-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathschema.sql
More file actions
337 lines (299 loc) · 9.59 KB
/
schema.sql
File metadata and controls
337 lines (299 loc) · 9.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
-- CortexOS Database Schema with Row Level Security
-- Run this file to set up the complete database structure
-- Enable required extensions
CREATE EXTENSION IF NOT EXISTS vector;
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-- Drop existing tables if they exist (for clean setup)
DROP TABLE IF EXISTS logs CASCADE;
DROP TABLE IF EXISTS memories CASCADE;
DROP TABLE IF EXISTS steps CASCADE;
DROP TABLE IF EXISTS tasks CASCADE;
DROP TABLE IF EXISTS users CASCADE;
-- Users table (Master and sub-agents)
CREATE TABLE users (
id SERIAL PRIMARY KEY,
uuid UUID DEFAULT uuid_generate_v4() UNIQUE NOT NULL,
username VARCHAR(255) UNIQUE NOT NULL,
role VARCHAR(50) NOT NULL DEFAULT 'agent', -- 'master', 'agent', 'sub_agent'
api_key VARCHAR(255),
permissions JSONB DEFAULT '{}',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Tasks table
CREATE TABLE tasks (
id SERIAL PRIMARY KEY,
uuid UUID DEFAULT uuid_generate_v4() UNIQUE NOT NULL,
goal TEXT NOT NULL,
status VARCHAR(50) NOT NULL DEFAULT 'pending',
priority INTEGER DEFAULT 0,
parent_task_id INTEGER REFERENCES tasks(id) ON DELETE CASCADE,
created_by INTEGER REFERENCES users(id) ON DELETE SET NULL,
assigned_to INTEGER REFERENCES users(id) ON DELETE SET NULL,
metadata JSONB DEFAULT '{}',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Steps table
CREATE TABLE steps (
id SERIAL PRIMARY KEY,
uuid UUID DEFAULT uuid_generate_v4() UNIQUE NOT NULL,
task_id INTEGER NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
action TEXT NOT NULL,
status VARCHAR(50) NOT NULL DEFAULT 'pending',
result TEXT,
error TEXT,
retry_count INTEGER DEFAULT 0,
metadata JSONB DEFAULT '{}',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Memories table
CREATE TABLE memories (
id SERIAL PRIMARY KEY,
uuid UUID DEFAULT uuid_generate_v4() UNIQUE NOT NULL,
content TEXT NOT NULL,
type VARCHAR(50) NOT NULL,
embedding vector(1536),
score FLOAT DEFAULT 0,
task_id INTEGER REFERENCES tasks(id) ON DELETE SET NULL,
user_id INTEGER REFERENCES users(id) ON DELETE SET NULL,
metadata JSONB DEFAULT '{}',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Logs table (Audit trail)
CREATE TABLE logs (
id SERIAL PRIMARY KEY,
uuid UUID DEFAULT uuid_generate_v4() UNIQUE NOT NULL,
task_id INTEGER REFERENCES tasks(id) ON DELETE SET NULL,
user_id INTEGER REFERENCES users(id) ON DELETE SET NULL,
action TEXT NOT NULL,
result TEXT,
level VARCHAR(20) DEFAULT 'info', -- 'info', 'warning', 'error', 'critical'
metadata JSONB DEFAULT '{}',
timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Indexes for performance
CREATE INDEX idx_tasks_status ON tasks(status);
CREATE INDEX idx_tasks_parent ON tasks(parent_task_id);
CREATE INDEX idx_tasks_created_by ON tasks(created_by);
CREATE INDEX idx_tasks_assigned_to ON tasks(assigned_to);
CREATE INDEX idx_tasks_created_at ON tasks(created_at DESC);
CREATE INDEX idx_steps_task ON steps(task_id);
CREATE INDEX idx_steps_status ON steps(status);
CREATE INDEX idx_steps_created_at ON steps(created_at);
CREATE INDEX idx_logs_task ON logs(task_id);
CREATE INDEX idx_logs_user ON logs(user_id);
CREATE INDEX idx_logs_timestamp ON logs(timestamp DESC);
CREATE INDEX idx_logs_level ON logs(level);
CREATE INDEX idx_memories_type ON memories(type);
CREATE INDEX idx_memories_task ON memories(task_id);
CREATE INDEX idx_memories_user ON memories(user_id);
CREATE INDEX idx_memories_created_at ON memories(created_at DESC);
CREATE INDEX idx_users_role ON users(role);
CREATE INDEX idx_users_uuid ON users(uuid);
-- Enable Row Level Security
ALTER TABLE users ENABLE ROW LEVEL SECURITY;
ALTER TABLE tasks ENABLE ROW LEVEL SECURITY;
ALTER TABLE steps ENABLE ROW LEVEL SECURITY;
ALTER TABLE memories ENABLE ROW LEVEL SECURITY;
ALTER TABLE logs ENABLE ROW LEVEL SECURITY;
-- RLS Policies for users table
-- Master can see all users
CREATE POLICY users_master_all ON users
FOR ALL
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM users u
WHERE u.id = current_setting('app.current_user_id')::INTEGER
AND u.role = 'master'
)
);
-- Users can see themselves
CREATE POLICY users_self_select ON users
FOR SELECT
TO PUBLIC
USING (id = current_setting('app.current_user_id')::INTEGER);
-- RLS Policies for tasks table
-- Master can see all tasks
CREATE POLICY tasks_master_all ON tasks
FOR ALL
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM users u
WHERE u.id = current_setting('app.current_user_id')::INTEGER
AND u.role = 'master'
)
);
-- Users can see tasks they created
CREATE POLICY tasks_creator_select ON tasks
FOR SELECT
TO PUBLIC
USING (created_by = current_setting('app.current_user_id')::INTEGER);
-- Users can see tasks assigned to them
CREATE POLICY tasks_assigned_select ON tasks
FOR SELECT
TO PUBLIC
USING (assigned_to = current_setting('app.current_user_id')::INTEGER);
-- Users can create tasks
CREATE POLICY tasks_create ON tasks
FOR INSERT
TO PUBLIC
WITH CHECK (created_by = current_setting('app.current_user_id')::INTEGER);
-- Users can update their own tasks
CREATE POLICY tasks_update_own ON tasks
FOR UPDATE
TO PUBLIC
USING (
created_by = current_setting('app.current_user_id')::INTEGER
OR assigned_to = current_setting('app.current_user_id')::INTEGER
);
-- RLS Policies for steps table
-- Master can see all steps
CREATE POLICY steps_master_all ON steps
FOR ALL
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM users u
WHERE u.id = current_setting('app.current_user_id')::INTEGER
AND u.role = 'master'
)
);
-- Users can see steps for tasks they have access to
CREATE POLICY steps_task_access ON steps
FOR SELECT
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM tasks t
WHERE t.id = steps.task_id
AND (
t.created_by = current_setting('app.current_user_id')::INTEGER
OR t.assigned_to = current_setting('app.current_user_id')::INTEGER
)
)
);
-- Users can create steps for their tasks
CREATE POLICY steps_create ON steps
FOR INSERT
TO PUBLIC
WITH CHECK (
EXISTS (
SELECT 1 FROM tasks t
WHERE t.id = steps.task_id
AND (
t.created_by = current_setting('app.current_user_id')::INTEGER
OR t.assigned_to = current_setting('app.current_user_id')::INTEGER
)
)
);
-- Users can update steps for their tasks
CREATE POLICY steps_update ON steps
FOR UPDATE
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM tasks t
WHERE t.id = steps.task_id
AND (
t.created_by = current_setting('app.current_user_id')::INTEGER
OR t.assigned_to = current_setting('app.current_user_id')::INTEGER
)
)
);
-- RLS Policies for memories table
-- Master can see all memories
CREATE POLICY memories_master_all ON memories
FOR ALL
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM users u
WHERE u.id = current_setting('app.current_user_id')::INTEGER
AND u.role = 'master'
)
);
-- Users can see their own memories
CREATE POLICY memories_user_select ON memories
FOR SELECT
TO PUBLIC
USING (user_id = current_setting('app.current_user_id')::INTEGER);
-- Users can see memories for tasks they have access to
CREATE POLICY memories_task_access ON memories
FOR SELECT
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM tasks t
WHERE t.id = memories.task_id
AND (
t.created_by = current_setting('app.current_user_id')::INTEGER
OR t.assigned_to = current_setting('app.current_user_id')::INTEGER
)
)
);
-- Users can create memories
CREATE POLICY memories_create ON memories
FOR INSERT
TO PUBLIC
WITH CHECK (user_id = current_setting('app.current_user_id')::INTEGER);
-- RLS Policies for logs table
-- Master can see all logs
CREATE POLICY logs_master_all ON logs
FOR ALL
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM users u
WHERE u.id = current_setting('app.current_user_id')::INTEGER
AND u.role = 'master'
)
);
-- Users can see logs for tasks they have access to
CREATE POLICY logs_task_access ON logs
FOR SELECT
TO PUBLIC
USING (
EXISTS (
SELECT 1 FROM tasks t
WHERE t.id = logs.task_id
AND (
t.created_by = current_setting('app.current_user_id')::INTEGER
OR t.assigned_to = current_setting('app.current_user_id')::INTEGER
)
)
);
-- Users can see their own logs
CREATE POLICY logs_user_select ON logs
FOR SELECT
TO PUBLIC
USING (user_id = current_setting('app.current_user_id')::INTEGER);
-- Logs are append-only for users
CREATE POLICY logs_create ON logs
FOR INSERT
TO PUBLIC
WITH CHECK (user_id = current_setting('app.current_user_id')::INTEGER);
-- Triggers for updated_at timestamps
CREATE OR REPLACE FUNCTION update_updated_at_column()
RETURNS TRIGGER AS $$
BEGIN
NEW.updated_at = CURRENT_TIMESTAMP;
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
CREATE TRIGGER update_users_updated_at BEFORE UPDATE ON users
FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
CREATE TRIGGER update_tasks_updated_at BEFORE UPDATE ON tasks
FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
CREATE TRIGGER update_steps_updated_at BEFORE UPDATE ON steps
FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
-- Insert default master user
INSERT INTO users (username, role, permissions)
VALUES ('master', 'master', '{"all": true}')
ON CONFLICT (username) DO NOTHING;
-- Grant necessary permissions
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO PUBLIC;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO PUBLIC;