@trycompai/db 1.3.18 → 1.3.19-canary.3

package/dist/schema.prisma

@@ -53,14 +53,16 @@ enum AttachmentType {
 
 // ===== auth.prisma =====
 model User {
-  id            String    @id @default(dbgenerated("generate_prefixed_cuid('usr'::text)"))
-  name          String
-  email         String
-  emailVerified Boolean
-  image         String?
-  createdAt     DateTime  @default(now())
-  updatedAt     DateTime  @updatedAt
-  lastLogin     DateTime?
+  id                             String    @id @default(dbgenerated("generate_prefixed_cuid('usr'::text)"))
+  name                           String
+  email                          String
+  emailVerified                  Boolean
+  image                          String?
+  createdAt                      DateTime  @default(now())
+  updatedAt                      DateTime  @updatedAt
+  lastLogin                      DateTime?
+  emailNotificationsUnsubscribed Boolean   @default(false)
+  emailPreferences               Json?     @default("{\"policyNotifications\":true,\"taskReminders\":true,\"weeklyTaskDigest\":true,\"unassignedItemsNotifications\":true}")
 
   accounts           Account[]
   auditLog           AuditLog[]
@@ -147,12 +149,13 @@ model Member {
 
   department                      Departments                       @default(none)
   isActive                        Boolean                           @default(true)
-    deactivated                     Boolean                           @default(false)
+  deactivated                     Boolean                           @default(false)
   employeeTrainingVideoCompletion EmployeeTrainingVideoCompletion[]
   fleetDmLabelId                  Int?
 
   assignedPolicies       Policy[]             @relation("PolicyAssignee") // Policies where this member is an assignee
   approvedPolicies       Policy[]             @relation("PolicyApprover") // Policies where this member is an approver
+  approvedSOADocuments   SOADocument[]        @relation("SOADocumentApprover") // SOA documents where this member is an approver
   risks                  Risk[]
   tasks                  Task[]
   vendors                Vendor[]
@@ -173,16 +176,17 @@ model Invitation {
   expiresAt      DateTime
   inviterId      String
   user           User         @relation(fields: [inviterId], references: [id], onDelete: Cascade)
+  createdAt      DateTime     @default(now())
 }
 
 // This is only for the app to consume, shouldn't be enforced by DB
 // Otherwise it won't work with Better Auth, as per https://www.better-auth.com/docs/plugins/organization#access-control
 enum Role {
-    owner
-    admin
-    auditor
-    employee
-    contractor
+  owner
+  admin
+  auditor
+  employee
+  contractor
 }
 
 enum PolicyStatus {
@@ -392,6 +396,8 @@ model FrameworkEditorFramework {
 
   requirements       FrameworkEditorRequirement[]
   frameworkInstances FrameworkInstance[]
+  soaConfigurations  SOAFrameworkConfiguration[] // Multiple SOA config versions per framework
+  soaDocuments       SOADocument[] // SOA documents from organizations
 
   // Dates
   createdAt DateTime @default(now())
@@ -522,15 +528,15 @@ model IntegrationResult {
 
 // ===== knowledge-base-document.prisma =====
 model KnowledgeBaseDocument {
-  id             String   @id @default(dbgenerated("generate_prefixed_cuid('kbd'::text)"))
-  name           String   // Original filename
-  description    String?  // Optional user description/notes
-  s3Key          String   // S3 storage key (e.g., "org123/knowledge-base-documents/timestamp-file.pdf")
-  fileType       String   // MIME type (e.g., "application/pdf")
-  fileSize       Int      // File size in bytes
+  id               String                                @id @default(dbgenerated("generate_prefixed_cuid('kbd'::text)"))
+  name             String // Original filename
+  description      String? // Optional user description/notes
+  s3Key            String // S3 storage key (e.g., "org123/knowledge-base-documents/timestamp-file.pdf")
+  fileType         String // MIME type (e.g., "application/pdf")
+  fileSize         Int // File size in bytes
   processingStatus KnowledgeBaseDocumentProcessingStatus @default(pending) // Track indexing status
-  processedAt    DateTime? // When indexing completed
-  triggerRunId   String?  // Trigger.dev run ID for tracking processing progress
+  processedAt      DateTime? // When indexing completed
+  triggerRunId     String? // Trigger.dev run ID for tracking processing progress
 
   // Dates
   createdAt DateTime @default(now())
@@ -547,14 +553,13 @@ model KnowledgeBaseDocument {
 }
 
 enum KnowledgeBaseDocumentProcessingStatus {
-  pending     // Uploaded but not yet processed/indexed
-  processing  // Currently being processed/indexed
-  completed   // Successfully indexed in vector database
-  failed      // Processing failed
+  pending // Uploaded but not yet processed/indexed
+  processing // Currently being processed/indexed
+  completed // Successfully indexed in vector database
+  failed // Processing failed
 }
 
 
-
 // ===== onboarding.prisma =====
 model Onboarding {
   organizationId        String       @id
@@ -594,29 +599,31 @@ model Organization {
   fleetDmLabelId        Int?
   isFleetSetupCompleted Boolean @default(false)
 
-  apiKeys             ApiKey[]
-  auditLog            AuditLog[]
-  controls            Control[]
-  frameworkInstances  FrameworkInstance[]
-  integrations        Integration[]
-  invitations         Invitation[]
-  members             Member[]
-  policy              Policy[]
-  risk                Risk[]
-  vendors             Vendor[]
-  tasks               Task[]
-  comments            Comment[]
-  attachments         Attachment[]
-  trust               Trust[]
-  context             Context[]
-  secrets             Secret[]
-  trustAccessRequests TrustAccessRequest[]
-  trustNdaAgreements  TrustNDAAgreement[]
-  trustDocuments      TrustDocument[]
-  knowledgeBaseDocuments KnowledgeBaseDocument[]
-  questionnaires         Questionnaire[]
+  apiKeys                            ApiKey[]
+  auditLog                           AuditLog[]
+  controls                           Control[]
+  frameworkInstances                 FrameworkInstance[]
+  integrations                       Integration[]
+  invitations                        Invitation[]
+  members                            Member[]
+  policy                             Policy[]
+  risk                               Risk[]
+  vendors                            Vendor[]
+  tasks                              Task[]
+  comments                           Comment[]
+  attachments                        Attachment[]
+  trust                              Trust[]
+  context                            Context[]
+  secrets                            Secret[]
+  trustAccessRequests                TrustAccessRequest[]
+  trustNdaAgreements                 TrustNDAAgreement[]
+  trustDocuments                     TrustDocument[]
+  trustResources                     TrustResource[] @relation("OrganizationTrustResources")
+  knowledgeBaseDocuments             KnowledgeBaseDocument[]
+  questionnaires                     Questionnaire[]
   securityQuestionnaireManualAnswers SecurityQuestionnaireManualAnswer[]
-
+  soaDocuments                       SOADocument[]
+  primaryColor                       String?
   @@index([slug])
 }
 
@@ -665,15 +672,15 @@ model Policy {
 
 // ===== questionnaire.prisma =====
 model Questionnaire {
-  id             String   @id @default(dbgenerated("generate_prefixed_cuid('qst'::text)"))
-  filename       String   // Original filename
-  s3Key          String   // S3 storage key for the uploaded file
-  fileType       String   // MIME type (e.g., "application/pdf")
-  fileSize       Int      // File size in bytes
-  status         QuestionnaireStatus @default(parsing) // Parsing status
-  parsedAt       DateTime? // When parsing completed
-  totalQuestions Int      @default(0) // Total number of questions parsed
-  answeredQuestions Int   @default(0) // Number of questions with answers
+  id                String              @id @default(dbgenerated("generate_prefixed_cuid('qst'::text)"))
+  filename          String // Original filename
+  s3Key             String // S3 storage key for the uploaded file
+  fileType          String // MIME type (e.g., "application/pdf")
+  fileSize          Int // File size in bytes
+  status            QuestionnaireStatus @default(parsing) // Parsing status
+  parsedAt          DateTime? // When parsing completed
+  totalQuestions    Int                 @default(0) // Total number of questions parsed
+  answeredQuestions Int                 @default(0) // Number of questions with answers
 
   // Dates
   createdAt DateTime @default(now())
@@ -681,7 +688,7 @@ model Questionnaire {
 
   // Relationships
   organizationId String
-  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  organization   Organization                        @relation(fields: [organizationId], references: [id], onDelete: Cascade)
   questions      QuestionnaireQuestionAnswer[]
   manualAnswers  SecurityQuestionnaireManualAnswer[] // Manual answers saved from this questionnaire
 
@@ -691,14 +698,14 @@ model Questionnaire {
 }
 
 model QuestionnaireQuestionAnswer {
-  id             String   @id @default(dbgenerated("generate_prefixed_cuid('qqa'::text)"))
-  question       String   // The question text
-  answer          String?  // The answer (nullable if not provided in file or not generated yet)
-  status          QuestionnaireAnswerStatus @default(untouched) // Answer status
-  questionIndex   Int      // Order/index of the question in the questionnaire
-  sources         Json?    // Sources used for generated answers (array of source objects)
-  generatedAt     DateTime? // When answer was generated (if status is generated)
-  updatedBy       String?  // User ID who last updated the answer (if manual)
+  id            String                    @id @default(dbgenerated("generate_prefixed_cuid('qqa'::text)"))
+  question      String // The question text
+  answer        String? // The answer (nullable if not provided in file or not generated yet)
+  status        QuestionnaireAnswerStatus @default(untouched) // Answer status
+  questionIndex Int // Order/index of the question in the questionnaire
+  sources       Json? // Sources used for generated answers (array of source objects)
+  generatedAt   DateTime? // When answer was generated (if status is generated)
+  updatedBy     String? // User ID who last updated the answer (if manual)
 
   // Dates
   createdAt DateTime @default(now())
@@ -714,19 +721,18 @@ model QuestionnaireQuestionAnswer {
 }
 
 enum QuestionnaireStatus {
-  parsing    // Currently being parsed
-  completed  // Successfully parsed
-  failed     // Parsing failed
+  parsing // Currently being parsed
+  completed // Successfully parsed
+  failed // Parsing failed
 }
 
 enum QuestionnaireAnswerStatus {
-  untouched  // No answer yet (empty or not generated)
-  generated  // AI generated answer
-  manual     // Manually written/edited by user
+  untouched // No answer yet (empty or not generated)
+  generated // AI generated answer
+  manual // Manually written/edited by user
 }
 
 
-
 // ===== requirement.prisma =====
 model RequirementMap {
   id String @id @default(dbgenerated("generate_prefixed_cuid('req'::text)"))
@@ -827,36 +833,35 @@ model Secret {
 
 // ===== security-questionnaire-manual-answer.prisma =====
 model SecurityQuestionnaireManualAnswer {
-  id             String   @id @default(dbgenerated("generate_prefixed_cuid('sqma'::text)"))
-  question       String   // The question text
-  answer         String   // The answer text (required for saved answers)
-  tags           String[] @default([]) // Optional tags for categorization
-  
+  id       String   @id @default(dbgenerated("generate_prefixed_cuid('sqma'::text)"))
+  question String // The question text
+  answer   String // The answer text (required for saved answers)
+  tags     String[] @default([]) // Optional tags for categorization
+
   // Optional reference to original questionnaire (for tracking)
   sourceQuestionnaireId String?
   sourceQuestionnaire   Questionnaire? @relation(fields: [sourceQuestionnaireId], references: [id], onDelete: SetNull)
-  
+
   // User who created/updated this answer
-  createdBy      String?  // User ID
-  updatedBy      String?  // User ID
-  
+  createdBy String? // User ID
+  updatedBy String? // User ID
+
   // Dates
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
-  
+
   // Relationships
   organizationId String
   organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-  
+
+  @@unique([organizationId, question]) // Prevent duplicate questions per organization
   @@index([organizationId])
   @@index([organizationId, question])
   @@index([tags])
   @@index([createdAt])
-  @@unique([organizationId, question]) // Prevent duplicate questions per organization
 }
 
 
-
 // ===== shared.prisma =====
 model ApiKey {
   id         String    @id @default(dbgenerated("generate_prefixed_cuid('apk'::text)"))
@@ -965,6 +970,143 @@ enum Impact {
 }
 
 
+// ===== soa.prisma =====
+// Statement of Applicability (SOA) Auto-complete Configuration and Answers
+
+model SOAFrameworkConfiguration {
+  id          String                   @id @default(dbgenerated("generate_prefixed_cuid('soa_cfg'::text)"))
+  frameworkId String
+  framework   FrameworkEditorFramework @relation(fields: [frameworkId], references: [id], onDelete: Cascade)
+
+  // Configuration versioning - allows multiple configurations per framework
+  version  Int     @default(1) // Version number for this configuration (increments when config changes)
+  isLatest Boolean @default(true) // Whether this is the latest configuration version
+
+  // Column definitions for SOA structure (template used when creating new documents)
+  columns Json // Array of { name: string, type: string } objects
+  // Example: [{ name: "Control ID", type: "string" }, { name: "Control Name", type: "string" }, { name: "Applicable", type: "boolean" }, { name: "Justification", type: "text" }]
+
+  // Predefined questions for this framework
+  // Documents reference a specific configuration version via SOADocument.configurationId
+  // Old documents keep their old config version, new documents use new config version
+  questions Json // Array of question objects with unique IDs
+  // Example: [{ id: "A.5.1.1", text: "Is this control applicable?", columnMapping: "Applicable", controlId: "A.5.1.1" }, ...]
+  // IMPORTANT: question.id must be unique and stable - this is what SOAAnswer.questionId references
+
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  // Relationships
+  documents SOADocument[]
+
+  @@unique([frameworkId, version]) // Prevent duplicate configuration versions
+  @@index([frameworkId])
+  @@index([frameworkId, version])
+  @@index([frameworkId, isLatest])
+}
+
+model SOADocument {
+  id String @id @default(dbgenerated("generate_prefixed_cuid('soa_doc'::text)"))
+
+  // Framework and organization context
+  frameworkId    String
+  framework      FrameworkEditorFramework @relation(fields: [frameworkId], references: [id], onDelete: Cascade)
+  organizationId String
+  organization   Organization             @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+  // Configuration reference - references a specific SOAFrameworkConfiguration version
+  // Each document version can use a different configuration version
+  // Old documents keep their old config, new documents use new config
+  configurationId String
+  configuration   SOAFrameworkConfiguration @relation(fields: [configurationId], references: [id], onDelete: Cascade)
+
+  // Document versioning
+  version  Int     @default(1) // Version number for this document (increments yearly)
+  isLatest Boolean @default(true) // Whether this is the latest version
+
+  // Document status
+  status SOADocumentStatus @default(draft) // draft, in_progress, completed
+
+  // Document metadata
+  totalQuestions    Int @default(0) // Total number of questions in this document
+  answeredQuestions Int @default(0) // Number of questions with answers
+
+  // Approval tracking
+  preparedBy String  @default("Comp AI") // Always "Comp AI"
+  approverId String? // Member ID who will approve this document (set when submitted for approval)
+  approver   Member? @relation("SOADocumentApprover", fields: [approverId], references: [id], onDelete: SetNull, onUpdate: Cascade)
+  approvedAt DateTime? // When document was approved
+
+  // Dates
+  completedAt DateTime? // When document was completed
+  createdAt   DateTime  @default(now())
+  updatedAt   DateTime  @updatedAt
+
+  // Relationships
+  answers SOAAnswer[]
+
+  @@unique([frameworkId, organizationId, version]) // Prevent duplicate versions
+  @@index([frameworkId, organizationId])
+  @@index([frameworkId, organizationId, version])
+  @@index([frameworkId, organizationId, isLatest])
+  @@index([configurationId])
+  @@index([status])
+}
+
+model SOAAnswer {
+  id String @id @default(dbgenerated("generate_prefixed_cuid('soa_ans'::text)"))
+
+  // Document context (replaces direct framework/organization link)
+  documentId String
+  document   SOADocument @relation(fields: [documentId], references: [id], onDelete: Cascade)
+
+  // Question reference - references question.id from SOADocument.configuration.questions
+  // References the specific configuration version that the document uses
+  // If config changes, old documents still reference their old config version
+  questionId String // Must match a question.id from SOADocument.configuration.questions
+
+  // Answer data - simple text answer
+  answer String? // Text answer (nullable if not generated yet)
+
+  // Answer metadata
+  status      SOAAnswerStatus @default(untouched) // untouched, generated, manual
+  sources     Json? // Sources used for generated answers (similar to questionnaire)
+  generatedAt DateTime? // When answer was generated
+
+  // Answer versioning (within the document)
+  answerVersion  Int     @default(1) // Version number for this specific answer
+  isLatestAnswer Boolean @default(true) // Whether this is the latest version of this answer
+
+  // User tracking
+  createdBy String? // User ID who created this answer
+  updatedBy String? // User ID who last updated this answer
+
+  // Dates
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@unique([documentId, questionId, answerVersion]) // Prevent duplicate answer versions
+  @@index([documentId])
+  @@index([documentId, questionId])
+  @@index([documentId, questionId, isLatestAnswer])
+  @@index([status])
+}
+
+enum SOADocumentStatus {
+  draft // Document is being created/edited
+  in_progress // Document is being generated
+  needs_review // Document is submitted for approval
+  completed // Document is complete and approved
+}
+
+enum SOAAnswerStatus {
+  untouched // No answer yet (not generated)
+  generated // AI generated answer
+  manual // Manually written/edited by user
+}
+
+
 // ===== task.prisma =====
 model Task {
   // Metadata
@@ -1067,6 +1209,33 @@ enum FrameworkStatus {
   compliant
 }
 
+enum TrustFramework {
+  iso_27001
+  iso_42001
+  gdpr
+  hipaa
+  soc2_type1
+  soc2_type2
+  pci_dss
+  nen_7510
+  iso_9001
+}
+
+model TrustResource {
+  id             String         @id @default(dbgenerated("generate_prefixed_cuid('tcr'::text)"))
+  organizationId String
+  organization   Organization   @relation("OrganizationTrustResources", fields: [organizationId], references: [id], onDelete: Cascade)
+  framework      TrustFramework
+  s3Key          String
+  fileName       String
+  fileSize       Int
+  createdAt      DateTime       @default(now())
+  updatedAt      DateTime       @updatedAt
+
+  @@unique([organizationId, framework])
+  @@index([organizationId])
+}
+
 model TrustAccessRequest {
   id             String       @id @default(dbgenerated("generate_prefixed_cuid('tar'::text)"))
   organizationId String

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@trycompai/db",
   "description": "Database package with Prisma client and schema for Comp AI",
-  "version": "1.3.18",
+  "version": "1.3.19-canary.3",
   "dependencies": {
     "@prisma/client": "^6.13.0",
     "dotenv": "^16.4.5",