remote-codex 0.11.3 → 0.11.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "remote-codex",
-  "version": "0.11.3",
+  "version": "0.11.4",
   "description": "Local web supervisor for Codex workspaces and threads.",
   "license": "MIT",
   "type": "module",
@@ -40,17 +40,56 @@
   },
   "scripts": {
     "dev": "concurrently -k -n api,web -c blue,green \"pnpm --filter @remote-codex/supervisor-api dev\" \"pnpm --filter @remote-codex/supervisor-web dev\"",
+    "dev:control-plane": "pnpm --filter @remote-codex/control-plane-api dev",
     "dev:stop": "node scripts/stop-dev-servers.mjs",
     "dev:reset": "pnpm dev:stop && pnpm dev",
+    "smoke:local-route-token": "tsx scripts/local-route-token-smoke.ts",
+    "smoke:local-worker-checkpoint": "tsx scripts/local-worker-checkpoint-smoke.ts",
+    "smoke:production-auth": "tsx scripts/local-production-auth-smoke.ts",
+    "smoke:harness-admin-contract": "tsx scripts/harness-admin-contract-smoke.ts",
+    "smoke:harness-k8s-secret": "tsx scripts/harness-k8s-secret-smoke.ts",
+    "smoke:provider-gateway": "tsx scripts/provider-gateway-smoke.ts",
+    "smoke:staging-phase-one": "tsx scripts/staging-phase-one-smoke.ts",
+    "collect:harness-integration-evidence": "tsx scripts/collect-harness-integration-evidence.ts",
+    "collect:aws-staging-preflight-evidence": "tsx scripts/collect-aws-staging-preflight-evidence.ts",
+    "collect:phase-zero-six-evidence": "tsx scripts/run-phase-zero-six-staging-evidence.ts",
+    "verify:aws-staging-preflight-evidence": "tsx scripts/verify-aws-staging-preflight-evidence.ts",
+    "verify:staging-phase-one-evidence": "tsx scripts/verify-staging-phase-one-evidence.ts",
+    "verify:phase-zero-six-env-ready": "tsx scripts/verify-phase-zero-six-env-ready.ts",
+    "verify:phase-zero-six-evidence": "tsx scripts/verify-phase-zero-six-evidence.ts",
+    "verify:harness-integration-evidence": "tsx scripts/verify-harness-integration-evidence.ts",
+    "verify:harness-evidence-review": "tsx scripts/verify-harness-evidence-review.ts",
+    "verify:harness-evidence-env": "tsx scripts/verify-harness-evidence-env.ts",
+    "verify:phase-zero-six-artifacts-safe": "tsx scripts/verify-phase-zero-six-artifacts-safe.ts",
+    "verify:github-staging-evidence-env": "tsx scripts/verify-github-staging-evidence-env.ts",
+    "phase-zero-six:env": "pnpm verify:phase-zero-six-env-ready",
+    "phase-zero-six:env:aws": "pnpm verify:phase-zero-six-env-ready -- --skip-staging-smoke",
+    "phase-zero-six:env:report": "pnpm verify:phase-zero-six-env-ready -- --format text --no-fail",
+    "phase-zero-six:env:aws:report": "pnpm verify:phase-zero-six-env-ready -- --skip-staging-smoke --format text --no-fail",
+    "phase-zero-six:template": "pnpm verify:phase-zero-six-env-ready -- --write-env-template ./.temp/phase-zero-six-evidence/phase-zero-six.env.sh",
+    "phase-zero-six:template:aws": "pnpm verify:phase-zero-six-env-ready -- --skip-staging-smoke --write-env-template ./.temp/phase-zero-six-evidence/aws-preflight.env.sh",
+    "phase-zero-six:collect": "pnpm collect:phase-zero-six-evidence -- --output-dir ./.temp/phase-zero-six-evidence/latest",
+    "phase-zero-six:collect:aws": "pnpm collect:phase-zero-six-evidence -- --output-dir ./.temp/phase-zero-six-evidence/latest-aws --skip-staging-smoke",
+    "phase-zero-six:apply": "pnpm collect:phase-zero-six-evidence -- --from-output-dir ./.temp/phase-zero-six-evidence/latest --output-dir ./.temp/phase-zero-six-evidence/latest-apply --apply-ready",
+    "phase-zero-six:apply:aws": "pnpm collect:phase-zero-six-evidence -- --from-output-dir ./.temp/phase-zero-six-evidence/latest-aws --output-dir ./.temp/phase-zero-six-evidence/latest-aws-apply --apply-ready --skip-staging-smoke",
+    "phase-zero-six:audit": "pnpm verify:phase-zero-six-evidence",
+    "phase-zero-six:audit:report": "pnpm verify:phase-zero-six-evidence -- --format text",
+    "phase-zero-six:github-env": "pnpm verify:github-staging-evidence-env",
+    "phase-zero-six:github-env:report": "pnpm verify:github-staging-evidence-env -- --format text --no-fail",
+    "phase-zero-six:github-env:template": "tsx scripts/configure-github-staging-evidence-env.ts --write-template ./.temp/phase-zero-six-evidence/github-staging.env.sh",
+    "phase-zero-six:github-env:configure": "tsx scripts/configure-github-staging-evidence-env.ts",
     "service:start": "node scripts/service-manager.mjs start",
     "service:stop": "node scripts/service-manager.mjs stop",
     "service:status": "node scripts/service-manager.mjs status",
     "service:restart": "node scripts/service-restart.mjs launch",
-    "prepack": "pnpm build",
+    "prepack": "pnpm build:package",
     "build": "pnpm -r --if-present build",
+    "build:package": "pnpm --filter @remote-codex/supervisor-api build && pnpm --filter @remote-codex/relay-server build && pnpm --filter @remote-codex/supervisor-web build",
+    "build:worker-image": "docker build -f Dockerfile.worker -t remote-codex-worker:local .",
     "lint": "pnpm -r --if-present lint",
     "typecheck": "pnpm -r --if-present typecheck",
     "test": "NODE_ENV=test pnpm -r --if-present test",
+    "test:phase-zero-six-evidence": "vitest run scripts/phase-zero-six-evidence.test.ts",
     "test:e2e": "playwright test",
     "db:migrate": "pnpm --filter @remote-codex/db db:migrate",
     "impeccable": "impeccable",

package/packages/agent-runtime/src/types.ts

@@ -227,6 +227,7 @@ export interface ReadAgentSessionOptions {
 export interface StartAgentSessionInput {
   cwd: string;
   model: string;
+  reasoningEffort?: string | null;
   approvalMode: 'yolo' | 'guarded';
   sandboxMode?: 'read-only' | 'workspace-write' | 'danger-full-access' | null;
   performanceMode?: 'standard' | 'fast' | null;
@@ -253,13 +254,13 @@ export interface StartAgentTurnInput {
   providerSessionId: string;
   prompt: string;
   displayPrompt?: string | null;
+  developerInstructions?: string | null;
   model?: string | null;
   reasoningEffort?: string | null;
   collaborationMode?: 'default' | 'plan' | null;
   sandboxMode?: 'read-only' | 'workspace-write' | 'danger-full-access' | null;
   workspacePath?: string | null;
   performanceMode?: 'standard' | 'fast' | null;
-  developerInstructions?: string | null;
   hidden?: boolean;
   displayTurnId?: string | null;
 }

package/packages/codex/src/appServerManager.ts

@@ -387,6 +387,7 @@ export class CodexAppServerManager extends EventEmitter {
     const response = await this.client!.request<{ thread: any; model: string; reasoningEffort?: ReasoningEffort | null; sandbox?: string | null }>('thread/start', {
       cwd: input.cwd,
       model: input.model,
+      effort: input.effort,
       serviceTier: input.serviceTier,
       approvalPolicy: input.approvalPolicy,
       sandbox: input.sandbox ?? null,

package/packages/codex/src/historyItems.test.ts

@@ -84,6 +84,51 @@ describe('codex history item persistence policy', () => {
     });
   });
 
+  it('keeps MCP tool result text extractable for plugin artifacts', () => {
+    const artifactText = [
+      'Created a 3D molecule artifact for Methane.',
+      '',
+      '```remote-codex-artifact',
+      '{"type":"remote-codex.artifact","artifactType":"chemistry.molecule3d","title":"Methane","payload":{"format":"xyz","content":["5\\nmethane example"]}}',
+      '```',
+    ].join('\n');
+
+    const turn = codexTurnToAgentTurn({
+      id: 'turn-1',
+      status: 'completed',
+      error: null,
+      items: [
+        {
+          id: 'mcp-tool-1',
+          type: 'mcpToolCall',
+          status: 'completed',
+          action: {
+            mcpServer: 'remote_codex_plugins',
+            toolName: 'remote_codex_render_molecule',
+          },
+          result: {
+            output: {
+              content: [
+                {
+                  type: 'text',
+                  text: artifactText,
+                },
+              ],
+            },
+          },
+        },
+      ],
+    });
+
+    const toolItem = turn.items[0];
+    expect(toolItem).toMatchObject({
+      kind: 'toolCall',
+      text: 'remote_codex_plugins/remote_codex_render_molecule',
+      detailText: expect.stringContaining('```remote-codex-artifact'),
+    });
+    expect(toolItem?.detailText).toContain('\n```remote-codex-artifact\n');
+  });
+
   it('keeps Codex collab agent tool calls visible while running', () => {
     expect(
       liveCodexItemToHistoryItem(

package/packages/codex/src/historyItems.ts

@@ -191,6 +191,10 @@ function summarizeToolCallText(text: string) {
   return lines.find((line) => line.trim().length > 0) ?? lines[0] ?? 'Tool call';
 }
 
+function containsRemoteCodexArtifact(text: string | null | undefined) {
+  return /```(?:artifact|remote-codex-artifact)\b/i.test(text ?? '');
+}
+
 function deferCommandHistoryItem(
   item: ThreadHistoryItemDto & { kind: 'commandExecution' },
   deferredDetails: Map<string, ThreadHistoryItemDetailDto>,
@@ -305,6 +309,19 @@ function valueFromNestedRecords(
   return null;
 }
 
+function textContentFromMcpToolResult(value: unknown) {
+  if (!isRecord(value) || !Array.isArray(value.content)) {
+    return null;
+  }
+
+  const texts = value.content
+    .map((entry) =>
+      isRecord(entry) && entry.type === 'text' ? stringOrNull(entry.text) : null,
+    )
+    .filter((entry): entry is string => Boolean(entry));
+  return texts.length > 0 ? texts.join('\n\n') : null;
+}
+
 function formatToolCallHistoryItem(
   item: CodexTurnItem,
   deferredDetails?: Map<string, ThreadHistoryItemDetailDto>,
@@ -356,6 +373,7 @@ function formatToolCallHistoryItem(
   const resultPayload = output ?? result;
   const argumentText = safeJsonStringify(argumentPayload);
   const resultText = safeJsonStringify(resultPayload);
+  const resultContentText = textContentFromMcpToolResult(resultPayload);
 
   if (argumentText) {
     detailLines.push('', 'Arguments', argumentText);
@@ -363,6 +381,9 @@ function formatToolCallHistoryItem(
   if (resultText) {
     detailLines.push('', 'Result', resultText);
   }
+  if (resultContentText && resultContentText !== resultText) {
+    detailLines.push('', 'Result Text', resultContentText);
+  }
 
   const historyItem: ThreadHistoryItemDto = {
     id: item.id,
@@ -375,6 +396,7 @@ function formatToolCallHistoryItem(
 
   if (
     deferredDetails &&
+    !containsRemoteCodexArtifact(historyItem.detailText) &&
     (Boolean(argumentText) ||
       Boolean(resultText) ||
       (historyItem.detailText?.length ?? 0) > 240)

package/packages/codex/src/runtimeAdapter.ts

@@ -606,6 +606,9 @@ export class CodexRuntimeAdapter extends EventEmitter implements AgentRuntime {
       model: input.model,
       approvalPolicy: input.approvalMode === 'guarded' ? 'on-request' : 'never',
     };
+    if (input.reasoningEffort !== undefined) {
+      startInput.effort = input.reasoningEffort as ReasoningEffort | null;
+    }
     if (input.sandboxMode !== undefined) {
       startInput.sandbox = input.sandboxMode as SandboxMode | null;
     }
@@ -658,6 +661,9 @@ export class CodexRuntimeAdapter extends EventEmitter implements AgentRuntime {
       threadId: input.providerSessionId,
       prompt: input.prompt,
     };
+    if (input.developerInstructions !== undefined) {
+      turnInput.developerInstructions = input.developerInstructions;
+    }
     if (input.model !== undefined) {
       turnInput.model = input.model;
     }

package/packages/codex/src/types.ts

@@ -293,6 +293,7 @@ export interface CodexThreadGoalRecord {
 export interface ThreadStartInput {
   cwd: string;
   model: string;
+  effort?: ReasoningEffort | null;
   approvalPolicy: 'never' | 'on-request';
   sandbox?: SandboxMode | null;
   serviceTier?: ServiceTier | null;
@@ -317,12 +318,12 @@ export interface ThreadRollbackInput {
 export interface TurnStartInput {
   threadId: string;
   prompt: string;
+  developerInstructions?: string | null;
   model?: string | null;
   effort?: ReasoningEffort | null;
   collaborationMode?: CollaborationModeKind | null;
   sandboxPolicy?: SandboxPolicy | null;
   serviceTier?: ServiceTier | null;
-  developerInstructions?: string | null;
 }
 
 export interface TurnSteerInput {

package/packages/db/migrations/0018_control_plane.sql

@@ -0,0 +1,129 @@
+CREATE TABLE IF NOT EXISTS control_users (
+  id TEXT PRIMARY KEY NOT NULL,
+  auth_provider TEXT NOT NULL,
+  auth_subject TEXT NOT NULL,
+  email TEXT NOT NULL,
+  display_name TEXT,
+  status TEXT NOT NULL DEFAULT 'active',
+  plan TEXT NOT NULL DEFAULT 'developer',
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL,
+  last_seen_at TEXT,
+  UNIQUE(auth_provider, auth_subject)
+);
+
+CREATE TABLE IF NOT EXISTS control_sandboxes (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL UNIQUE,
+  state TEXT NOT NULL,
+  image TEXT NOT NULL,
+  region TEXT NOT NULL,
+  k8s_namespace TEXT,
+  k8s_pod_name TEXT,
+  router_base_url TEXT,
+  worker_service_name TEXT,
+  s3_prefix TEXT NOT NULL,
+  gateway_key_id TEXT,
+  last_started_at TEXT,
+  last_seen_at TEXT,
+  idle_timeout_at TEXT,
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL,
+  FOREIGN KEY(user_id) REFERENCES control_users(id)
+);
+
+CREATE TABLE IF NOT EXISTS control_workspaces (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  sandbox_id TEXT NOT NULL,
+  name TEXT NOT NULL,
+  slug TEXT NOT NULL,
+  path TEXT NOT NULL,
+  source_type TEXT NOT NULL,
+  git_url TEXT,
+  default_branch TEXT,
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL,
+  UNIQUE(sandbox_id, slug),
+  FOREIGN KEY(user_id) REFERENCES control_users(id),
+  FOREIGN KEY(sandbox_id) REFERENCES control_sandboxes(id)
+);
+
+CREATE TABLE IF NOT EXISTS control_sessions (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  sandbox_id TEXT NOT NULL,
+  workspace_id TEXT NOT NULL,
+  provider TEXT NOT NULL,
+  worker_session_id TEXT,
+  title TEXT NOT NULL,
+  status TEXT NOT NULL,
+  last_activity_at TEXT,
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL,
+  FOREIGN KEY(user_id) REFERENCES control_users(id),
+  FOREIGN KEY(sandbox_id) REFERENCES control_sandboxes(id),
+  FOREIGN KEY(workspace_id) REFERENCES control_workspaces(id)
+);
+
+CREATE TABLE IF NOT EXISTS control_gateway_users (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  provider TEXT NOT NULL,
+  external_user_id TEXT NOT NULL,
+  created_at TEXT NOT NULL,
+  UNIQUE(provider, external_user_id),
+  UNIQUE(user_id, provider),
+  FOREIGN KEY(user_id) REFERENCES control_users(id)
+);
+
+CREATE TABLE IF NOT EXISTS control_gateway_keys (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  sandbox_id TEXT NOT NULL,
+  provider TEXT NOT NULL,
+  external_key_id TEXT NOT NULL,
+  key_ciphertext TEXT,
+  status TEXT NOT NULL,
+  created_at TEXT NOT NULL,
+  rotated_at TEXT,
+  revoked_at TEXT,
+  UNIQUE(provider, external_key_id),
+  UNIQUE(sandbox_id, provider),
+  FOREIGN KEY(user_id) REFERENCES control_users(id),
+  FOREIGN KEY(sandbox_id) REFERENCES control_sandboxes(id)
+);
+
+CREATE TABLE IF NOT EXISTS control_usage_events (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  sandbox_id TEXT NOT NULL,
+  workspace_id TEXT,
+  session_id TEXT,
+  gateway_key_id TEXT,
+  provider TEXT NOT NULL,
+  model TEXT NOT NULL,
+  input_tokens INTEGER NOT NULL DEFAULT 0,
+  output_tokens INTEGER NOT NULL DEFAULT 0,
+  cached_tokens INTEGER NOT NULL DEFAULT 0,
+  cost_usd REAL NOT NULL DEFAULT 0,
+  external_request_id TEXT,
+  occurred_at TEXT NOT NULL,
+  imported_at TEXT NOT NULL,
+  FOREIGN KEY(user_id) REFERENCES control_users(id),
+  FOREIGN KEY(sandbox_id) REFERENCES control_sandboxes(id)
+);
+
+CREATE TABLE IF NOT EXISTS control_audit_logs (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT,
+  action TEXT NOT NULL,
+  resource_type TEXT NOT NULL,
+  resource_id TEXT,
+  metadata_json TEXT NOT NULL,
+  created_at TEXT NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS control_workspaces_user_idx ON control_workspaces(user_id);
+CREATE INDEX IF NOT EXISTS control_sessions_workspace_idx ON control_sessions(workspace_id);
+CREATE INDEX IF NOT EXISTS control_usage_user_occurred_idx ON control_usage_events(user_id, occurred_at);

package/packages/db/migrations/0019_control_plane_projects.sql

@@ -0,0 +1,19 @@
+ALTER TABLE control_users ADD COLUMN billing_customer_id TEXT;
+ALTER TABLE control_users ADD COLUMN quota_profile TEXT NOT NULL DEFAULT 'developer';
+ALTER TABLE control_sandboxes ADD COLUMN status_reason TEXT;
+
+CREATE TABLE IF NOT EXISTS control_projects (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  name TEXT NOT NULL,
+  slug TEXT NOT NULL,
+  status TEXT NOT NULL DEFAULT 'active',
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL,
+  UNIQUE(user_id, slug),
+  FOREIGN KEY(user_id) REFERENCES control_users(id)
+);
+
+ALTER TABLE control_workspaces ADD COLUMN project_id TEXT REFERENCES control_projects(id);
+
+CREATE INDEX IF NOT EXISTS control_projects_user_idx ON control_projects(user_id);

package/packages/db/migrations/0020_control_workspace_status.sql

@@ -0,0 +1 @@
+ALTER TABLE control_workspaces ADD COLUMN status TEXT NOT NULL DEFAULT 'active';

package/packages/db/migrations/0021_control_sandbox_lifecycle_fields.sql

@@ -0,0 +1,3 @@
+ALTER TABLE control_sandboxes ADD COLUMN startup_progress INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE control_sandboxes ADD COLUMN last_failure_code TEXT;
+ALTER TABLE control_sandboxes ADD COLUMN last_failure_message TEXT;

package/packages/db/migrations/0022_control_sandbox_resource_profile.sql

@@ -0,0 +1 @@
+ALTER TABLE control_sandboxes ADD COLUMN resource_profile TEXT NOT NULL DEFAULT 'standard';

package/packages/db/migrations/0023_control_usage_import_state.sql

@@ -0,0 +1,18 @@
+CREATE TABLE IF NOT EXISTS control_usage_import_state (
+  id TEXT PRIMARY KEY NOT NULL,
+  provider TEXT NOT NULL,
+  source TEXT NOT NULL,
+  cursor TEXT,
+  last_started_at TEXT,
+  last_succeeded_at TEXT,
+  last_failed_at TEXT,
+  last_failure_message TEXT,
+  last_source_count INTEGER NOT NULL DEFAULT 0,
+  last_imported_count INTEGER NOT NULL DEFAULT 0,
+  last_duplicate_count INTEGER NOT NULL DEFAULT 0,
+  last_failure_count INTEGER NOT NULL DEFAULT 0,
+  updated_at TEXT NOT NULL
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS control_usage_import_state_provider_source_idx
+  ON control_usage_import_state(provider, source);

package/packages/db/migrations/0024_control_auth.sql

@@ -0,0 +1,23 @@
+CREATE TABLE IF NOT EXISTS control_auth_identities (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  auth_provider TEXT NOT NULL,
+  auth_subject TEXT NOT NULL,
+  email TEXT,
+  display_name TEXT,
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL,
+  UNIQUE(auth_provider, auth_subject),
+  FOREIGN KEY(user_id) REFERENCES control_users(id)
+);
+
+CREATE TABLE IF NOT EXISTS control_password_credentials (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL UNIQUE,
+  email TEXT NOT NULL UNIQUE,
+  password_hash TEXT NOT NULL,
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL,
+  last_used_at TEXT,
+  FOREIGN KEY(user_id) REFERENCES control_users(id)
+);

package/packages/db/migrations/0025_control_harness_credentials.sql

@@ -0,0 +1,29 @@
+CREATE TABLE IF NOT EXISTS control_harness_users (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  provider TEXT NOT NULL,
+  external_user_id TEXT NOT NULL,
+  created_at TEXT NOT NULL,
+  UNIQUE(provider, external_user_id),
+  UNIQUE(user_id, provider),
+  FOREIGN KEY(user_id) REFERENCES control_users(id)
+);
+
+CREATE TABLE IF NOT EXISTS control_harness_keys (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  sandbox_id TEXT NOT NULL,
+  provider TEXT NOT NULL,
+  external_key_id TEXT NOT NULL,
+  key_ciphertext TEXT,
+  secret_name TEXT,
+  secret_key TEXT,
+  status TEXT NOT NULL,
+  created_at TEXT NOT NULL,
+  rotated_at TEXT,
+  revoked_at TEXT,
+  UNIQUE(provider, external_key_id),
+  UNIQUE(sandbox_id, provider),
+  FOREIGN KEY(user_id) REFERENCES control_users(id),
+  FOREIGN KEY(sandbox_id) REFERENCES control_sandboxes(id)
+);

package/packages/db/migrations/0026_control_harness_usage_events.sql

@@ -0,0 +1,27 @@
+CREATE TABLE IF NOT EXISTS control_harness_usage_events (
+  id TEXT PRIMARY KEY NOT NULL,
+  user_id TEXT NOT NULL,
+  sandbox_id TEXT NOT NULL,
+  workspace_id TEXT,
+  session_id TEXT,
+  provider TEXT NOT NULL,
+  module TEXT NOT NULL,
+  tool TEXT,
+  run_id TEXT,
+  job_id TEXT,
+  external_event_id TEXT,
+  compute_units REAL NOT NULL DEFAULT 0,
+  cost_usd REAL NOT NULL DEFAULT 0,
+  status TEXT NOT NULL DEFAULT 'unknown',
+  metadata_json TEXT NOT NULL DEFAULT '{}',
+  occurred_at TEXT NOT NULL,
+  imported_at TEXT NOT NULL,
+  FOREIGN KEY(user_id) REFERENCES control_users(id),
+  FOREIGN KEY(sandbox_id) REFERENCES control_sandboxes(id),
+  FOREIGN KEY(workspace_id) REFERENCES control_workspaces(id),
+  FOREIGN KEY(session_id) REFERENCES control_sessions(id)
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS control_harness_usage_provider_event_idx
+  ON control_harness_usage_events(provider, external_event_id)
+  WHERE external_event_id IS NOT NULL;