@vorionsys/contracts 0.1.0 → 0.1.1

package/dist/db/service-accounts.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * Service Accounts Schema
+ *
+ * Database schema for service-to-service authentication accounts
+ * using Drizzle ORM.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serviceTokens = exports.serviceAccountAuditLog = exports.serviceAccountAuditEventEnum = exports.serviceAccounts = exports.serviceAccountStatusEnum = void 0;
+const pg_core_1 = require("drizzle-orm/pg-core");
+// =============================================================================
+// ENUMS
+// =============================================================================
+/**
+ * Service account status enum
+ */
+exports.serviceAccountStatusEnum = (0, pg_core_1.pgEnum)('service_account_status', [
+    'active',
+    'revoked',
+    'suspended',
+]);
+// =============================================================================
+// SERVICE ACCOUNTS TABLE
+// =============================================================================
+/**
+ * Service accounts table - stores service account credentials and metadata
+ */
+exports.serviceAccounts = (0, pg_core_1.pgTable)('service_accounts', {
+    // Primary key
+    id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
+    // Unique client identifier (e.g., svc_abc123...)
+    clientId: (0, pg_core_1.text)('client_id').notNull().unique(),
+    // Hashed client secret (SHA-256)
+    clientSecret: (0, pg_core_1.text)('client_secret').notNull(),
+    // Human-readable name
+    name: (0, pg_core_1.text)('name').notNull(),
+    // Description of the service
+    description: (0, pg_core_1.text)('description'),
+    // Tenant ownership
+    tenantId: (0, pg_core_1.uuid)('tenant_id').notNull(),
+    // Permissions granted to this service
+    permissions: (0, pg_core_1.jsonb)('permissions').$type().notNull().default([]),
+    // Optional IP whitelist for additional security
+    ipWhitelist: (0, pg_core_1.jsonb)('ip_whitelist').$type(),
+    // Status
+    status: (0, exports.serviceAccountStatusEnum)('status').notNull().default('active'),
+    // Timestamps
+    createdAt: (0, pg_core_1.timestamp)('created_at', { withTimezone: true }).notNull().defaultNow(),
+    lastUsedAt: (0, pg_core_1.timestamp)('last_used_at', { withTimezone: true }),
+    secretRotatedAt: (0, pg_core_1.timestamp)('secret_rotated_at', { withTimezone: true }),
+    // User who created the account
+    createdBy: (0, pg_core_1.text)('created_by'),
+    // Additional metadata
+    metadata: (0, pg_core_1.jsonb)('metadata').$type().default({}),
+}, (table) => ({
+    // Unique constraint on client ID for fast lookup
+    clientIdUniqueIdx: (0, pg_core_1.uniqueIndex)('service_accounts_client_id_unique_idx').on(table.clientId),
+    // Index by tenant for listing
+    tenantIdIdx: (0, pg_core_1.index)('service_accounts_tenant_id_idx').on(table.tenantId),
+    // Composite index for listing with status filter
+    tenantStatusIdx: (0, pg_core_1.index)('service_accounts_tenant_status_idx').on(table.tenantId, table.status),
+    // Index for status-based queries
+    statusIdx: (0, pg_core_1.index)('service_accounts_status_idx').on(table.status),
+    // Index for finding accounts by name within tenant
+    tenantNameIdx: (0, pg_core_1.index)('service_accounts_tenant_name_idx').on(table.tenantId, table.name),
+    // Index for audit: recently used accounts
+    lastUsedAtIdx: (0, pg_core_1.index)('service_accounts_last_used_at_idx').on(table.lastUsedAt),
+}));
+// =============================================================================
+// SERVICE ACCOUNT AUDIT LOG TABLE
+// =============================================================================
+/**
+ * Service account audit event types
+ */
+exports.serviceAccountAuditEventEnum = (0, pg_core_1.pgEnum)('service_account_audit_event', [
+    'created',
+    'updated',
+    'revoked',
+    'suspended',
+    'reactivated',
+    'deleted',
+    'secret_rotated',
+    'auth_success',
+    'auth_failure',
+    'permission_denied',
+    'ip_blocked',
+]);
+/**
+ * Service account audit log table - tracks all changes to service accounts
+ */
+exports.serviceAccountAuditLog = (0, pg_core_1.pgTable)('service_account_audit_log', {
+    // Primary key
+    id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
+    // Reference to service account
+    serviceAccountId: (0, pg_core_1.uuid)('service_account_id').notNull(),
+    // Client ID (stored separately for audit even if account deleted)
+    clientId: (0, pg_core_1.text)('client_id').notNull(),
+    // Tenant ID (stored separately for audit)
+    tenantId: (0, pg_core_1.uuid)('tenant_id').notNull(),
+    // Event type
+    event: (0, exports.serviceAccountAuditEventEnum)('event').notNull(),
+    // Actor who performed the action (user ID or system)
+    actorId: (0, pg_core_1.text)('actor_id'),
+    actorType: (0, pg_core_1.text)('actor_type').notNull().default('user'), // 'user', 'system', 'service'
+    // Request context
+    ipAddress: (0, pg_core_1.text)('ip_address'),
+    userAgent: (0, pg_core_1.text)('user_agent'),
+    requestId: (0, pg_core_1.text)('request_id'),
+    // Event details
+    details: (0, pg_core_1.jsonb)('details').$type().default({}),
+    // Previous state (for updates)
+    previousState: (0, pg_core_1.jsonb)('previous_state').$type(),
+    // New state (for updates)
+    newState: (0, pg_core_1.jsonb)('new_state').$type(),
+    // Timestamp
+    timestamp: (0, pg_core_1.timestamp)('timestamp', { withTimezone: true }).notNull().defaultNow(),
+}, (table) => ({
+    // Index for looking up audit by service account
+    serviceAccountIdIdx: (0, pg_core_1.index)('service_account_audit_service_account_id_idx').on(table.serviceAccountId),
+    // Index for looking up audit by client ID (even after deletion)
+    clientIdIdx: (0, pg_core_1.index)('service_account_audit_client_id_idx').on(table.clientId),
+    // Index for tenant-wide audit queries
+    tenantIdIdx: (0, pg_core_1.index)('service_account_audit_tenant_id_idx').on(table.tenantId),
+    // Index for filtering by event type
+    eventIdx: (0, pg_core_1.index)('service_account_audit_event_idx').on(table.event),
+    // Index for time-based queries
+    timestampIdx: (0, pg_core_1.index)('service_account_audit_timestamp_idx').on(table.timestamp),
+    // Composite for tenant + time range queries
+    tenantTimestampIdx: (0, pg_core_1.index)('service_account_audit_tenant_timestamp_idx').on(table.tenantId, table.timestamp),
+    // Composite for service account + event queries
+    serviceAccountEventIdx: (0, pg_core_1.index)('service_account_audit_sa_event_idx').on(table.serviceAccountId, table.event),
+}));
+// =============================================================================
+// SERVICE TOKENS TABLE (Optional - for token tracking/revocation)
+// =============================================================================
+/**
+ * Service tokens table - tracks issued service tokens for revocation support
+ * Optional: Only needed if you want to track and revoke individual tokens
+ */
+exports.serviceTokens = (0, pg_core_1.pgTable)('service_tokens', {
+    // Primary key - the JWT ID (jti)
+    id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
+    // JWT ID for lookup
+    jti: (0, pg_core_1.text)('jti').notNull().unique(),
+    // Reference to service account
+    serviceAccountId: (0, pg_core_1.uuid)('service_account_id')
+        .notNull()
+        .references(() => exports.serviceAccounts.id, { onDelete: 'cascade' }),
+    // Client ID (for queries after account deletion)
+    clientId: (0, pg_core_1.text)('client_id').notNull(),
+    // Tenant ID
+    tenantId: (0, pg_core_1.uuid)('tenant_id').notNull(),
+    // Token metadata
+    issuedAt: (0, pg_core_1.timestamp)('issued_at', { withTimezone: true }).notNull(),
+    expiresAt: (0, pg_core_1.timestamp)('expires_at', { withTimezone: true }).notNull(),
+    // Revocation status
+    revokedAt: (0, pg_core_1.timestamp)('revoked_at', { withTimezone: true }),
+    revokedBy: (0, pg_core_1.text)('revoked_by'),
+    revokedReason: (0, pg_core_1.text)('revoked_reason'),
+    // Request context at issuance
+    issuedIp: (0, pg_core_1.text)('issued_ip'),
+    issuedUserAgent: (0, pg_core_1.text)('issued_user_agent'),
+}, (table) => ({
+    // Unique index on JTI for fast lookup
+    jtiUniqueIdx: (0, pg_core_1.uniqueIndex)('service_tokens_jti_unique_idx').on(table.jti),
+    // Index for service account token queries
+    serviceAccountIdIdx: (0, pg_core_1.index)('service_tokens_service_account_id_idx').on(table.serviceAccountId),
+    // Index for tenant queries
+    tenantIdIdx: (0, pg_core_1.index)('service_tokens_tenant_id_idx').on(table.tenantId),
+    // Index for expiration cleanup
+    expiresAtIdx: (0, pg_core_1.index)('service_tokens_expires_at_idx').on(table.expiresAt),
+    // Index for revocation queries
+    revokedAtIdx: (0, pg_core_1.index)('service_tokens_revoked_at_idx').on(table.revokedAt),
+    // Composite for finding active tokens
+    activeTokensIdx: (0, pg_core_1.index)('service_tokens_active_idx').on(table.serviceAccountId, table.expiresAt, table.revokedAt),
+}));
+//# sourceMappingURL=service-accounts.js.map

package/dist/db/service-accounts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-accounts.js","sourceRoot":"","sources":["../../src/db/service-accounts.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,iDAS6B;AAE7B,gFAAgF;AAChF,QAAQ;AACR,gFAAgF;AAEhF;;GAEG;AACU,QAAA,wBAAwB,GAAG,IAAA,gBAAM,EAAC,wBAAwB,EAAE;IACvE,QAAQ;IACR,SAAS;IACT,WAAW;CACZ,CAAC,CAAC;AAEH,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF;;GAEG;AACU,QAAA,eAAe,GAAG,IAAA,iBAAO,EACpC,kBAAkB,EAClB;IACE,cAAc;IACd,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,iDAAiD;IACjD,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IAE9C,iCAAiC;IACjC,YAAY,EAAE,IAAA,cAAI,EAAC,eAAe,CAAC,CAAC,OAAO,EAAE;IAE7C,sBAAsB;IACtB,IAAI,EAAE,IAAA,cAAI,EAAC,MAAM,CAAC,CAAC,OAAO,EAAE;IAE5B,6BAA6B;IAC7B,WAAW,EAAE,IAAA,cAAI,EAAC,aAAa,CAAC;IAEhC,mBAAmB;IACnB,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,sCAAsC;IACtC,WAAW,EAAE,IAAA,eAAK,EAAC,aAAa,CAAC,CAAC,KAAK,EAAY,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAEzE,gDAAgD;IAChD,WAAW,EAAE,IAAA,eAAK,EAAC,cAAc,CAAC,CAAC,KAAK,EAAY;IAEpD,SAAS;IACT,MAAM,EAAE,IAAA,gCAAwB,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC;IAEtE,aAAa;IACb,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,UAAU,EAAE;IACjF,UAAU,EAAE,IAAA,mBAAS,EAAC,cAAc,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAC7D,eAAe,EAAE,IAAA,mBAAS,EAAC,mBAAmB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAEvE,+BAA+B;IAC/B,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAE7B,sBAAsB;IACtB,QAAQ,EAAE,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,KAAK,EAA2B,CAAC,OAAO,CAAC,EAAE,CAAC;CACzE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,iDAAiD;IACjD,iBAAiB,EAAE,IAAA,qBAAW,EAAC,uCAAuC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAE1F,8BAA8B;IAC9B,WAAW,EAAE,IAAA,eAAK,EAAC,gCAAgC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAEvE,iDAAiD;IACjD,eAAe,EAAE,IAAA,eAAK,EAAC,oCAAoC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC;IAE7F,iCAAiC;IACjC,SAAS,EAAE,IAAA,eAAK,EAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;IAEhE,mDAAmD;IACnD,aAAa,EAAE,IAAA,eAAK,EAAC,kCAAkC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC;IAEvF,0CAA0C;IAC1C,aAAa,EAAE,IAAA,eAAK,EAAC,mCAAmC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC;CAC/E,CAAC,CACH,CAAC;AAEF,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF;;GAEG;AACU,QAAA,4BAA4B,GAAG,IAAA,gBAAM,EAAC,6BAA6B,EAAE;IAChF,SAAS;IACT,SAAS;IACT,SAAS;IACT,WAAW;IACX,aAAa;IACb,SAAS;IACT,gBAAgB;IAChB,cAAc;IACd,cAAc;IACd,mBAAmB;IACnB,YAAY;CACb,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,sBAAsB,GAAG,IAAA,iBAAO,EAC3C,2BAA2B,EAC3B;IACE,cAAc;IACd,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,+BAA+B;IAC/B,gBAAgB,EAAE,IAAA,cAAI,EAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE;IAEtD,kEAAkE;IAClE,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,0CAA0C;IAC1C,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,aAAa;IACb,KAAK,EAAE,IAAA,oCAA4B,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IAEtD,qDAAqD;IACrD,OAAO,EAAE,IAAA,cAAI,EAAC,UAAU,CAAC;IACzB,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,8BAA8B;IAEvF,kBAAkB;IAClB,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAC7B,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAC7B,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAE7B,gBAAgB;IAChB,OAAO,EAAE,IAAA,eAAK,EAAC,SAAS,CAAC,CAAC,KAAK,EAA2B,CAAC,OAAO,CAAC,EAAE,CAAC;IAEtE,+BAA+B;IAC/B,aAAa,EAAE,IAAA,eAAK,EAAC,gBAAgB,CAAC,CAAC,KAAK,EAA2B;IAEvE,0BAA0B;IAC1B,QAAQ,EAAE,IAAA,eAAK,EAAC,WAAW,CAAC,CAAC,KAAK,EAA2B;IAE7D,YAAY;IACZ,SAAS,EAAE,IAAA,mBAAS,EAAC,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,UAAU,EAAE;CACjF,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,gDAAgD;IAChD,mBAAmB,EAAE,IAAA,eAAK,EAAC,8CAA8C,CAAC,CAAC,EAAE,CAC3E,KAAK,CAAC,gBAAgB,CACvB;IAED,gEAAgE;IAChE,WAAW,EAAE,IAAA,eAAK,EAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAE5E,sCAAsC;IACtC,WAAW,EAAE,IAAA,eAAK,EAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAE5E,oCAAoC;IACpC,QAAQ,EAAE,IAAA,eAAK,EAAC,iCAAiC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;IAElE,+BAA+B;IAC/B,YAAY,EAAE,IAAA,eAAK,EAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAE9E,4CAA4C;IAC5C,kBAAkB,EAAE,IAAA,eAAK,EAAC,4CAA4C,CAAC,CAAC,EAAE,CACxE,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,SAAS,CAChB;IAED,gDAAgD;IAChD,sBAAsB,EAAE,IAAA,eAAK,EAAC,oCAAoC,CAAC,CAAC,EAAE,CACpE,KAAK,CAAC,gBAAgB,EACtB,KAAK,CAAC,KAAK,CACZ;CACF,CAAC,CACH,CAAC;AAEF,gFAAgF;AAChF,kEAAkE;AAClE,gFAAgF;AAEhF;;;GAGG;AACU,QAAA,aAAa,GAAG,IAAA,iBAAO,EAClC,gBAAgB,EAChB;IACE,iCAAiC;IACjC,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,oBAAoB;IACpB,GAAG,EAAE,IAAA,cAAI,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IAEnC,+BAA+B;IAC/B,gBAAgB,EAAE,IAAA,cAAI,EAAC,oBAAoB,CAAC;SACzC,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,uBAAe,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAEhE,iDAAiD;IACjD,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,YAAY;IACZ,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,iBAAiB;IACjB,QAAQ,EAAE,IAAA,mBAAS,EAAC,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAClE,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAEpE,oBAAoB;IACpB,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAC1D,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAC7B,aAAa,EAAE,IAAA,cAAI,EAAC,gBAAgB,CAAC;IAErC,8BAA8B;IAC9B,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC;IAC3B,eAAe,EAAE,IAAA,cAAI,EAAC,mBAAmB,CAAC;CAC3C,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,sCAAsC;IACtC,YAAY,EAAE,IAAA,qBAAW,EAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC;IAExE,0CAA0C;IAC1C,mBAAmB,EAAE,IAAA,eAAK,EAAC,uCAAuC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC;IAE9F,2BAA2B;IAC3B,WAAW,EAAE,IAAA,eAAK,EAAC,8BAA8B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAErE,+BAA+B;IAC/B,YAAY,EAAE,IAAA,eAAK,EAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAExE,+BAA+B;IAC/B,YAAY,EAAE,IAAA,eAAK,EAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAExE,sCAAsC;IACtC,eAAe,EAAE,IAAA,eAAK,EAAC,2BAA2B,CAAC,CAAC,EAAE,CACpD,KAAK,CAAC,gBAAgB,EACtB,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,SAAS,CAChB;CACF,CAAC,CACH,CAAC"}

package/dist/db/trust.d.ts

@@ -0,0 +1,437 @@
+/**
+ * Trust Schema
+ *
+ * Database schema for trust records, signals, and history.
+ *
+ * @packageDocumentation
+ */
+/**
+ * Trust level enum (T0-T7)
+ *
+ * 8-tier model:
+ * - 0: T0 Sandbox
+ * - 1: T1 Observed
+ * - 2: T2 Provisional
+ * - 3: T3 Monitored
+ * - 4: T4 Standard
+ * - 5: T5 Trusted
+ * - 6: T6 Certified
+ * - 7: T7 Autonomous
+ */
+export declare const trustLevelEnum: import("drizzle-orm/pg-core").PgEnum<["0", "1", "2", "3", "4", "5", "6", "7"]>;
+/**
+ * Trust records table - current trust state for entities
+ */
+export declare const trustRecords: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "trust_records";
+    schema: undefined;
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "trust_records";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        entityId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "entity_id";
+            tableName: "trust_records";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        score: import("drizzle-orm/pg-core").PgColumn<{
+            name: "score";
+            tableName: "trust_records";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        level: import("drizzle-orm/pg-core").PgColumn<{
+            name: "level";
+            tableName: "trust_records";
+            dataType: "string";
+            columnType: "PgEnumColumn";
+            data: "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7";
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: ["0", "1", "2", "3", "4", "5", "6", "7"];
+            baseColumn: never;
+        }, {}, {}>;
+        behavioralScore: import("drizzle-orm/pg-core").PgColumn<{
+            name: "behavioral_score";
+            tableName: "trust_records";
+            dataType: "number";
+            columnType: "PgReal";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        complianceScore: import("drizzle-orm/pg-core").PgColumn<{
+            name: "compliance_score";
+            tableName: "trust_records";
+            dataType: "number";
+            columnType: "PgReal";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        identityScore: import("drizzle-orm/pg-core").PgColumn<{
+            name: "identity_score";
+            tableName: "trust_records";
+            dataType: "number";
+            columnType: "PgReal";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        contextScore: import("drizzle-orm/pg-core").PgColumn<{
+            name: "context_score";
+            tableName: "trust_records";
+            dataType: "number";
+            columnType: "PgReal";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        signalCount: import("drizzle-orm/pg-core").PgColumn<{
+            name: "signal_count";
+            tableName: "trust_records";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        lastCalculatedAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "last_calculated_at";
+            tableName: "trust_records";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        lastActivityAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "last_activity_at";
+            tableName: "trust_records";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        metadata: import("drizzle-orm/pg-core").PgColumn<{
+            name: "metadata";
+            tableName: "trust_records";
+            dataType: "json";
+            columnType: "PgJsonb";
+            data: {
+                [key: string]: unknown;
+                observabilityClass?: number;
+                attestationProvider?: string;
+                verificationProof?: string;
+                sourceCodeUrl?: string;
+                lastAuditDate?: string;
+            };
+            driverParam: unknown;
+            notNull: false;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        createdAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "created_at";
+            tableName: "trust_records";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        updatedAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "updated_at";
+            tableName: "trust_records";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+/**
+ * Trust signals table - behavioral events affecting trust
+ */
+export declare const trustSignals: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "trust_signals";
+    schema: undefined;
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "trust_signals";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        entityId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "entity_id";
+            tableName: "trust_signals";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        type: import("drizzle-orm/pg-core").PgColumn<{
+            name: "type";
+            tableName: "trust_signals";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        value: import("drizzle-orm/pg-core").PgColumn<{
+            name: "value";
+            tableName: "trust_signals";
+            dataType: "number";
+            columnType: "PgReal";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        weight: import("drizzle-orm/pg-core").PgColumn<{
+            name: "weight";
+            tableName: "trust_signals";
+            dataType: "number";
+            columnType: "PgReal";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        source: import("drizzle-orm/pg-core").PgColumn<{
+            name: "source";
+            tableName: "trust_signals";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        metadata: import("drizzle-orm/pg-core").PgColumn<{
+            name: "metadata";
+            tableName: "trust_signals";
+            dataType: "json";
+            columnType: "PgJsonb";
+            data: Record<string, unknown>;
+            driverParam: unknown;
+            notNull: false;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        timestamp: import("drizzle-orm/pg-core").PgColumn<{
+            name: "timestamp";
+            tableName: "trust_signals";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+/**
+ * Trust history table - significant score changes
+ */
+export declare const trustHistory: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "trust_history";
+    schema: undefined;
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "trust_history";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        entityId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "entity_id";
+            tableName: "trust_history";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        score: import("drizzle-orm/pg-core").PgColumn<{
+            name: "score";
+            tableName: "trust_history";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        previousScore: import("drizzle-orm/pg-core").PgColumn<{
+            name: "previous_score";
+            tableName: "trust_history";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: false;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        level: import("drizzle-orm/pg-core").PgColumn<{
+            name: "level";
+            tableName: "trust_history";
+            dataType: "string";
+            columnType: "PgEnumColumn";
+            data: "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7";
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: ["0", "1", "2", "3", "4", "5", "6", "7"];
+            baseColumn: never;
+        }, {}, {}>;
+        previousLevel: import("drizzle-orm/pg-core").PgColumn<{
+            name: "previous_level";
+            tableName: "trust_history";
+            dataType: "string";
+            columnType: "PgEnumColumn";
+            data: "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7";
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            enumValues: ["0", "1", "2", "3", "4", "5", "6", "7"];
+            baseColumn: never;
+        }, {}, {}>;
+        reason: import("drizzle-orm/pg-core").PgColumn<{
+            name: "reason";
+            tableName: "trust_history";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        signalId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "signal_id";
+            tableName: "trust_history";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+        timestamp: import("drizzle-orm/pg-core").PgColumn<{
+            name: "timestamp";
+            tableName: "trust_history";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+export type TrustRecord = typeof trustRecords.$inferSelect;
+export type NewTrustRecord = typeof trustRecords.$inferInsert;
+export type TrustSignal = typeof trustSignals.$inferSelect;
+export type NewTrustSignal = typeof trustSignals.$inferInsert;
+export type TrustHistory = typeof trustHistory.$inferSelect;
+export type NewTrustHistory = typeof trustHistory.$inferInsert;
+//# sourceMappingURL=trust.d.ts.map

package/dist/db/trust.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust.d.ts","sourceRoot":"","sources":["../../src/db/trust.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,cAAc,gFAAkE,CAAC;AAE9F;;GAEG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCA4BE,MAAM;sCACL,MAAM;oCACR,MAAM;gCACV,MAAM;gCACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiB3B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA8BxB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA8BxB,CAAC;AAGF,MAAM,MAAM,WAAW,GAAG,OAAO,YAAY,CAAC,YAAY,CAAC;AAC3D,MAAM,MAAM,cAAc,GAAG,OAAO,YAAY,CAAC,YAAY,CAAC;AAC9D,MAAM,MAAM,WAAW,GAAG,OAAO,YAAY,CAAC,YAAY,CAAC;AAC3D,MAAM,MAAM,cAAc,GAAG,OAAO,YAAY,CAAC,YAAY,CAAC;AAC9D,MAAM,MAAM,YAAY,GAAG,OAAO,YAAY,CAAC,YAAY,CAAC;AAC5D,MAAM,MAAM,eAAe,GAAG,OAAO,YAAY,CAAC,YAAY,CAAC"}