvaluationStatus {
-    pass
-    fail
+  pass
+  fail
 }
 
 
 // ===== automation-version.prisma =====
 model EvidenceAutomationVersion {
-    id        String   @id @default(dbgenerated("generate_prefixed_cuid('eav'::text)"))
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  id        String   @id @default(dbgenerated("generate_prefixed_cuid('eav'::text)"))
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    // Relations
-    evidenceAutomationId String
-    evidenceAutomation   EvidenceAutomation @relation(fields: [evidenceAutomationId], references: [id], onDelete: Cascade)
+  // Relations
+  evidenceAutomationId String
+  evidenceAutomation   EvidenceAutomation @relation(fields: [evidenceAutomationId], references: [id], onDelete: Cascade)
 
-    // Version details
-    version     Int // Sequential version number (1, 2, 3...)
-    scriptKey   String // S3 key for this version's script
-    publishedBy String? // User ID who published
-    changelog   String? // Optional description of changes
+  // Version details
+  version     Int // Sequential version number (1, 2, 3...)
+  scriptKey   String // S3 key for this version's script
+  publishedBy String? // User ID who published
+  changelog   String? // Optional description of changes
 
-    @@unique([evidenceAutomationId, version])
-    @@index([evidenceAutomationId])
-    @@index([createdAt])
+  @@unique([evidenceAutomationId, version])
+  @@index([evidenceAutomationId])
+  @@index([createdAt])
 }
 
 
 // ===== automation.prisma =====
 model EvidenceAutomation {
-    id          String   @id @default(dbgenerated("generate_prefixed_cuid('aut'::text)"))
-    name        String
-    description String?
-    createdAt   DateTime @default(now())
-    isEnabled   Boolean  @default(false)
+  id          String   @id @default(dbgenerated("generate_prefixed_cuid('aut'::text)"))
+  name        String
+  description String?
+  createdAt   DateTime @default(now())
+  isEnabled   Boolean  @default(false)
 
-    chatHistory        String?
-    evaluationCriteria String?
+  chatHistory        String?
+  evaluationCriteria String?
 
-    taskId String
-    task   Task   @relation(fields: [taskId], references: [id], onDelete: Cascade)
+  taskId String
+  task   Task   @relation(fields: [taskId], references: [id], onDelete: Cascade)
 
-    // Relations
-    runs     EvidenceAutomationRun[]
-    versions EvidenceAutomationVersion[]
+  // Relations
+  runs     EvidenceAutomationRun[]
+  versions EvidenceAutomationVersion[]
 
-    @@index([taskId])
+  @@index([taskId])
 }
 
 
@@ -322,22 +326,22 @@ enum CommentEntityType {
 
 // ===== context.prisma =====
 model Context {
-    id             String       @id @default(dbgenerated("generate_prefixed_cuid('ctx'::text)"))
-    organizationId String
-    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  id             String       @id @default(dbgenerated("generate_prefixed_cuid('ctx'::text)"))
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
 
-    question String
-    answer   String
+  question String
+  answer   String
 
-    tags String[]
+  tags String[]
 
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    @@index([organizationId])
-    @@index([question])
-    @@index([answer])
-    @@index([tags])
+  @@index([organizationId])
+  @@index([question])
+  @@index([answer])
+  @@index([tags])
 }
 
 
@@ -368,99 +372,99 @@ model Control {
 // ===== framework-editor.prisma =====
 // --- Data for Framework Editor ---
 model FrameworkEditorVideo {
-    id          String @id @default(dbgenerated("generate_prefixed_cuid('frk_vi'::text)"))
-    title       String
-    description String
-    youtubeId   String
-    url         String
+  id          String @id @default(dbgenerated("generate_prefixed_cuid('frk_vi'::text)"))
+  title       String
+  description String
+  youtubeId   String
+  url         String
 
-    // Dates
-    createdAt DateTime @default(now())
-    updatedAt DateTime @default(now()) @updatedAt
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @default(now()) @updatedAt
 }
 
 model FrameworkEditorFramework {
-    id          String  @id @default(dbgenerated("generate_prefixed_cuid('frk'::text)"))
-    name        String // e.g., "soc2", "iso27001"
-    version     String
-    description String
-    visible     Boolean @default(false)
+  id          String  @id @default(dbgenerated("generate_prefixed_cuid('frk'::text)"))
+  name        String // e.g., "soc2", "iso27001"
+  version     String
+  description String
+  visible     Boolean @default(false)
 
-    requirements       FrameworkEditorRequirement[]
-    frameworkInstances FrameworkInstance[]
+  requirements       FrameworkEditorRequirement[]
+  frameworkInstances FrameworkInstance[]
 
-    // Dates
-    createdAt DateTime @default(now())
-    updatedAt DateTime @default(now()) @updatedAt
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @default(now()) @updatedAt
 }
 
 model FrameworkEditorRequirement {
-    id          String                   @id @default(dbgenerated("generate_prefixed_cuid('frk_rq'::text)"))
-    frameworkId String
-    framework   FrameworkEditorFramework @relation(fields: [frameworkId], references: [id])
+  id          String                   @id @default(dbgenerated("generate_prefixed_cuid('frk_rq'::text)"))
+  frameworkId String
+  framework   FrameworkEditorFramework @relation(fields: [frameworkId], references: [id])
 
-    name        String // Original requirement ID within that framework, e.g., "Privacy"
-    identifier  String @default("") // Unique identifier for the requirement, e.g., "cc1-1"
-    description String
+  name        String // Original requirement ID within that framework, e.g., "Privacy"
+  identifier  String @default("") // Unique identifier for the requirement, e.g., "cc1-1"
+  description String
 
-    controlTemplates FrameworkEditorControlTemplate[]
-    requirementMaps  RequirementMap[]
+  controlTemplates FrameworkEditorControlTemplate[]
+  requirementMaps  RequirementMap[]
 
-    // Dates
-    createdAt DateTime @default(now())
-    updatedAt DateTime @default(now()) @updatedAt
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @default(now()) @updatedAt
 }
 
 model FrameworkEditorPolicyTemplate {
-    id          String      @id @default(dbgenerated("generate_prefixed_cuid('frk_pt'::text)"))
-    name        String
-    description String
-    frequency   Frequency // Using the enum from shared.prisma
-    department  Departments // Using the enum from shared.prisma
-    content     Json
+  id          String      @id @default(dbgenerated("generate_prefixed_cuid('frk_pt'::text)"))
+  name        String
+  description String
+  frequency   Frequency // Using the enum from shared.prisma
+  department  Departments // Using the enum from shared.prisma
+  content     Json
 
-    controlTemplates FrameworkEditorControlTemplate[]
+  controlTemplates FrameworkEditorControlTemplate[]
 
-    // Dates
-    createdAt DateTime @default(now())
-    updatedAt DateTime @default(now()) @updatedAt
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @default(now()) @updatedAt
 
-    // Instances
-    policies Policy[]
+  // Instances
+  policies Policy[]
 }
 
 model FrameworkEditorTaskTemplate {
-    id          String      @id @default(dbgenerated("generate_prefixed_cuid('frk_tt'::text)"))
-    name        String
-    description String
-    frequency   Frequency // Using the enum from shared.prisma
-    department  Departments // Using the enum from shared.prisma
+  id          String      @id @default(dbgenerated("generate_prefixed_cuid('frk_tt'::text)"))
+  name        String
+  description String
+  frequency   Frequency // Using the enum from shared.prisma
+  department  Departments // Using the enum from shared.prisma
 
-    controlTemplates FrameworkEditorControlTemplate[]
+  controlTemplates FrameworkEditorControlTemplate[]
 
-    // Dates
-    createdAt DateTime @default(now())
-    updatedAt DateTime @default(now()) @updatedAt
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @default(now()) @updatedAt
 
-    // Instances
-    tasks Task[]
+  // Instances
+  tasks Task[]
 }
 
 model FrameworkEditorControlTemplate {
-    id          String @id @default(dbgenerated("generate_prefixed_cuid('frk_ct'::text)"))
-    name        String
-    description String
+  id          String @id @default(dbgenerated("generate_prefixed_cuid('frk_ct'::text)"))
+  name        String
+  description String
 
-    policyTemplates FrameworkEditorPolicyTemplate[]
-    requirements    FrameworkEditorRequirement[]
-    taskTemplates   FrameworkEditorTaskTemplate[]
+  policyTemplates FrameworkEditorPolicyTemplate[]
+  requirements    FrameworkEditorRequirement[]
+  taskTemplates   FrameworkEditorTaskTemplate[]
 
-    // Dates
-    createdAt DateTime @default(now())
-    updatedAt DateTime @default(now()) @updatedAt
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @default(now()) @updatedAt
 
-    // Instances
-    controls Control[]
+  // Instances
+  controls Control[]
 }
 
 
@@ -516,24 +520,59 @@ model IntegrationResult {
 }
 
 
+// ===== knowledge-base-document.prisma =====
+model KnowledgeBaseDocument {
+  id             String   @id @default(dbgenerated("generate_prefixed_cuid('kbd'::text)"))
+  name           String   // Original filename
+  description    String?  // Optional user description/notes
+  s3Key          String   // S3 storage key (e.g., "org123/knowledge-base-documents/timestamp-file.pdf")
+  fileType       String   // MIME type (e.g., "application/pdf")
+  fileSize       Int      // File size in bytes
+  processingStatus KnowledgeBaseDocumentProcessingStatus @default(pending) // Track indexing status
+  processedAt    DateTime? // When indexing completed
+  triggerRunId   String?  // Trigger.dev run ID for tracking processing progress
+
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  // Relationships
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+  @@index([organizationId])
+  @@index([organizationId, processingStatus])
+  @@index([s3Key])
+  @@index([triggerRunId])
+}
+
+enum KnowledgeBaseDocumentProcessingStatus {
+  pending     // Uploaded but not yet processed/indexed
+  processing  // Currently being processed/indexed
+  completed   // Successfully indexed in vector database
+  failed      // Processing failed
+}
+
+
+
 // ===== onboarding.prisma =====
 model Onboarding {
-    organizationId        String       @id
-    organization          Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-    policies              Boolean      @default(false)
-    employees             Boolean      @default(false)
-    vendors               Boolean      @default(false)
-    integrations          Boolean      @default(false)
-    risk                  Boolean      @default(false)
-    team                  Boolean      @default(false)
-    tasks                 Boolean      @default(false)
-    callBooked            Boolean      @default(false)
-    companyBookingDetails Json?
-    companyDetails        Json?
-    triggerJobId          String?
-    triggerJobCompleted   Boolean      @default(false)
+  organizationId        String       @id
+  organization          Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  policies              Boolean      @default(false)
+  employees             Boolean      @default(false)
+  vendors               Boolean      @default(false)
+  integrations          Boolean      @default(false)
+  risk                  Boolean      @default(false)
+  team                  Boolean      @default(false)
+  tasks                 Boolean      @default(false)
+  callBooked            Boolean      @default(false)
+  companyBookingDetails Json?
+  companyDetails        Json?
+  triggerJobId          String?
+  triggerJobCompleted   Boolean      @default(false)
 
-    @@index([organizationId])
+  @@index([organizationId])
 }
 
 
@@ -555,22 +594,28 @@ model Organization {
   fleetDmLabelId        Int?
   isFleetSetupCompleted Boolean @default(false)
 
-  apiKeys            ApiKey[]
-  auditLog           AuditLog[]
-  controls           Control[]
-  frameworkInstances FrameworkInstance[]
-  integrations       Integration[]
-  invitations        Invitation[]
-  members            Member[]
-  policy             Policy[]
-  risk               Risk[]
-  vendors            Vendor[]
-  tasks              Task[]
-  comments           Comment[]
-  attachments        Attachment[]
-  trust              Trust[]
-  context            Context[]
-  secrets            Secret[]
+  apiKeys             ApiKey[]
+  auditLog            AuditLog[]
+  controls            Control[]
+  frameworkInstances  FrameworkInstance[]
+  integrations        Integration[]
+  invitations         Invitation[]
+  members             Member[]
+  policy              Policy[]
+  risk                Risk[]
+  vendors             Vendor[]
+  tasks               Task[]
+  comments            Comment[]
+  attachments         Attachment[]
+  trust               Trust[]
+  context             Context[]
+  secrets             Secret[]
+  trustAccessRequests TrustAccessRequest[]
+  trustNdaAgreements  TrustNDAAgreement[]
+  trustDocuments      TrustDocument[]
+  knowledgeBaseDocuments KnowledgeBaseDocument[]
+  questionnaires         Questionnaire[]
+  securityQuestionnaireManualAnswers SecurityQuestionnaireManualAnswer[]
 
   @@index([slug])
 }
@@ -618,21 +663,85 @@ model Policy {
 }
 
 
+// ===== questionnaire.prisma =====
+model Questionnaire {
+  id             String   @id @default(dbgenerated("generate_prefixed_cuid('qst'::text)"))
+  filename       String   // Original filename
+  s3Key          String   // S3 storage key for the uploaded file
+  fileType       String   // MIME type (e.g., "application/pdf")
+  fileSize       Int      // File size in bytes
+  status         QuestionnaireStatus @default(parsing) // Parsing status
+  parsedAt       DateTime? // When parsing completed
+  totalQuestions Int      @default(0) // Total number of questions parsed
+  answeredQuestions Int   @default(0) // Number of questions with answers
+
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  // Relationships
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  questions      QuestionnaireQuestionAnswer[]
+  manualAnswers  SecurityQuestionnaireManualAnswer[] // Manual answers saved from this questionnaire
+
+  @@index([organizationId])
+  @@index([organizationId, createdAt])
+  @@index([status])
+}
+
+model QuestionnaireQuestionAnswer {
+  id             String   @id @default(dbgenerated("generate_prefixed_cuid('qqa'::text)"))
+  question       String   // The question text
+  answer          String?  // The answer (nullable if not provided in file or not generated yet)
+  status          QuestionnaireAnswerStatus @default(untouched) // Answer status
+  questionIndex   Int      // Order/index of the question in the questionnaire
+  sources         Json?    // Sources used for generated answers (array of source objects)
+  generatedAt     DateTime? // When answer was generated (if status is generated)
+  updatedBy       String?  // User ID who last updated the answer (if manual)
+
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  // Relationships
+  questionnaireId String
+  questionnaire   Questionnaire @relation(fields: [questionnaireId], references: [id], onDelete: Cascade)
+
+  @@index([questionnaireId])
+  @@index([questionnaireId, questionIndex])
+  @@index([status])
+}
+
+enum QuestionnaireStatus {
+  parsing    // Currently being parsed
+  completed  // Successfully parsed
+  failed     // Parsing failed
+}
+
+enum QuestionnaireAnswerStatus {
+  untouched  // No answer yet (empty or not generated)
+  generated  // AI generated answer
+  manual     // Manually written/edited by user
+}
+
+
+
 // ===== requirement.prisma =====
 model RequirementMap {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('req'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('req'::text)"))
 
-    requirementId String
-    requirement   FrameworkEditorRequirement @relation(fields: [requirementId], references: [id], onDelete: Cascade)
+  requirementId String
+  requirement   FrameworkEditorRequirement @relation(fields: [requirementId], references: [id], onDelete: Cascade)
 
-    controlId String
-    control   Control @relation(fields: [controlId], references: [id], onDelete: Cascade)
+  controlId String
+  control   Control @relation(fields: [controlId], references: [id], onDelete: Cascade)
 
-    frameworkInstanceId String
-    frameworkInstance   FrameworkInstance @relation(fields: [frameworkInstanceId], references: [id], onDelete: Cascade)
+  frameworkInstanceId String
+  frameworkInstance   FrameworkInstance @relation(fields: [frameworkInstanceId], references: [id], onDelete: Cascade)
 
-    @@unique([controlId, frameworkInstanceId, requirementId])
-    @@index([requirementId, frameworkInstanceId])
+  @@unique([controlId, frameworkInstanceId, requirementId])
+  @@index([requirementId, frameworkInstanceId])
 }
 
 
@@ -699,228 +808,406 @@ enum RiskStatus {
 
 // ===== secret.prisma =====
 model Secret {
-    id             String    @id @default(dbgenerated("generate_prefixed_cuid('sec'::text)"))
-    organizationId String    @map("organization_id")
-    name           String
-    value          String    @db.Text // Encrypted value
-    description    String?   @db.Text
-    category       String? // e.g., "api", "webhook", "database", etc.
-    lastUsedAt     DateTime? @map("last_used_at")
-    createdAt      DateTime  @default(now()) @map("created_at")
-    updatedAt      DateTime  @updatedAt @map("updated_at")
+  id             String    @id @default(dbgenerated("generate_prefixed_cuid('sec'::text)"))
+  organizationId String    @map("organization_id")
+  name           String
+  value          String    @db.Text // Encrypted value
+  description    String?   @db.Text
+  category       String? // e.g., "api", "webhook", "database", etc.
+  lastUsedAt     DateTime? @map("last_used_at")
+  createdAt      DateTime  @default(now()) @map("created_at")
+  updatedAt      DateTime  @updatedAt @map("updated_at")
+
+  organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+  @@unique([organizationId, name])
+  @@map("secrets")
+}
 
-    organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
 
-    @@unique([organizationId, name])
-    @@map("secrets")
+// ===== security-questionnaire-manual-answer.prisma =====
+model SecurityQuestionnaireManualAnswer {
+  id             String   @id @default(dbgenerated("generate_prefixed_cuid('sqma'::text)"))
+  question       String   // The question text
+  answer         String   // The answer text (required for saved answers)
+  tags           String[] @default([]) // Optional tags for categorization
+  
+  // Optional reference to original questionnaire (for tracking)
+  sourceQuestionnaireId String?
+  sourceQuestionnaire   Questionnaire? @relation(fields: [sourceQuestionnaireId], references: [id], onDelete: SetNull)
+  
+  // User who created/updated this answer
+  createdBy      String?  // User ID
+  updatedBy      String?  // User ID
+  
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  
+  // Relationships
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  
+  @@index([organizationId])
+  @@index([organizationId, question])
+  @@index([tags])
+  @@index([createdAt])
+  @@unique([organizationId, question]) // Prevent duplicate questions per organization
 }
 
 
+
 // ===== shared.prisma =====
 model ApiKey {
-    id         String    @id @default(dbgenerated("generate_prefixed_cuid('apk'::text)"))
-    name       String
-    key        String    @unique
-    salt       String?
-    createdAt  DateTime  @default(now())
-    expiresAt  DateTime?
-    lastUsedAt DateTime?
-    isActive   Boolean   @default(true)
+  id         String    @id @default(dbgenerated("generate_prefixed_cuid('apk'::text)"))
+  name       String
+  key        String    @unique
+  salt       String?
+  createdAt  DateTime  @default(now())
+  expiresAt  DateTime?
+  lastUsedAt DateTime?
+  isActive   Boolean   @default(true)
 
-    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-    organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  organizationId String
 
-    @@index([organizationId])
-    @@index([key])
+  @@index([organizationId])
+  @@index([key])
 }
 
 model AuditLog {
-    id             String              @id @default(dbgenerated("generate_prefixed_cuid('aud'::text)"))
-    timestamp      DateTime            @default(now())
-    organizationId String
-    userId         String
-    memberId       String?
-    data           Json
-    description    String?
-    entityId       String?
-    entityType     AuditLogEntityType?
-
-    organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-    user         User         @relation(fields: [userId], references: [id], onDelete: Cascade)
-    member       Member?      @relation(fields: [memberId], references: [id], onDelete: Cascade)
-
-    @@index([userId])
-    @@index([organizationId])
-    @@index([memberId])
-    @@index([entityType])
+  id             String              @id @default(dbgenerated("generate_prefixed_cuid('aud'::text)"))
+  timestamp      DateTime            @default(now())
+  organizationId String
+  userId         String
+  memberId       String?
+  data           Json
+  description    String?
+  entityId       String?
+  entityType     AuditLogEntityType?
+
+  organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  user         User         @relation(fields: [userId], references: [id], onDelete: Cascade)
+  member       Member?      @relation(fields: [memberId], references: [id], onDelete: Cascade)
+
+  @@index([userId])
+  @@index([organizationId])
+  @@index([memberId])
+  @@index([entityType])
 }
 
 enum AuditLogEntityType {
-    organization
-    framework
-    requirement
-    control
-    policy
-    task
-    people
-    risk
-    vendor
-    tests
-    integration
+  organization
+  framework
+  requirement
+  control
+  policy
+  task
+  people
+  risk
+  vendor
+  tests
+  integration
+  trust
 }
 
 model GlobalVendors {
-    website                     String   @id @unique
-    company_name                String?
-    legal_name                  String?
-    company_description         String?
-    company_hq_address          String?
-    privacy_policy_url          String?
-    terms_of_service_url        String?
-    service_level_agreement_url String?
-    security_page_url           String?
-    trust_page_url              String?
-    security_certifications     String[]
-    subprocessors               String[]
-    type_of_company             String?
-
-    approved  Boolean  @default(false)
-    createdAt DateTime @default(now())
-
-    @@index([website])
+  website                     String   @id @unique
+  company_name                String?
+  legal_name                  String?
+  company_description         String?
+  company_hq_address          String?
+  privacy_policy_url          String?
+  terms_of_service_url        String?
+  service_level_agreement_url String?
+  security_page_url           String?
+  trust_page_url              String?
+  security_certifications     String[]
+  subprocessors               String[]
+  type_of_company             String?
+
+  approved  Boolean  @default(false)
+  createdAt DateTime @default(now())
+
+  @@index([website])
 }
 
 enum Departments {
-    none
-    admin
-    gov
-    hr
-    it
-    itsm
-    qms
+  none
+  admin
+  gov
+  hr
+  it
+  itsm
+  qms
 }
 
 enum Frequency {
-    monthly
-    quarterly
-    yearly
+  monthly
+  quarterly
+  yearly
 }
 
 enum Likelihood {
-    very_unlikely
-    unlikely
-    possible
-    likely
-    very_likely
+  very_unlikely
+  unlikely
+  possible
+  likely
+  very_likely
 }
 
 enum Impact {
-    insignificant
-    minor
-    moderate
-    major
-    severe
+  insignificant
+  minor
+  moderate
+  major
+  severe
 }
 
 
 // ===== task.prisma =====
 model Task {
-    // Metadata
-    id          String         @id @default(dbgenerated("generate_prefixed_cuid('tsk'::text)"))
-    title       String
-    description String
-    status      TaskStatus     @default(todo)
-    frequency   TaskFrequency?
-    department  Departments?   @default(none)
-    order       Int            @default(0)
-
-    // Dates
-    createdAt       DateTime  @default(now())
-    updatedAt       DateTime  @updatedAt
-    lastCompletedAt DateTime?
-    reviewDate      DateTime?
-
-    // Relationships
-    assigneeId          String?
-    assignee            Member?                      @relation(fields: [assigneeId], references: [id])
-    organizationId      String
-    organization        Organization                 @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-    taskTemplateId      String?
-    taskTemplate        FrameworkEditorTaskTemplate? @relation(fields: [taskTemplateId], references: [id])
-    controls            Control[]
-    vendors             Vendor[]
-    risks               Risk[]
-    evidenceAutomations EvidenceAutomation[]
-
-    EvidenceAutomationRun EvidenceAutomationRun[]
+  // Metadata
+  id          String         @id @default(dbgenerated("generate_prefixed_cuid('tsk'::text)"))
+  title       String
+  description String
+  status      TaskStatus     @default(todo)
+  frequency   TaskFrequency?
+  department  Departments?   @default(none)
+  order       Int            @default(0)
+
+  // Dates
+  createdAt       DateTime  @default(now())
+  updatedAt       DateTime  @updatedAt
+  lastCompletedAt DateTime?
+  reviewDate      DateTime?
+
+  // Relationships
+  assigneeId          String?
+  assignee            Member?                      @relation(fields: [assigneeId], references: [id])
+  organizationId      String
+  organization        Organization                 @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  taskTemplateId      String?
+  taskTemplate        FrameworkEditorTaskTemplate? @relation(fields: [taskTemplateId], references: [id])
+  controls            Control[]
+  vendors             Vendor[]
+  risks               Risk[]
+  evidenceAutomations EvidenceAutomation[]
+
+  EvidenceAutomationRun EvidenceAutomationRun[]
 }
 
 enum TaskStatus {
-    todo
-    in_progress
-    done
-    not_relevant
-    failed
+  todo
+  in_progress
+  done
+  not_relevant
+  failed
 }
 
 enum TaskFrequency {
-    daily
-    weekly
-    monthly
-    quarterly
-    yearly
+  daily
+  weekly
+  monthly
+  quarterly
+  yearly
 }
 
 
 // ===== trust.prisma =====
 model Trust {
-    organizationId     String
-    organization       Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-    friendlyUrl        String?      @unique
-    domain             String?
-    domainVerified     Boolean      @default(false)
-    isVercelDomain     Boolean      @default(false)
-    vercelVerification String?
-    status             TrustStatus  @default(draft)
-    contactEmail       String?
-
-    email         String?
-    privacyPolicy String?
-    soc2          Boolean @default(false)
-    soc2type1     Boolean @default(false)
-    soc2type2     Boolean @default(false)
-    iso27001      Boolean @default(false)
-    iso42001      Boolean @default(false)
-    nen7510       Boolean @default(false)
-    gdpr          Boolean @default(false)
-    hipaa         Boolean @default(false)
-    pci_dss       Boolean @default(false)
-
-    soc2_status        FrameworkStatus @default(started)
-    soc2type1_status   FrameworkStatus @default(started)
-    soc2type2_status   FrameworkStatus @default(started)
-    iso27001_status    FrameworkStatus @default(started)
-    iso42001_status    FrameworkStatus @default(started)
-    nen7510_status     FrameworkStatus @default(started)
-    gdpr_status        FrameworkStatus @default(started)
-    hipaa_status       FrameworkStatus @default(started)
-    pci_dss_status     FrameworkStatus @default(started)
-
-    @@id([status, organizationId])
-    @@unique([organizationId])
-    @@index([organizationId])
-    @@index([friendlyUrl])
+  organizationId     String
+  organization       Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  friendlyUrl        String?      @unique
+  domain             String?
+  domainVerified     Boolean      @default(false)
+  isVercelDomain     Boolean      @default(false)
+  vercelVerification String?
+  status             TrustStatus  @default(draft)
+  contactEmail       String?
+
+  email         String?
+  privacyPolicy String?
+  soc2          Boolean @default(false)
+  soc2type1     Boolean @default(false)
+  soc2type2     Boolean @default(false)
+  iso27001      Boolean @default(false)
+  iso42001      Boolean @default(false)
+  nen7510       Boolean @default(false)
+  gdpr          Boolean @default(false)
+  hipaa         Boolean @default(false)
+  pci_dss       Boolean @default(false)
+  iso9001       Boolean @default(false)
+
+  soc2_status      FrameworkStatus @default(started)
+  soc2type1_status FrameworkStatus @default(started)
+  soc2type2_status FrameworkStatus @default(started)
+  iso27001_status  FrameworkStatus @default(started)
+  iso42001_status  FrameworkStatus @default(started)
+  nen7510_status   FrameworkStatus @default(started)
+  gdpr_status      FrameworkStatus @default(started)
+  hipaa_status     FrameworkStatus @default(started)
+  pci_dss_status   FrameworkStatus @default(started)
+  iso9001_status   FrameworkStatus @default(started)
+
+  @@id([status, organizationId])
+  @@unique([organizationId])
+  @@index([organizationId])
+  @@index([friendlyUrl])
 }
 
 enum TrustStatus {
-    draft
-    published
+  draft
+  published
 }
 
 enum FrameworkStatus {
-    started
-    in_progress
-    compliant
+  started
+  in_progress
+  compliant
+}
+
+model TrustAccessRequest {
+  id             String       @id @default(dbgenerated("generate_prefixed_cuid('tar'::text)"))
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+  name                  String
+  email                 String
+  company               String?
+  jobTitle              String?
+  purpose               String?
+  requestedDurationDays Int?
+
+  status           TrustAccessRequestStatus @default(under_review)
+  reviewerMemberId String?
+  reviewer         Member?                  @relation("TrustAccessRequestReviewer", fields: [reviewerMemberId], references: [id], onDelete: SetNull)
+  reviewedAt       DateTime?
+  decisionReason   String?
+
+  ipAddress String?
+  userAgent String?
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  grant         TrustAccessGrant?   @relation("RequestGrant")
+  ndaAgreements TrustNDAAgreement[] @relation("RequestNDA")
+
+  @@index([organizationId])
+  @@index([email])
+  @@index([status])
+  @@index([organizationId, status])
+}
+
+model TrustAccessGrant {
+  id String @id @default(dbgenerated("generate_prefixed_cuid('tag'::text)"))
+
+  accessRequestId String             @unique
+  accessRequest   TrustAccessRequest @relation("RequestGrant", fields: [accessRequestId], references: [id], onDelete: Cascade)
+
+  subjectEmail String
+
+  status    TrustAccessGrantStatus @default(active)
+  expiresAt DateTime
+
+  accessToken          String?   @unique
+  accessTokenExpiresAt DateTime?
+
+  issuedByMemberId String?
+  issuedBy         Member? @relation("IssuedGrants", fields: [issuedByMemberId], references: [id], onDelete: SetNull)
+
+  revokedAt         DateTime?
+  revokedByMemberId String?
+  revokedBy         Member?   @relation("RevokedGrants", fields: [revokedByMemberId], references: [id], onDelete: SetNull)
+  revokeReason      String?
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  ndaAgreement TrustNDAAgreement? @relation("GrantNDA")
+
+  @@index([accessRequestId])
+  @@index([subjectEmail])
+  @@index([status])
+  @@index([expiresAt])
+  @@index([status, expiresAt])
+  @@index([accessToken])
+}
+
+enum TrustAccessRequestStatus {
+  under_review
+  approved
+  denied
+  canceled
+}
+
+enum TrustAccessGrantStatus {
+  active
+  expired
+  revoked
+}
+
+model TrustNDAAgreement {
+  id String @id @default(dbgenerated("generate_prefixed_cuid('tna'::text)"))
+
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+  accessRequestId String
+  accessRequest   TrustAccessRequest @relation("RequestNDA", fields: [accessRequestId], references: [id], onDelete: Cascade)
+
+  grantId String?           @unique
+  grant   TrustAccessGrant? @relation("GrantNDA", fields: [grantId], references: [id], onDelete: SetNull)
+
+  signerName  String?
+  signerEmail String?
+
+  status TrustNDAStatus @default(pending)
+
+  signToken          String   @unique
+  signTokenExpiresAt DateTime
+
+  pdfTemplateKey String?
+  pdfSignedKey   String?
+
+  signedAt DateTime?
+
+  ipAddress String?
+  userAgent String?
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@index([organizationId])
+  @@index([accessRequestId])
+  @@index([signToken])
+  @@index([status])
+}
+
+enum TrustNDAStatus {
+  pending
+  signed
+  void
+}
+
+model TrustDocument {
+  id String @id @default(dbgenerated("generate_prefixed_cuid('tdoc'::text)"))
+
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+  name        String
+  description String?
+  s3Key       String
+
+  isActive Boolean @default(true)
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@index([organizationId])
+  @@index([organizationId, isActive])
 }