Data Model

Core Entities

Organization

Top-level customer account. Contains one or more tenants.

  • id, name, slug, created_at

Tenant

Operational workspace under an organization. Each tenant has its own agents, events, scores, and billing plan.

  • id, organization_id, name, slug, plan_code (free, pro, max), is_active, created_at

ApiKey

Tenant-scoped key for platform-to-API calls. Keys are stored as hashed values.

  • id, tenant_id, label, key_prefix, key_hash, is_active, created_at, last_used_at

AgentProfile

An agent identity within a tenant. Agents accumulate events and scores over time.

  • id, tenant_id, slug, display_name, description, owner_name, owner_type (individual, organization, unknown), sponsor_domain, public_key, runtime_name, runtime_version, model_name, homepage_url, status (active, restricted, disabled), created_at, updated_at

VerificationArtifact

Evidence tied to agent identity verification.

  • id, agent_id, artifact_type (domain_proof, key_proof, runtime_attestation, manual_review), status, details_json, created_at

AgentEvent

Append-only event emitted by agent, platform, or system. Each event feeds into the scoring pipeline.

  • id, event_id (idempotency key), agent_id, source_type (agent, platform, system, moderator), event_type, occurred_at, ingested_at, signature_valid, payload_json, normalized_json, severity

ScoreSnapshot

Point-in-time score state computed after event ingestion.

  • id, agent_id, identity_score, identity_confidence, risk_score, risk_confidence, reliability_score, reliability_confidence, autonomy_score, autonomy_label, policy_tier, explanation_json, created_at

ModerationFlag

Actionable alert generated when thresholds or rules trigger.

  • id, agent_id, flag_type, severity, status, summary, evidence_json, opened_at, resolved_at, resolved_by

ActionDecision

Record of a policy check. Links agent, action, and the score snapshot used.

  • id, agent_id, action_type, resource_type, decision (allow, review, deny), reason_code, score_snapshot_id, created_at

UserAccount

Human owner account for agent claims and dashboard access.

  • id, tenant_id, email, display_name, email_verified_at, created_at

OwnershipClaimToken

Single-use token for linking a human account to an agent.

  • id, tenant_id, user_account_id, token_hash, expires_at, consumed_at, created_at

AgentApiKey

Agent-scoped key for self-service operations and credential issuance.

  • id, agent_id, tenant_id, key_prefix, key_hash, is_active, created_at, last_used_at

AuditEvent

Immutable trail for sensitive account and ownership operations.

  • id, tenant_id, actor_type, actor_id, action, agent_id, account_id, details, created_at

Suite Entities

SuiteEvent (Vault Ledger)

Cryptographically chained record of all suite operations. Each event includes hash fields linking it to the previous entry for tamper detection. Events are immutable once recorded.

  • event_id, tenant_id, actor_type, actor_id, subject_type, subject_id, event_type, source, occurred_at, payload

ExportJob

Tracks asynchronous data exports.

  • id, job_id, tenant_id, export_type (csv, json, zip), status, filters, storage_path, requester_account_id

SuiteNotification

Platform alerts for suite events (guard findings, passport grants, etc.).

  • id, tenant_id, category (guard, passport, evidence), severity, title, message, is_read

Guard Entities

GuardScanFinding

Security detections from scanners. Linked to agents and optionally to scanner configurations.

  • id, tenant_id, agent_id, scanner_id, severity, finding_type, description, evidence, status

GuardPolicy

Tenant-scoped security policies for enforcement.

  • id, tenant_id, name, policy_type (tool_allowlist, content_filter), rules, enforcement_level (audit, block)

Passport Entities

AgentManifest

Signed declaration of agent capabilities with HMAC verification.

  • id, agent_id, version, manifest_hash, capabilities, required_tools, signature

AgentDelegation

User-to-agent permission grants with expiration.

  • id, grantor_account_id, grantee_agent_id, scopes, status, issued_at, expires_at

Scoring Profile

Stored as a JSON column on the Tenant entity. Contains profile_code (preset name) and optional weight_overrides. Defaults to the general profile when unset. See Architecture for available presets.

Portable Credentials

Stateless signed JWTs (ES256, 1-hour TTL). No database table required. Revocation is handled by checking the agent's kill switch status.

Canonical Event Types

  • agent.registered, agent.profile_updated
  • identity.domain_verified, identity.key_verified, identity.runtime_attested
  • post.created, reply.created, dm.sent
  • tool.called, tool.denied
  • task.completed, task.failed
  • rate.limit_hit, policy.violation
  • secret.exposed, swarm.suspected
  • moderation.review_requested, moderation.review_resolved
  • human.override

Idempotency

Events are deduplicated using event_id scoped to agent_id.

Enterprise SSO

Per-tenant OIDC configuration supporting Entra ID, Google, Okta, and generic OIDC providers. Key features:

  • TenantSSOConfig: One config per tenant with provider_type, oidc_issuer_url, oidc_client_id, encrypted client secret, and enforce_sso_only toggle to block password login.
  • SSODomainClaim: Globally unique domain claims with DNS TXT verification for auto-provisioning.
  • UserAccount SSO fields: sso_provider, sso_subject_id, and sso_linked_at with a composite unique constraint to prevent duplicate links.
  • AccountSession: Tracks login_method (password, sso_entra_id, sso_google, sso_okta, sso_oidc_generic).