d26b67ebc3
Introduce company_secrets and company_secret_versions tables for encrypted secret storage. Add EnvBinding discriminated union (plain vs secret_ref) to replace raw string env values in adapter configs. Add hiddenAt column to issues for soft-hiding. Improve migration system with journal-ordered application and manual fallback when Drizzle migrator can't reconcile history. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
26 lines
1.2 KiB
TypeScript
26 lines
1.2 KiB
TypeScript
import { pgTable, uuid, text, timestamp, integer, index, uniqueIndex } from "drizzle-orm/pg-core";
|
|
import { companies } from "./companies.js";
|
|
import { agents } from "./agents.js";
|
|
|
|
export const companySecrets = pgTable(
|
|
"company_secrets",
|
|
{
|
|
id: uuid("id").primaryKey().defaultRandom(),
|
|
companyId: uuid("company_id").notNull().references(() => companies.id),
|
|
name: text("name").notNull(),
|
|
provider: text("provider").notNull().default("local_encrypted"),
|
|
externalRef: text("external_ref"),
|
|
latestVersion: integer("latest_version").notNull().default(1),
|
|
description: text("description"),
|
|
createdByAgentId: uuid("created_by_agent_id").references(() => agents.id, { onDelete: "set null" }),
|
|
createdByUserId: text("created_by_user_id"),
|
|
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(),
|
|
},
|
|
(table) => ({
|
|
companyIdx: index("company_secrets_company_idx").on(table.companyId),
|
|
companyProviderIdx: index("company_secrets_company_provider_idx").on(table.companyId, table.provider),
|
|
companyNameUq: uniqueIndex("company_secrets_company_name_uq").on(table.companyId, table.name),
|
|
}),
|
|
);
|