Skip to main content

Table reference

The data lake tables are organized across 8 domains, kept in sync with the platform's source systems. This page documents the full schema for every table, organized by domain.

Common columns

Most tables share system columns that are omitted from the per-table schemas below:

ColumnTypeDescription
nrnStringNRN for row-level access control
_versionUInt64Replication version
_deletedUInt8Soft-delete flag, 1 = deleted
_synced_atDateTime64Last sync timestamp

Always add WHERE _deleted = 0 to exclude soft-deleted rows. Exception: audit_events uses a different engine and has no _deleted column.

Domain index

DomainTablesDescription
Audit1Immutable log of every API operation
Auth5Users, roles, API keys, and access grants
Core22Resource hierarchy, builds, releases, deployments, and runtime configuration
Approvals18Approval policies, requests, replies, and entity hooks
Governance4Action items, categories, suggestions, and measurement units
Parameters3Configuration parameters, values, and versions
SCM2Repositories and commits from source control providers
Services7Service catalog, instances, links, actions, and parameter bindings

Audit

Centralized, immutable record of every API event executed on the platform. Each row represents an individual operation performed by a user or service. This is the primary source for security audits, change traceability, and activity analysis.

audit_events

Main audit table. Each row is an immutable event representing a request processed by the platform. Partitioned by day and sorted by NRN and date for efficient queries by resource and time range.

Engine: ReplicatedMergeTree | Sorting key: nrn, date | Partition key: toYYYYMMDD(date)

ColumnTypeDescription
entityStringEntity type affected (e.g. application, namespace, deployment, parameter, scope)
methodStringHTTP method of the operation (GET, POST, PUT, PATCH, DELETE)
request_bodyJSON(max_dynamic_paths=0)Full JSON payload of the incoming request
statusInt16HTTP response code (200, 201, 400, 403, 500, etc.)
urlStringFull endpoint URL including path and query string
ipsStringClient IP address(es); may contain multiple comma-separated IPs if proxies are involved
headersJSON(max_dynamic_paths=0)HTTP request headers (the Authorization header is omitted for security)
authJSON(max_dynamic_paths=0)Authentication context: JWT token claims, credential type, and authorized scopes
organization_idStringID of the organization that performed the operation; references core_entities_organization.org_id
applicationStringName or identifier of the application in context
scopeStringOAuth/JWT scope of the token used (e.g. openid email phone)
entity_idStringID of the specific entity that was created, modified, or deleted
user_idStringID of the actor who executed the action; references auth_user.id
dateDateTime64(3, 'UTC')Event timestamp with millisecond precision in UTC
response_bodyJSON(max_dynamic_paths=0)Full JSON payload of the response sent to the client
entity_contextJSON(max_dynamic_paths=0)Additional entity state at the time of the operation (useful for reconstructing context)
user_emailStringEmail of the user who executed the action
user_typeStringActor type: human for users, service for API keys/service accounts
organization_nameStringHuman-readable organization name
organization_slugStringURL-safe organization slug
request_body_fieldsJSON(max_dynamic_paths=0)Specific request body fields indexed for optimized searches
entity_dataJSON(max_dynamic_paths=0)Additional structured data about the affected entity at the time of the event

Relationships:

  • organization_id references core_entities_organization.org_id, identifying the organization that originated the event
  • user_id references auth_user.id, identifying the actor who executed the action
  • entity_id + entity references the ID in the corresponding domain table (e.g. if entity='application', references core_entities_application.app_id)

Auth

Authentication and authorization tables: platform users, available roles, issued API keys, and the grants that assign roles to users on specific resources.

auth_apikey

API keys issued for programmatic access to the platform. They allow external services or automations to authenticate without user credentials.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique API key identifier
nameNullable(String)Human-readable label describing the purpose of the key
organization_idNullable(Int32)Organization that owns the key
account_idNullable(Int32)Account the key is associated with (optional)
user_idNullable(Int32)User who owns the key
tagsNullable(String)Key-value tags in JSON format for classification and search
rolesNullable(String)Roles assigned to this key in JSON format; defines its permissions
statusNullable(String)Key status: active, inactive, revoked
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
masked_api_keyNullable(String)Masked version of the key for safe display (e.g. sk_****abc)
owner_idNullable(Int32)User who created the key
used_atNullable(DateTime64(6))Last time the key was used to authenticate
internalNullable(UInt8)Flag indicating whether this is an internal system key (1) or a customer key (0)

Relationships:

  • organization_id references core_entities_organization.org_id, the organization that owns the key
  • account_id references core_entities_account.account_id, the account the key is restricted to
  • user_id / owner_id references auth_user.id, the user who owns and created the key

auth_resource_grants

Access grants that assign a role to a user on a specific NRN. This is the central RBAC mechanism: a grant expresses that user X has role Y on resource Z (NRN).

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique grant identifier
user_idNullable(Int32)User the role is granted to
role_idNullable(Int32)Role being granted
created_atNullable(DateTime64(6))Date the access was granted
updated_atNullable(DateTime64(6))Last modification of the grant
statusNullable(String)Grant status: active, inactive

Relationships:

  • user_id references auth_user.id, the user the grant applies to
  • role_id references auth_role.id, the role assigned by the grant
  • For the version with denormalized role data, see auth_resource_grants_expanded

auth_resource_grants_expanded

View that enriches auth_resource_grants with the assigned role data. Simplifies queries that need to display role name, slug, and level without a manual JOIN.

Engine: View (based on auth_resource_grants JOIN auth_role)

ColumnTypeDescription
idInt32Grant ID
user_idNullable(Int32)User the grant applies to
role_idNullable(Int32)Assigned role
role_nameNullable(String)Role name (denormalized from auth_role.name)
role_slugNullable(String)Role slug (denormalized from auth_role.slug)
role_levelNullable(String)Hierarchical role level: organization, account, namespace, application
statusNullable(String)Grant status
created_atNullable(DateTime64(6))Grant creation date
updated_atNullable(DateTime64(6))Last update of the grant

Relationships:

  • This view already materializes the JOIN between auth_resource_grants and auth_role
  • user_id references auth_user.id, the user the grant applies to

auth_role

Roles available on the platform for access control. Each role defines a set of permissions. Roles can be predefined by the platform or customized per organization.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique role identifier
nameNullable(String)Human-readable role name (e.g. Admin, Developer, Viewer)
descriptionNullable(String)Description of the role's permissions and responsibilities
statusNullable(String)Status: active, inactive
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last modification
levelNullable(String)Hierarchical level where it applies: organization, account, namespace, application
slugNullable(String)URL-safe role identifier (e.g. org-admin, app-developer)
assignment_restrictionNullable(String)Restriction on who can assign this role (e.g. admins only)
organization_idNullable(Int32)If a custom role, ID of the org that created it; null for system roles

Relationships:

  • organization_id references core_entities_organization.org_id, only for custom roles
  • id is referenced by auth_resource_grants.role_id, the grants that use this role
  • id is referenced by auth_apikey.roles, API keys include role IDs in JSON

auth_user

Users registered on the platform. Includes both human users who log in via SSO/OAuth and service accounts created programmatically.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique user identifier on the platform
emailNullable(String)User email address; unique per organization
organization_idNullable(Int32)Organization the user belongs to
first_nameNullable(String)User first name
last_nameNullable(String)User last name
statusNullable(String)Account status: active, inactive, invited, suspended
user_typeNullable(String)User type: human or service
providerNullable(String)Identity provider used for login (e.g. google, github, saml)
avatarNullable(String)URL to the user's profile picture
created_atNullable(DateTime64(6))Account creation date
updated_atNullable(DateTime64(6))Last profile update

Relationships:

  • organization_id references core_entities_organization.org_id, the organization the user belongs to
  • id is referenced by auth_resource_grants.user_id, grants assigned to this user
  • id is referenced by auth_apikey.user_id / auth_apikey.owner_id, keys owned by the user
  • id is referenced by audit_events.user_id, actions recorded by this user
  • id is referenced by parameters_parameter_version.user_id, parameter versions created by the user

Core

Fundamental platform entities. Represents the resource hierarchy: Organization, Account, Namespace, Application, Scope. Also includes builds, releases, deployments, runtime configurations, scope types, and technology templates.

core_entities_organization

Organizations on the platform. An organization is the root unit of the tenancy model: all other entities belong to an organization. Contains branding settings (logos), alternate domains, and global organization configuration.

Engine: ReplicatedReplacingMergeTree | Sorting key: org_id

ColumnTypeDescription
org_idInt32Unique organization identifier
org_nameNullable(String)Organization name
statusNullable(String)Status: active, inactive, suspended
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
org_slugNullable(String)URL-safe organization slug
org_logoNullable(String)Organization logo URL (light theme)
org_short_logoNullable(String)Reduced logo URL (light theme)
org_logo_darkNullable(String)Organization logo URL (dark theme)
org_short_logo_darkNullable(String)Reduced logo URL (dark theme)
org_settingsNullable(String)JSON with general organization settings
org_alt_domainsArray(String)Alternate domains configured for the organization

Relationships:

  • org_id is referenced by core_entities_account.org_id, accounts that belong to this organization
  • org_id is referenced by auth_user.organization_id, users in this organization
  • org_id is referenced by auth_role.organization_id, roles defined in this organization
  • org_id is referenced by auth_apikey.organization_id, API keys in this organization

core_entities_account

Accounts within an organization. An account groups namespaces and is associated with an SCM provider (GitHub, GitLab, etc.). It is the second level of the hierarchy and defines the prefix used to name repositories created under it.

Engine: ReplicatedReplacingMergeTree | Sorting key: account_id

ColumnTypeDescription
account_idInt32Unique account identifier
account_nameNullable(String)Account name
org_idNullable(Int32)Parent organization
repo_providerNullable(String)SCM provider: github, gitlab, bitbucket
repo_prefixNullable(String)Prefix used to name repositories created under this account
statusNullable(String)Status: active, inactive
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
slugNullable(String)URL-safe slug
settingsNullable(String)JSON with account settings
deleted_atNullable(DateTime64(6))Logical deletion date

Relationships:

  • org_id references core_entities_organization.org_id, the organization it belongs to
  • account_id is referenced by core_entities_namespace.account_id, namespaces in this account

core_entities_namespace

Namespaces within an account. A namespace groups related applications (e.g. a team, a product). It is the third level of the hierarchy and acts as a logical container for organizing applications by domain or owner.

Engine: ReplicatedReplacingMergeTree | Sorting key: namespace_id

ColumnTypeDescription
namespace_idInt32Unique namespace identifier
namespace_nameNullable(String)Namespace name
account_idNullable(Int32)Parent account
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
namespace_slugNullable(String)URL-safe slug
statusNullable(String)Status: active, inactive

Relationships:

  • account_id references core_entities_account.account_id, the account it belongs to
  • namespace_id is referenced by core_entities_application.namespace_id, applications in this namespace

core_entities_application

Applications within a namespace. An application represents a deployable unit: a microservice, a function, a job. It has an associated source code repository and can have multiple scopes (environments). Supports monorepos via repository_app_path.

Engine: ReplicatedReplacingMergeTree | Sorting key: app_id

ColumnTypeDescription
app_idInt32Unique application identifier
app_nameNullable(String)Application name
namespace_idNullable(Int32)Parent namespace
repository_urlNullable(String)URL of the application's source code repository
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
statusNullable(String)Status: active, inactive, archived
application_slugNullable(String)URL-safe application slug
template_idNullable(Int32)Technology template used when creating the application
auto_deploy_on_creationNullable(UInt8)Whether to automatically deploy when a new scope is created (1 = yes)
is_mono_repoNullable(UInt8)Whether the code lives in a shared monorepo (1 = yes)
repository_app_pathNullable(String)Path within the monorepo where this application's code resides
tagsNullable(String)JSON with classification tags
messagesNullable(String)JSON with system messages about the status
settingsNullable(String)JSON with additional application settings

Relationships:

  • namespace_id references core_entities_namespace.namespace_id, the namespace it belongs to
  • template_id references core_entities_technology_template.template_id, the technology template used
  • app_id is referenced by core_entities_scope.application_id, scopes (environments) of this application
  • app_id is referenced by core_entities_build.app_id, builds generated for this application
  • app_id is referenced by core_entities_release.app_id, releases of this application

core_entities_scope

Scopes of an application. A scope is a deployment environment (e.g. production, staging, dev). Each scope has a type, enabled capabilities, and can have dimensions that describe it (e.g. region, cloud provider). It is the fourth level of the hierarchy and the final target of deployments.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique scope identifier
nameNullable(String)Scope name (e.g. production, staging)
typeNullable(String)Scope type according to its scope_type
application_idNullable(Int32)Parent application
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
statusNullable(String)Status: active, inactive, creating, deleting
requested_specNullable(String)JSON with the specification requested when creating the scope
scope_slugNullable(String)URL-safe slug
scope_domainNullable(String)Base domain assigned to the scope by the platform
tierNullable(String)Resource tier of the scope (e.g. small, medium, large)
capabilitiesNullable(String)JSON with capabilities enabled in the scope
tagsArray(String)Tags for classification and filtering
messagesNullable(String)JSON with system messages about the status
asset_nameNullable(String)Infrastructure asset name (e.g. ECS service name)
external_createdNullable(UInt8)Whether it was created externally and imported into the platform (1 = yes)
profilesNullable(String)JSON with active configuration profiles
providerNullable(String)Cloud provider of the scope (e.g. aws, gcp, azure)
instance_idNullable(String)Instance ID in the cloud provider

Relationships:

  • application_id references core_entities_application.app_id, the application it belongs to
  • id is referenced by core_entities_deployment.scope_id, deployments performed in this scope
  • id is referenced by core_entities_runtime_configuration_scope.scope_id, runtime configurations active in this scope
  • id is referenced by core_entities_scope_dimension.scope_id, dimensions assigned to this scope
  • id is referenced by core_entities_scope_domain.scope_id, custom domains of this scope

core_entities_scope_type

Available scope types. Defines the categories of environments that can be created (e.g. kubernetes, ecs, lambda). Each type has an associated infrastructure provider and can be linked to compatible deployment strategies.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique scope type identifier
typeNullable(String)Technical type identifier (e.g. kubernetes, ecs, lambda)
nameNullable(String)Human-readable scope type name
statusNullable(String)Status: active, inactive
descriptionNullable(String)Description of the scope type and its characteristics
provider_typeNullable(String)Associated infrastructure provider type
provider_idNullable(String)Specific provider ID
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by core_entities_deployment_strategy_scope_type.scope_type_id, compatible deployment strategies for this type

core_entities_scope_dimension

Dimensions assigned to a specific scope. Dimensions are key-value attributes that characterize a scope (e.g. region=us-east-1, cloud=aws). They are used for filtering and to determine which runtime configuration values apply to that scope.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique assigned dimension identifier
dimension_slugNullable(String)Dimension slug (e.g. region, cloud)
value_slugNullable(String)Value assigned to the dimension in this scope (e.g. us-east-1, aws)
scope_idNullable(Int32)Scope this dimension belongs to
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • scope_id references core_entities_scope.id, the scope this dimension belongs to

core_entities_scope_domain

Custom domains assigned to a scope. Allows a scope to be accessible via customer-owned domain URLs (e.g. api.mycompany.com) instead of the platform-generated domain. Records the domain assignment status.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique domain assignment identifier
domainNullable(String)Custom domain assigned (e.g. api.mycompany.com)
scope_idNullable(Int32)Scope the domain is assigned to
organization_idNullable(Int32)Organization that owns the domain
statusNullable(String)Assignment status: pending, active, failed
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
typeNullable(String)Domain type: custom, platform

Relationships:

  • scope_id references core_entities_scope.id, the scope the domain is assigned to
  • organization_id references core_entities_organization.org_id, the owning organization

core_entities_build

Application builds (compilations). A build is the artifact resulting from compiling an application's source code at a specific commit. A successful build can produce multiple assets (Docker images, packages, etc.) and can give rise to one or more releases.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique build identifier
app_idNullable(Int32)Application that generated the build
statusNullable(String)Status: pending, building, success, failed, cancelled
commitNullable(String)SHA hash of the commit that generated the build
commit_permalinkNullable(String)URL to the commit in the SCM provider
branchNullable(String)Source code branch compiled
descriptionNullable(String)Description or notes associated with the build
created_atNullable(DateTime64(6))Build start date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • app_id references core_entities_application.app_id, the application that generated the build
  • id is referenced by core_entities_asset.build_id, assets produced by this build
  • id is referenced by core_entities_release.build_id, releases created from this build
  • commit correlates with scm_code_commits.sha, the SCM repository commit

core_entities_asset

Assets generated by a build. An asset is a concrete artifact produced during the compilation process: a Docker image, an npm package, a zip file, etc. A build can generate multiple assets for different platforms (multi-arch).

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique asset identifier
build_idNullable(Int32)Build that produced this asset
typeNullable(String)Asset type: docker, zip, npm, jar
urlNullable(String)Artifact URL in the registry or storage (e.g. ECR URI, S3 URL)
metadataNullable(String)JSON with asset metadata (digest, tags, size)
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
nameNullable(String)Asset name
platformNullable(String)Target platform of the asset (e.g. linux/amd64, linux/arm64)

Relationships:

  • build_id references core_entities_build.id, the build that generated this asset

core_entities_release

Versioned application releases. A release packages a build with a semantic version. It is the unit that gets deployed to scopes. It can pass through different states from creation until it is deprecated.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique release identifier
semverNullable(String)Semantic version of the release (e.g. 1.2.3, 2.0.0-beta.1)
build_idNullable(Int32)Build included in this release
statusNullable(String)Status: pending, active, deprecated, failed
app_idNullable(Int32)Application the release belongs to
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • build_id references core_entities_build.id, the build packaged in this release
  • app_id references core_entities_application.app_id, the application it belongs to
  • id is referenced by core_entities_deployment.release_id, deployments of this release
  • id is referenced by core_entities_deployment_group.release_id, deployment groups for this release

core_entities_deployment

Individual deployments of a release to a scope. A deployment is the act of delivering a release to an environment (scope). It records the strategy used, the lifecycle status, who initiated it, and operation timeouts.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique deployment identifier
scope_idNullable(Int32)Target scope of the deployment
release_idNullable(Int32)Release being deployed
strategyNullable(String)Deployment strategy used (e.g. rolling, blue-green, canary)
statusNullable(String)Overall status: pending, deploying, success, failed, cancelled
strategy_dataNullable(String)JSON with deployment strategy-specific data
created_atNullable(DateTime64(6))Deployment start date
updated_atNullable(DateTime64(6))Last update
status_in_scopeNullable(String)Deployment status in the target scope
messagesNullable(String)JSON with deployment process messages
deployment_tokenNullable(String)Unique token to authenticate the deployment session
expires_atNullable(DateTime64(6))When the deployment expires if pending
deployment_group_idNullable(Int32)Deployment group it belongs to
created_byNullable(Int32)User who created the deployment
updated_byNullable(Int32)User who performed the last update
status_started_atNullable(String)Timestamp when the current status started
parametersNullable(String)JSON with additional deployment parameters
external_strategy_idNullable(Int32)ID of the external strategy used

Relationships:

  • scope_id references core_entities_scope.id, the target scope of the deployment
  • release_id references core_entities_release.id, the release being deployed
  • deployment_group_id references core_entities_deployment_group.id, the deployment group it belongs to
  • created_by references auth_user.id, the user who initiated the deployment

core_entities_deployment_group

Deployment groups. A deployment group aggregates multiple deployments of the same release that are performed in a coordinated manner (e.g. simultaneous deployment across multiple scopes). Enables managing complex rollouts with centralized control of the global state.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique deployment group identifier
statusNullable(String)Group status: pending, in_progress, success, failed, cancelled
application_idNullable(Int32)Application the group belongs to
strategy_dataNullable(String)JSON with group strategy data
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
release_idNullable(Int32)Release deployed by all deployments in the group
last_directiveNullable(String)Last instruction executed in the group
deployments_amountNullable(Int32)Total number of deployments in the group
created_byNullable(Int32)User who created the group
updated_byNullable(Int32)User who performed the last update

Relationships:

  • application_id references core_entities_application.app_id, the group's application
  • release_id references core_entities_release.id, the release being deployed
  • created_by references auth_user.id, the user who created the group
  • id is referenced by core_entities_deployment.deployment_group_id, individual deployments in the group

core_entities_deployment_strategy

Available deployment strategies on the platform. Defines how a deployment is carried out (e.g. rolling update, blue-green, canary). Each strategy has configurable parameters and applies to specific scope types via the corresponding join table.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique deployment strategy identifier
nameNullable(String)Strategy name (e.g. Rolling Update, Blue-Green)
descriptionNullable(String)Description of the strategy's behavior
dimensionsNullable(String)JSON with dimensions that define the application context
parametersNullable(String)JSON with configurable strategy parameters
created_byNullable(Int32)User who created the strategy
updated_byNullable(Int32)User who performed the last update
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by core_entities_deployment_strategy_scope_type.deployment_strategy_id, compatible scope types for this strategy

core_entities_deployment_strategy_scope_type

Join table between deployment strategies and scope types. Defines which deployment strategies are available for each scope type, allowing the platform to offer only strategies compatible with the target infrastructure.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique link identifier
deployment_strategy_idNullable(Int32)Linked deployment strategy
scope_type_idNullable(Int32)Linked scope type
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • deployment_strategy_id references core_entities_deployment_strategy.id, the deployment strategy
  • scope_type_id references core_entities_scope_type.id, the compatible scope type

core_entities_runtime_configuration

Runtime configurations for applications. A runtime configuration groups a set of environment variables or settings that are injected into scopes. It has dimensions that determine in which specific contexts the configuration applies.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique runtime configuration identifier
profileNullable(String)Configuration profile (e.g. default, production)
statusNullable(String)Status: active, inactive, draft
stored_keysArray(String)List of configuration keys stored in this runtime configuration
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
dimensionsNullable(String)JSON with dimensions that determine when this configuration applies

Relationships:

  • id is referenced by core_entities_runtime_configuration_scope.rc_id, scopes where this configuration is active
  • id is referenced by core_entities_runtime_configuration_values.rc_id, concrete values of this configuration by dimension

core_entities_runtime_configuration_dimension

Definition of available dimensions for runtime configurations. Dimensions allow segmenting configurations by context (e.g. by region, by environment, by tenant). The order field determines priority when resolving which value applies in a given context.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique dimension identifier
nameNullable(String)Human-readable dimension name (e.g. Region, Environment)
slugNullable(String)URL-safe slug (e.g. region, environment)
statusNullable(String)Status: active, inactive
orderNullable(Int32)Priority order for dimension resolution
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by core_entities_runtime_configuration_dimension_value.dimension_id, possible values of this dimension
  • id is referenced by core_entities_runtime_configuration_values.runtime_configuration_dimension_id, RC values that use this dimension

core_entities_runtime_configuration_dimension_value

Possible values of a runtime configuration dimension. For example, for the region dimension, the possible values might be us-east-1, eu-west-1, etc. Each value is linked to its parent dimension and can be active or inactive.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique dimension value identifier
nameNullable(String)Human-readable value name (e.g. US East (N. Virginia))
slugNullable(String)URL-safe slug (e.g. us-east-1)
statusNullable(String)Status: active, inactive
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
dimension_idNullable(Int32)Dimension this value belongs to

Relationships:

  • dimension_id references core_entities_runtime_configuration_dimension.id, the dimension it belongs to
  • id is referenced by core_entities_runtime_configuration_values.runtime_configuration_dimension_value_id, RC values that use this dimension value

core_entities_runtime_configuration_scope

Join table between runtime configurations and scopes. Defines which runtime configurations are active in each scope, allowing multiple configurations to apply simultaneously to the same scope with different dimensions.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique link identifier
rc_idNullable(Int32)Linked runtime configuration
scope_idNullable(Int32)Scope where the configuration is active
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • rc_id references core_entities_runtime_configuration.id, the active runtime configuration
  • scope_id references core_entities_scope.id, the scope it applies to

core_entities_runtime_configuration_values

Concrete values of a runtime configuration according to its dimensions. Resolves which value applies for a specific combination of dimensions (e.g. configuration X with dimension region=us-east-1 has a given value). Contains references in both legacy (rc_dimension_id) and current format.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique value identifier
rc_idNullable(Int32)Runtime configuration this value belongs to
rc_dimension_idNullable(Int32)Applied dimension (legacy field)
rc_value_idNullable(Int32)Applied dimension value (legacy field)
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
runtime_configuration_dimension_idNullable(Int32)Applied dimension (current field)
runtime_configuration_dimension_value_idNullable(Int32)Applied dimension value (current field)

Relationships:

  • rc_id references core_entities_runtime_configuration.id, the runtime configuration it belongs to
  • runtime_configuration_dimension_id references core_entities_runtime_configuration_dimension.id, the applied dimension
  • runtime_configuration_dimension_value_id references core_entities_runtime_configuration_dimension_value.id, the dimension value

core_entities_metadata

Generic metadata associated with any platform entity. Allows extending entities with additional data without modifying their schema. Uses an EAV (Entity-Attribute-Value) model with typing via metadata_type.

Engine: ReplicatedReplacingMergeTree | Sorting key: entity, id, metadata_type

ColumnTypeDescription
pkStringComposite partition key for efficient lookups
skStringComposite sort key
idStringID of the entity the metadata belongs to
entityStringEntity type (e.g. application, scope, deployment)
metadata_typeStringMetadata type (e.g. tags, annotations, settings)
specification_idNullable(String)ID of the specification that defines the metadata schema
dataNullable(String)JSON with the metadata data
created_atNullable(DateTime64(6))Creation date
updated_atDateTime64(6)Last update

Relationships:

  • id + entity references the corresponding entity in its table (e.g. if entity='application', then id references core_entities_application.app_id)

core_entities_technology_template

Technology templates for application creation. A template defines the base structure of a new application: which template repository to use, which components to include, which tags to apply, and which configuration rules to follow. Can be scoped to an organization or account.

Engine: ReplicatedReplacingMergeTree | Sorting key: template_id

ColumnTypeDescription
template_idInt32Unique template identifier
nameNullable(String)Template name
organization_idNullable(Int32)Organization that created the template
account_idNullable(Int32)Account that owns the template
statusNullable(String)Status: active, inactive, deprecated
urlNullable(String)URL of the template repository used as a base
providerNullable(String)SCM provider of the template repository
componentsNullable(String)JSON with components included in the template
metadataNullable(String)JSON with descriptive metadata about the template
tagsNullable(String)JSON with tags applied to applications created from this template
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
repository_nameNullable(String)Suggested name for the repository generated when using the template
rulesNullable(String)JSON with automatic configuration rules applied when creating apps from this template

Relationships:

  • organization_id references core_entities_organization.org_id, the owning organization
  • account_id references core_entities_account.account_id, the owning account
  • template_id is referenced by core_entities_application.template_id, applications created with this template

Approvals

Approval system for controlling changes on the platform. Allows defining policies that require explicit approval before executing operations (e.g. deployments to production, changes to secret parameters). Includes two subsystems: manual approvals (approvals_approval_*) and entity hooks (approvals_entity_hook_*) that trigger automations when changes are detected.

approvals_policy

Base policies of the approval system. Defines the general rules evaluated to decide whether an operation requires approval. It is the root entity of the policy tree and can be linked to multiple approval actions via the approvals_approval_action_policy join table.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique policy identifier
nameNullable(String)Descriptive policy name
slugNullable(String)URL-safe policy slug
statusNullable(String)Status: active, inactive
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by approvals_policy_value.policy_id, configuration versions of this policy
  • id is referenced by approvals_approval_action_policy.policy_id, approval actions that use this policy

approvals_policy_value

Configuration versions of a policy. Each time a policy is modified, a new value is created with the updated configuration. Contains the conditions and selectors that define when the policy applies, maintaining a complete change history.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique policy value identifier
policy_idNullable(Int32)Policy this configuration version belongs to
versionNullable(Int32)Version number of this configuration
conditionsNullable(String)JSON with conditions that must be met to activate the policy
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
selectorNullable(String)JSON with entity selectors this version applies to

Relationships:

  • policy_id references approvals_policy.id, the base policy this version belongs to

approvals_approval_action

Actions (operations) that require approval. Defines which entity and which action on that entity is subject to the approval flow (e.g. entity=deployment, action=create). Includes timeout configuration and the platform's behavior upon approval or rejection.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique approval action identifier
entityNullable(String)Entity type subject to approval (e.g. deployment, parameter)
actionNullable(String)Specific action controlled (e.g. create, delete, update)
statusNullable(String)Status: active, inactive
dimensionsNullable(String)JSON with dimensions that scope when this approval action applies
on_policy_successNullable(String)Behavior when the request is approved (e.g. proceed, notify)
on_policy_failNullable(String)Behavior when the request is rejected (e.g. block, notify)
time_to_replyNullable(Int64)Maximum time in seconds for approvers to respond
allowed_time_to_executeNullable(Int64)Maximum time in seconds to execute the action once approved
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by approvals_approval_action_policy.approval_action_id, policies evaluated for this action
  • id is referenced by approvals_approval_request.approval_action_id, approval requests generated by this action

approvals_approval_action_policy

Join table between approval actions and policies. Defines which policies must be evaluated for a specific approval action. An approval action can require the evaluation of multiple policies simultaneously.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique link identifier
approval_action_idNullable(Int32)Linked approval action
policy_idNullable(Int32)Linked policy
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • approval_action_id references approvals_approval_action.id, the action that requires approval
  • policy_id references approvals_policy.id, the policy to be evaluated

approvals_approval_policy

Approval-specific policies. Defines the approval rules for entity-action combinations: who must approve, how many approvals are needed, and in which dimensions the policy applies. It is the entry point for notifications and approval forms.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique approval policy identifier
entityNullable(String)Entity type the policy applies to
actionNullable(String)Action controlled by the policy
statusNullable(String)Status: active, inactive
dimensionsNullable(String)JSON with dimensions that scope the policy's applicability
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by approvals_approval_policy_notification.approval_policy_id, notification configuration for this policy
  • id is referenced by approvals_approval_policy_spec.approval_policy_id, forms linked to this policy
  • id is referenced by approvals_approval_request.approval_policy_id, requests generated by this policy

approvals_approval_policy_notification

Notification configuration for an approval policy. Defines through which channels and with what configuration approvers are notified when a new approval request is generated. Supports multiple channels per policy.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique notification configuration identifier
approval_policy_idNullable(Int32)Approval policy this notification belongs to
typeNullable(String)Notification channel: slack, email, webhook
configuration_idNullable(Int32)ID of the channel configuration (credentials, recipients)
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • approval_policy_id references approvals_approval_policy.id, the policy this notification configuration belongs to

approvals_approval_policy_spec

Join table between approval policies and approval specs. Links which forms or data specifications must be completed by approvers when approving an approval request.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique link identifier
approval_policy_idNullable(Int32)Linked approval policy
approval_spec_idNullable(Int32)Linked approval spec (form)
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • approval_policy_id references approvals_approval_policy.id, the policy this link belongs to
  • approval_spec_id references approvals_approval_spec.id, the form linked to the policy

approvals_approval_spec

Approval form specifications. Defines what additional information approvers must provide when approving or rejecting a request (e.g. "rejection reason", "reference ticket"). Each spec can have multiple versions of its validation rules.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique form specification identifier
nameNullable(String)Form or specification name
slugNullable(String)URL-safe slug
statusNullable(String)Status: active, inactive
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by approvals_approval_policy_spec.approval_spec_id, policies that use this form
  • id is referenced by approvals_approval_spec_value.approval_spec_id, validation rule versions of this form

approvals_approval_spec_value

Configuration versions of an approval spec. Each version contains the form's validation rules (required fields, types, constraints). Allows evolving the form structure without losing the history of previous versions.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique spec version identifier
approval_spec_idNullable(Int32)Form specification this version belongs to
versionNullable(Int32)Version number of this configuration
rulesNullable(String)JSON with form validation rules (fields, types, requirements)
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • approval_spec_id references approvals_approval_spec.id, the form this rule version belongs to

approvals_approval_request

Approval requests generated when a user attempts to execute an operation subject to a policy. Each request encapsulates all information about the intercepted operation, the status of its approval process, the HTTP requests involved, and expiration times.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique approval request identifier
entity_nameNullable(String)Entity type in the intercepted operation
entity_actionNullable(String)Intercepted action (e.g. create, delete)
entity_idNullable(String)ID of the entity affected by the operation
statusNullable(String)Status: pending, approved, denied, cancelled, expired, executed
original_http_request_idNullable(Int32)ID of the original intercepted HTTP request
authority_http_request_idNullable(Int32)ID of the authorization request sent to the originating service
approval_http_request_idNullable(Int32)ID of the HTTP request sent upon approval
denial_http_request_idNullable(Int32)ID of the HTTP request sent upon rejection
approval_policy_idNullable(Int32)Policy that generated this request
user_idNullable(Int32)User who originated the intercepted operation
execution_statusNullable(String)Post-approval execution status: pending, success, failed
dimensionsNullable(String)JSON with the intercepted operation's dimensions
cancel_http_request_idNullable(Int32)ID of the HTTP request sent upon cancellation
approval_action_idNullable(Int32)Approval action that triggered the creation of this request
expires_atNullable(DateTime64(6))When the request expires if not answered by approvers
execution_expires_atNullable(DateTime64(6))Time limit to execute the action once approved
aggregator_entity_idNullable(String)ID of the aggregator entity if the request belongs to a larger process
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • approval_policy_id references approvals_approval_policy.id, the policy that generated this request
  • approval_action_id references approvals_approval_action.id, the action that triggered the request
  • user_id references auth_user.id, the user who originated the operation
  • id is referenced by approvals_approval_reply.approval_request_id, approver responses to this request

approvals_approval_reply

Approver responses to approval requests. Each reply records the decision made (approve or reject), the response body with the justification, and the headers of the request sent to execute the decision.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique approver response identifier
statusNullable(String)Decision taken: approved, denied
approval_request_idNullable(Int32)Approval request this response corresponds to
created_atNullable(DateTime64(6))Response date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • approval_request_id references approvals_approval_request.id, the approval request this response belongs to

approvals_entity_hook_policy

Entity hook subsystem policies. Entity hooks allow triggering automations (HTTP webhooks, notifications) when events occur on entities. This table defines the policies that control which hooks fire and under what conditions.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique hook policy identifier
nameNullable(String)Descriptive hook policy name
slugNullable(String)URL-safe slug
statusNullable(String)Status: active, inactive
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by approvals_entity_hook_policy_value.policy_id, configuration versions of this policy
  • id is referenced by approvals_entity_hook_action_policy.policy_id, entity hook actions that use this policy

approvals_entity_hook_policy_value

Configuration versions of entity hook policies. Contains the conditions that determine when a hook fires, allowing you to update the activation logic without losing the history of previous versions.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique policy version identifier
policy_idNullable(Int32)Hook policy this version belongs to
versionNullable(Int32)Version number
conditionsNullable(String)JSON with hook activation conditions
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • policy_id references approvals_entity_hook_policy.id, the policy this configuration version belongs to

approvals_entity_hook_action

Entity hook action configuration. Defines which entities and actions activate the hook, what type of hook it is, and when it fires (pre or post operation). This is the base hook configuration and can be linked to one or more policies that condition its activation.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique hook configuration identifier
statusNullable(String)Status: active, inactive
entityNullable(String)Entity type that triggers the hook (e.g. deployment, parameter)
actionNullable(String)Action that triggers the hook (e.g. create, update, delete)
dimensionsNullable(String)JSON with dimensions that scope when this hook applies
on_policy_successNullable(String)Platform behavior after policy success
on_policy_failNullable(String)Platform behavior on policy failure
typeNullable(String)Hook type: webhook, notification
whenNullable(String)Trigger timing: pre (before the operation) or post (after)
onNullable(String)Specific event that triggers the hook
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • id is referenced by approvals_entity_hook_action_policy.entity_hook_action_id, policies evaluated for this hook
  • id is referenced by approvals_entity_hook_request.entity_hook_action_id, executions of this hook

approvals_entity_hook_action_policy

Join table between entity hook actions and entity hook policies. Links which policies are evaluated for a specific entity hook action before deciding whether the hook should fire.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique link identifier
entity_hook_action_idNullable(UUID)Linked entity hook action
policy_idNullable(UUID)Linked hook policy
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • entity_hook_action_id references approvals_entity_hook_action.id, the linked hook configuration
  • policy_id references approvals_entity_hook_policy.id, the policy that conditions hook firing

approvals_entity_hook_request

Individual entity hook executions. Each record represents a hook firing attempt for a specific event. Captures the execution status, process messages, and the full context of the entity that originated the event.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique hook execution identifier
entity_nameNullable(String)Entity type that originated the event
entity_actionNullable(String)Action that occurred on the entity
entity_idNullable(String)ID of the affected entity
statusNullable(String)Execution status: pending, processing, success, failed
user_idNullable(Int32)User who originated the event
execution_statusNullable(String)HTTP webhook execution status
dimensionsNullable(String)JSON with the event dimensions
entity_hook_action_idNullable(UUID)Hook configuration that was triggered
typeNullable(String)Hook type executed: webhook, notification
whenNullable(String)Trigger timing: pre or post
onNullable(String)Specific event that originated this execution
dependenciesNullable(String)JSON with dependencies of this request (related hooks)
created_atNullable(DateTime64(6))Execution start date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • entity_hook_action_id references approvals_entity_hook_action.id, the hook configuration that generated this execution
  • user_id references auth_user.id, the user who originated the event
  • id is referenced by approvals_entity_hook_http_request.entity_hook_request_id, the HTTP request detail

approvals_entity_hook_http_request

HTTP request detail sent as part of an entity hook execution. Stores the full information of the HTTP call made to the webhook endpoint: method, URL, headers, body, and number of retries performed.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique HTTP request identifier
entity_hook_request_idNullable(UUID)Hook execution this request belongs to
headersNullable(String)JSON with HTTP headers sent in the request
methodNullable(String)HTTP method used (e.g. POST, PUT)
urlNullable(String)Destination endpoint URL of the webhook
retriesNullable(Int32)Number of retries performed until a response was obtained
typeNullable(String)Request type within the hook flow
created_atNullable(DateTime64(6))Send date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • entity_hook_request_id references approvals_entity_hook_request.id, the hook execution it belongs to
  • id is referenced by approvals_entity_hook_http_response.entity_hook_http_request_id, the HTTP response received

approvals_entity_hook_http_response

HTTP response received after executing an entity hook webhook. Stores the status code, headers, and response body for diagnostics and auditing. Allows verifying whether the external endpoint successfully processed the event.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique HTTP response identifier
statusNullable(Int32)HTTP response code (200, 4xx, 5xx)
entity_hook_http_request_idNullable(UUID)HTTP request this response corresponds to
created_atNullable(DateTime64(6))Response reception date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • entity_hook_http_request_id references approvals_entity_hook_http_request.id, the HTTP request this response corresponds to

Governance

Platform governance system. Manages action items that represent tasks, recommendations, or compliance issues that must be resolved on resources. Action items are categorized, prioritized, and can have automatic resolution suggestions.

governance_action_items_action_items

Governance action items. Each record represents a task, alert, or compliance recommendation linked to a platform resource. They can be generated automatically by the system or created manually. They have priority, score, and a due date for SLA management.

Engine: ReplicatedReplacingMergeTree | Sorting key: action_item_id

ColumnTypeDescription
action_item_idStringUnique action item identifier
action_item_slugNullable(String)URL-safe action item slug for external references
titleNullable(String)Descriptive action item title (e.g. Missing health check configuration)
descriptionNullable(String)Detailed description of the problem or task to resolve
statusNullable(String)Status: open, in_progress, resolved, deferred, dismissed
priorityNullable(String)Priority: critical, high, medium, low
scoreNullable(Int32)Numeric impact score for sorting and maturity index calculations
created_byNullable(String)Identifier of who or what system generated the action item
category_idNullable(String)Action item category
unit_idNullable(String)Measurement unit for the value
valueNullable(String)Current metric value associated with the action item
due_dateNullable(DateTime64(6))Deadline to resolve the action item
deferred_untilNullable(DateTime64(6))Date until which it was postponed (if status = deferred)
resolved_atNullable(DateTime64(6))Timestamp when it was marked as resolved
labelsNullable(String)JSON labels for additional classification
affected_resourcesNullable(String)JSON with resources affected by this action item
referencesNullable(String)JSON with external references (documentation, tickets, links)
metadataNullable(String)Additional metadata in JSON format
configNullable(String)Action item type-specific configuration in JSON
commentsNullable(String)JSON with user comments on the action item
audit_logsNullable(String)JSON with the action item's status change history
deferral_countNullable(Int32)Number of times the item was deferred
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • category_id references governance_action_items_categories.category_id, the thematic category of the action item
  • unit_id references governance_action_items_units.unit_id, the measurement unit for the reported value
  • action_item_id is referenced by governance_action_items_suggestions.action_item_id, resolution suggestions for this action item
  • nrn references the affected resource (application, namespace, etc.)

governance_action_items_categories

Categories for classifying governance action items. Allow grouping action items by topic (e.g. Security, Observability, Costs). Support parent-child hierarchy for subcategories.

Engine: ReplicatedReplacingMergeTree | Sorting key: category_id

ColumnTypeDescription
category_idStringUnique category identifier
category_slugNullable(String)URL-safe category slug
parent_idNullable(String)Parent category for hierarchies
category_nameNullable(String)Human-readable category name (e.g. Security, Cost Optimization)
descriptionNullable(String)Description of the types of action items this category encompasses
colorNullable(String)Hex color for UI visualization
iconNullable(String)Icon identifier for the UI
configNullable(String)Additional category configuration in JSON
statusNullable(String)Status: active, inactive
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • parent_id references governance_action_items_categories.category_id, self-reference for subcategories
  • category_id is referenced by governance_action_items_action_items.category_id, action items classified in this category

governance_action_items_suggestions

Automatic or manual suggestions for resolving an action item. A suggestion can be executed directly by the system (e.g. apply a recommended configuration) or serve as guidance for the user.

Engine: ReplicatedReplacingMergeTree | Sorting key: suggestion_id

ColumnTypeDescription
suggestion_idStringUnique suggestion identifier
suggestion_slugNullable(String)URL-safe suggestion slug
action_item_idNullable(String)Action item this suggestion belongs to
statusNullable(String)Status: pending, applied, dismissed, expired
created_byNullable(String)Who or what system generated the suggestion
ownerNullable(String)User or system responsible for executing the suggestion
confidenceNullable(String)Confidence level in the suggestion: high, medium, low
descriptionNullable(String)Description of the proposed action
metadataNullable(String)Metadata from the system that generated the suggestion
user_metadataNullable(String)Additional metadata entered by the user
user_metadata_configNullable(String)Expected user configuration schema
executed_atNullable(DateTime64(6))Execution timestamp if applied
execution_resultNullable(String)Execution result (success, error, output)
expires_atNullable(DateTime64(6))Suggestion expiration date
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • action_item_id references governance_action_items_action_items.action_item_id, the action item this suggestion belongs to

governance_action_items_units

Measurement units used by action items to express their value (e.g. %, USD, ms, count). Allow interpreting and comparing the value field of action items.

Engine: ReplicatedReplacingMergeTree | Sorting key: unit_id

ColumnTypeDescription
unit_idStringUnique unit identifier
unit_slugNullable(String)URL-safe unit slug
unit_nameNullable(String)Human-readable name (e.g. Percentage, US Dollar, Milliseconds)
symbolNullable(String)Unit symbol (e.g. %, $, ms)
statusNullable(String)Status: active, inactive
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update

Relationships:

  • unit_id is referenced by governance_action_items_action_items.unit_id, action items that use this measurement unit

Parameters

Configuration parameter management system (environment variables, secrets, and configurations). Parameters can be versioned and support different value contexts through dimensions.

parameters_parameter

Configuration parameter definition. Represents the parameter "declaration": its name, type, whether it is secret, and how it is encoded. The actual values are stored in parameters_parameter_value and the change history in parameters_parameter_version.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Unique parameter identifier
nameNullable(String)Parameter name as exposed (e.g. DATABASE_URL, API_KEY)
typeNullable(String)Parameter type: string, integer, boolean, json
secretNullable(UInt8)Whether the value is sensitive and must be encrypted (1 = yes)
handleNullable(String)Immutable technical identifier of the parameter, used in integrations
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last definition modification
encodingNullable(String)Value encoding: plain, base64
read_onlyNullable(UInt8)Whether it is in read-only mode (1 = cannot be modified via API)

Relationships:

  • id is referenced by parameters_parameter_value.parameter_id, concrete values of this parameter
  • id is referenced by parameters_parameter_version.parameter_id, version history of this parameter

parameters_parameter_value

Concrete parameter value for a given context (dimensions). A single parameter can have multiple active values depending on the dimensions (e.g. different values for different environments or regions). The actual value may be stored in an external backend referenced by the external field.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt64Unique value identifier
locationNullable(String)Value location in the storage backend (e.g. SSM path, Secrets Manager ARN)
created_atNullable(DateTime64(6))Value creation date
updated_atNullable(DateTime64(6))Last update
parameter_idNullable(Int32)Parameter this value belongs to
parameter_versionNullable(Int32)Parameter version in which it was created
strategy_dataNullable(String)JSON with encryption strategy data used (includes strategy ID)
dimensionsNullable(String)JSON with dimensions that determine when this value applies (e.g. {"env": "production"})
externalNullable(String)JSON with reference to the external storage where the actual value is stored
checksumNullable(String)Value checksum for integrity verification without exposing the content

Relationships:

  • parameter_id references parameters_parameter.id, the parameter this value corresponds to
  • parameter_version references parameters_parameter_version.id, the parameter version in which it was created

parameters_parameter_version

Parameter version history. Each time a parameter definition is modified, a new version is created. Allows auditing who changed a parameter and when, and is referenced by values to indicate in which version they were created.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idInt32Parameter version number
parameter_idNullable(Int32)Parameter this version corresponds to
user_idNullable(Int32)User who created this version
created_atNullable(DateTime64(6))Date this version was created
updated_atNullable(DateTime64(6))Last update

Relationships:

  • parameter_id references parameters_parameter.id, the parameter this version belongs to
  • user_id references auth_user.id, the user who made the change
  • id is referenced by parameters_parameter_value.parameter_version, values created under this version

SCM

Integration with version control providers (GitHub, GitLab, Bitbucket). Stores repository and commit metadata synchronized from customers' SCM systems.

note

SCM tables require the nullplatform SCM integration to be enabled for your organization. Reach out to the nullplatform team to set it up.

scm_code_repositories

Source code repositories registered on the platform. Each repository belongs to an SCM organization (GitHub/GitLab/Bitbucket account) and is linked to one or more nullplatform applications.

Engine: ReplicatedReplacingMergeTree | Sorting key: nrn, id

ColumnTypeDescription
idUUIDUnique repository identifier in nullplatform
external_repository_idStringRepository ID in the external SCM system (e.g. the GitHub repo ID)
nameStringRepository name as it appears in the SCM
providerStringSCM provider: github, gitlab, bitbucket
starsInt64Number of stars on the repository
forksInt64Number of repository forks
languageNullable(String)Primary programming language detected
privateUInt8Whether the repository is private (1) or public (0)
descriptionNullable(String)Repository description from the SCM
urlNullable(String)Repository web URL (e.g. https://github.com/org/repo)
date_createdNullable(DateTime64(6))Creation date in the external SCM
scm_organization_idUUIDID of the SCM organization the repository belongs to
scm_organization_nameNullable(String)Organization name in the SCM (e.g. the GitHub org name)
scm_organization_providerNullable(String)SCM organization provider
scm_organization_hostNullable(String)SCM host for self-hosted installations (e.g. github.example.com)
scm_organization_installation_statusNullable(String)Installation status of the SCM app in the organization
tagsMap(String, String)Key-value tags for classification and filtering
created_atDateTime64(6)Sync/creation date in nullplatform
updated_atDateTime64(6)Last update

Relationships:

  • id is referenced by scm_code_commits.code_repository_id, commits belonging to this repository
  • nrn correlates with core_entities_application.nrn, applications reference repositories via repository_url

scm_code_commits

Individual commits synchronized from SCM repositories. Allows correlating deployments with the source code that originated them, tracking development activity, and calculating commit frequency metrics.

Engine: ReplicatedReplacingMergeTree | Sorting key: nrn, code_repository_id, date, id

ColumnTypeDescription
idUUIDUnique commit identifier in nullplatform
shaStringCommit SHA hash in the SCM system (e.g. a3f8c2d...)
messageNullable(String)Commit message
author_nameNullable(String)Commit author name from git configuration
author_emailNullable(String)Commit author email
dateDateTime64(6)Date and time the commit was made
code_repository_idUUIDRepository this commit belongs to
created_atDateTime64(6)Ingestion date in nullplatform
updated_atDateTime64(6)Last update

Relationships:

  • code_repository_id references scm_code_repositories.id, the repository the commit belongs to
  • sha is referenced by core_entities_build.commit, builds reference the SHA of the commit that originated them

Services

Infrastructure service catalog that applications can consume (databases, message queues, caches, etc.). A service is an instance of an infrastructure type; specifications define the available types. Links connect applications to services.

services_service_specifications

Specifications for available service types in the catalog. Defines which infrastructure types can be created (e.g. PostgreSQL, Redis, SQS). Each specification is a "template" that describes the attributes, dimensions, and behavior of the service type, and determines which organizations or entities can use it.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique specification identifier
nameNullable(String)Human-readable service type name (e.g. PostgreSQL Database, Redis Cache)
slugNullable(String)URL-safe type slug (e.g. postgresql, redis)
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
deleted_atNullable(DateTime64(6))Logical deletion date
attributesNullable(String)JSON with configurable service attributes (e.g. version, size)
selectorsNullable(String)JSON with selectors that determine application compatibility
visible_toNullable(String)Defines which organizations or user types can see this specification
typeNullable(String)Service category: database, queue, cache, storage
dimensionsNullable(String)JSON with dimensions available for instances of this type
assignable_toNullable(String)Defines which entity types this service can be assigned to
use_default_actionsNullable(UInt8)Whether it uses the platform's default actions (1 = yes)
scopesNullable(String)JSON with scopes where this type can be deployed

Relationships:

  • id is referenced by services_services.specification_id, service instances of this type
  • id is referenced by services_action_specifications.service_specification_id, actions available for this service type
  • id is referenced by services_link_specifications.specification_id, link types available for this service type

services_services

Concrete infrastructure service instances. Each service is an instance of a service_specification that has been provisioned for an application. It has lifecycle state and is linked to the NRN of the resource that consumes it. It may be in the process of updating to a desired_specification_id different from the active one.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique service instance identifier
nameNullable(String)Instance name (e.g. prod-db, cache-main)
slugNullable(String)URL-safe instance slug
messagesNullable(String)JSON with system messages about the service status
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
deleted_atNullable(DateTime64(6))Deletion date
dimensionsNullable(String)JSON with dimensions applied to this instance (e.g. {"size": "large"})
attributesNullable(String)JSON with instance attributes (endpoints, non-secret credentials, region)
selectorsNullable(String)JSON with active selectors for this instance
statusNullable(String)Lifecycle status: creating, active, updating, deleting, failed
linkable_toNullable(String)Defines which entity types this service can be linked to
specification_idNullable(UUID)Active service specification
desired_specification_idNullable(UUID)Target specification if an update is in progress
entity_nrnNullable(String)NRN of the entity (application or link) this service is associated with
typeNullable(String)Type inherited from the specification: database, queue, cache, storage

Relationships:

  • specification_id references services_service_specifications.id, the active service type
  • desired_specification_id references services_service_specifications.id, the target service type in case of update
  • id is referenced by services_links.service_id, links that consume this service
  • id is referenced by services_actions.service_id, actions executed on this service
  • id is referenced by services_parameters.service_id, parameters exported by this service

services_link_specifications

Link type specifications. Links connect applications to services. A link specification defines the attributes, dimensions, and constraints of a connection type (e.g. "PostgreSQL database connection"). Each link specification belongs to a parent service specification.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique link specification identifier
nameNullable(String)Human-readable link type name
slugNullable(String)URL-safe slug
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
deleted_atNullable(DateTime64(6))Deletion date
dimensionsNullable(String)JSON with dimensions available for links of this type
attributesNullable(String)JSON with configurable connection attributes (e.g. pool size, SSL)
selectorsNullable(String)JSON with selectors for determining entity compatibility
specification_idNullable(UUID)Parent service specification
visible_toNullable(String)Visibility of this link type
uniqueNullable(UInt8)Whether only one instance can exist per entity (1 = yes)
assignable_toNullable(String)Defines which entity types it can be assigned to
use_default_actionsNullable(UInt8)Whether it uses the platform's default actions (1 = yes)
scopesNullable(String)JSON with scopes where it can be created
externalNullable(String)JSON with external integration configuration

Relationships:

  • specification_id references services_service_specifications.id, the service type this link type belongs to
  • id is referenced by services_links.specification_id, link instances of this type
  • id is referenced by services_action_specifications.link_specification_id, actions available for this link type

services_links

Link instances: concrete connections between an entity (application, scope) and a service. When a link is created, the platform provisions the credentials and configuration necessary for the application to access the service. Like services, a link may be in the process of updating to a desired_specification_id.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique link identifier
nameNullable(String)Connection name
slugNullable(String)URL-safe slug
messagesNullable(String)JSON with system messages about the status
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
deleted_atNullable(DateTime64(6))Deletion date
dimensionsNullable(String)JSON with connection dimensions
attributesNullable(String)JSON with active connection attributes
selectorsNullable(String)JSON with active selectors
statusNullable(String)Status: creating, active, updating, deleting, failed
specification_idNullable(UUID)Active link specification
desired_specification_idNullable(UUID)Target specification if an update is in progress
service_idNullable(UUID)Service this link connects to
entity_nrnNullable(String)NRN of the entity (application, scope) that consumes the link
parameter_slug_algorithm_versionNullable(String)Version of the algorithm for generating link parameter slugs

Relationships:

  • specification_id references services_link_specifications.id, the active link type
  • desired_specification_id references services_link_specifications.id, the target link type in case of update
  • service_id references services_services.id, the service it connects to
  • id is referenced by services_actions.link_id, actions executed on this link

services_action_specifications

Action specifications available for services and links. An action specification defines an operation that can be executed (e.g. restart, resize, create-backup). It can belong to a service specification or a link specification, but not both simultaneously.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique action specification identifier
nameNullable(String)Human-readable action name (e.g. Restart Service, Create Backup)
slugNullable(String)URL-safe action slug (e.g. restart, create-backup)
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
deleted_atNullable(DateTime64(6))Deletion date
parametersNullable(String)JSON with input parameters the action accepts
resultsNullable(String)JSON with the result structure the action returns
typeNullable(String)Action type: sync, async, webhook
service_specification_idNullable(UUID)Service specification this action belongs to
link_specification_idNullable(UUID)Link specification this action belongs to (alternative)
retryableNullable(UInt8)Whether the action can be automatically retried on failure (1 = yes)
annotationsNullable(String)JSON with annotations and UI metadata
enabled_whenNullable(String)JSON condition that determines when the action is available
iconNullable(String)Icon to display in the UI
parallelizeNullable(UInt8)Whether it can be executed in parallel on multiple instances (1 = yes)
externalNullable(String)JSON with external execution configuration

Relationships:

  • service_specification_id references services_service_specifications.id, the service type this action belongs to
  • link_specification_id references services_link_specifications.id, the link type this action belongs to
  • id is referenced by services_actions.specification_id, executions of this action

services_actions

Action instances executed on services or links. Each record represents a concrete execution of an action_specification (e.g. a restart executed at 14:30). Has its own execution lifecycle status and records the input parameters and the result obtained.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique action execution identifier
nameNullable(String)Name of the executed action
slugNullable(String)Action slug
created_atNullable(DateTime64(6))Execution start date
updated_atNullable(DateTime64(6))Last update
deleted_atNullable(DateTime64(6))Deletion date
parametersNullable(String)JSON with input parameters the action was invoked with
resultsNullable(String)JSON with the execution result
statusNullable(String)Execution status: pending, running, success, failed, cancelled
specification_idNullable(UUID)Specification of the executed action
desired_specification_idNullable(UUID)Target specification if an update is in progress
service_idNullable(UUID)Service the action was executed on
link_idNullable(UUID)Link the action was executed on (alternative to service_id)
is_testNullable(UInt8)Whether it is a test execution (1 = yes)
created_byNullable(String)Identifier of the user or system that triggered the action

Relationships:

  • specification_id references services_action_specifications.id, the definition of the executed action
  • service_id references services_services.id, the service it was executed on
  • link_id references services_links.id, the link it was executed on

services_parameters

Parameters exported by services and links to the entities that consume them. When a link is activated, it generates parameters (e.g. DATABASE_URL, REDIS_HOST) that are automatically injected into the application. This table records those binding relationships between the service and the resulting parameter.

Engine: ReplicatedReplacingMergeTree | Sorting key: id

ColumnTypeDescription
idUUIDUnique parameter binding identifier
entity_nrnNullable(String)NRN of the entity that receives the parameter (application or scope)
typeNullable(String)Binding type: how the parameter is injected (e.g. env_var, file)
targetNullable(String)Name under which the parameter is exposed in the entity (e.g. DATABASE_URL)
parameter_idNullable(String)Reference to the parameter in the parameter management system
service_idNullable(UUID)Service that exports the parameter
created_atNullable(DateTime64(6))Creation date
updated_atNullable(DateTime64(6))Last update
deleted_atNullable(DateTime64(6))Deletion date

Relationships:

  • service_id references services_services.id, the service that generates this parameter
  • parameter_id references parameters_parameter.id, the parameter created in the parameter management system

Next steps