Data Model
Relational model optimized for auditability, immutability, and tenant isolation.
Core Entities
Section titled “Core Entities”Tenants
Section titled “Tenants”tenant_id(PK) - Unique tenant identifiername- Tenant namestatus- Tenant status (active, suspended, deleted)created_at- Creation timestampmetadata- JSON metadata
Products
Section titled “Products”product_id(PK) - Unique product identifiername- Product namecreated_at- Creation timestampmetadata- JSON metadata
Releases
Section titled “Releases”release_id(PK) - Unique release identifierproduct_id(FK) - Product referencechannel- Release channel (stable, beta, etc.)version- Version stringpublished_at- Publication timestamprevoked_at- Revocation timestamp (nullable)status- Release status (ACTIVE, REVOKED)metadata- JSON metadata
Release Artifacts
Section titled “Release Artifacts”release_artifact_id(PK) - Unique artifact reference identifierrelease_id(FK) - Release referenceartifact_id(FK) - Artifact referenceplatform- Platform (windows, linux, macos)arch- Architecture (x64, arm64, etc.)installer_type- Installer type (msi, msix, zip, etc.)requires_admin- Admin privileges required (boolean)
Artifact Storage
Section titled “Artifact Storage”Artifacts
Section titled “Artifacts”artifact_id(PK) - Unique artifact identifiersource_type- Source type (MANAGED, EXTERNAL)sha256- SHA-256 checksumsize_bytes- File size in bytesstorage_path- Storage path (for MANAGED artifacts)external_url- External URL (for EXTERNAL artifacts)status- Verification statusverified_at- Verification timestamp
Update Policy
Section titled “Update Policy”Tenant Product Policies
Section titled “Tenant Product Policies”policy_id(PK) - Unique policy identifiertenant_id(FK) - Tenant referenceproduct_id(FK) - Product referencechannel- Channel nameaction- Update action (NONE, NOTIFY, DOWNLOAD, INSTALL)conditions- JSON conditionspriority- Policy prioritycreated_at- Creation timestampupdated_at- Update timestamp
Blocked Versions
Section titled “Blocked Versions”blocklist_id(PK) - Unique blocklist entry identifiertenant_id(FK) - Tenant referenceproduct_id(FK) - Product referenceblocked_version- Blocked version stringreason- Block reasoncreated_at- Creation timestamp
Rollouts
Section titled “Rollouts”Channel Rollouts
Section titled “Channel Rollouts”rollout_id(PK) - Unique rollout identifierproduct_id(FK) - Product referencechannel- Channel namerelease_id(FK) - Release referencepercentage- Rollout percentage (0-100)status- Rollout status (active, paused, completed, killed)created_at- Creation timestampupdated_at- Update timestamp
Licensing
Section titled “Licensing”Entitlements
Section titled “Entitlements”entitlement_id(PK) - Unique entitlement identifiertenant_id(FK) - Tenant referenceproduct_id(FK) - Product referencepolicy_json- License policy JSONstarts_at- Start timestampends_at- End timestamp (nullable)created_at- Creation timestampupdated_at- Update timestamp
License Leases
Section titled “License Leases”lease_id(PK) - Unique lease identifierentitlement_id(FK) - Entitlement referencesubject_type- Subject type (user, machine, device)subject_id- Subject identifierissued_at- Issue timestampexpires_at- Expiration timestamptoken_hash- Token hash for verification
Seat Assignments
Section titled “Seat Assignments”seat_assignment_id(PK) - Unique seat assignment identifierentitlement_id(FK) - Entitlement referencesubject_type- Subject type (user, machine, device)subject_id- Subject identifierassigned_at- Assignment timestampassigned_by- Assigner identifierrevoked_at- Revocation timestamp (nullable)revoked_by- Revoker identifier (nullable)
Note: Seat assignments are used when seat_assignment_mode: "explicit" is set in the entitlement policy. When seat_assignment_mode: "automatic" (default), seats are tracked automatically through active leases.
Snapshots & Mirrors
Section titled “Snapshots & Mirrors”Snapshots
Section titled “Snapshots”snapshot_id(PK) - Unique snapshot identifiertenant_id(FK) - Tenant referencecreated_at- Creation timestampsignature- Cryptographic signaturemanifest- Snapshot manifest JSON
Mirror Instances
Section titled “Mirror Instances”mirror_id(PK) - Unique mirror identifiertenant_id(FK) - Tenant referencevendor_url- Vendor control plane URLcredential_token- Mirror credential token (encrypted)allowed_channels- JSON array of allowed channelsstatus- Mirror status (active, inactive, error)last_sync_at- Last sync timestamplast_snapshot_id- Last synced snapshot identifiercreated_at- Creation timestampupdated_at- Update timestamp
Audit Events
Section titled “Audit Events”event_id(PK) - Unique event identifiertenant_id(FK) - Tenant reference (nullable)actor_type- Actor type (user, service_account, system)actor_id- Actor identifierevent_type- Event typepayload- JSON event payloadcreated_at- Event timestamp
Relationships
Section titled “Relationships”- Tenants → Products (one-to-many)
- Products → Releases (one-to-many)
- Releases → Release Artifacts (one-to-many)
- Artifacts → Release Artifacts (one-to-many)
- Tenants → Policies (one-to-many)
- Products → Policies (one-to-many)
- Tenants → Entitlements (one-to-many)
- Products → Entitlements (one-to-many)
- Entitlements → Leases (one-to-many)
- Entitlements → Seat Assignments (one-to-many)
- Tenants → Snapshots (one-to-many)
- Tenants → Mirrors (one-to-many)
Constraints
Section titled “Constraints”- Releases are append-only (cannot be modified, only revoked)
- Policies are versioned (history maintained)
- Entitlements cannot overlap for same tenant/product
- Seat assignments enforce
max_seatslimit whenseat_assignment_mode: "explicit" - Snapshots are immutable once created
- Audit events are append-only