Data Model Overview
This is the compact map of the durable objects that matter most in the current repo.
It is not a schema dump. It is the minimum useful orientation for technical readers.
The important split
The current repo has four important durable object families:
- Studio authoring and approval
- Zero-config runtime plan state
- Replay runtime control-plane state
- Execution history and references
That split matters because the browser workbench, the zero-config runtime, and the runtime control plane do not all read from the same rows.
1. Studio authoring and approval
These are the durable objects behind Governance Studio.
GovernanceWorkspace
Top-level Studio scope for one tenant, agent, and environment.
Important fields:
agentenvironmentstatusruntime_authority_kindactive_draft_idactive_draft_snapshot_idactive_approval_id
This is the stable anchor for the Studio lineage.
BusinessSource
Immutable source material attached to a workspace.
Examples:
- observed runs
- prompt snapshots
- tool schemas
- uploaded docs
- pasted rules
- manual notes
- customer corrections
Important fields:
kindtitlecontent_hashsecurity_statusingestion_statusprovenance_json
BusinessDraft
Editable authoring lineage for a workspace.
Important fields:
statusactive_snapshot_idcurrent_versionparent_draft_idderived_from_approval_id
BusinessDraftSnapshot
Immutable versioned snapshot of a draft.
Important fields:
versionstatusmemory_jsonsource_snapshot_hashcommand_history_hashgeneration_profilecompiler_version
If you want to know what was actually under review at one point in time, this is the core record.
BusinessCommand
Append-only typed command log for Studio writes.
Important fields:
command_typeexpected_draft_versionpayload_jsonoriginactor_ididempotency_keyvalidation_stateapplied_at
GovernanceApproval
Immutable approval record for one specific draft snapshot.
Important fields:
draft_snapshot_idapproval_versionapproved_byapproved_atsource_snapshot_hashcommand_history_hashcompiler_versionapproval_proof_json
CompiledGovernanceArtifact
Immutable compiled output linked 1:1 to an approval.
Important fields:
approval_idcompiled_hashreview_projection_jsonruntime_projection_jsoncompat_projection_json
ApprovalRuntimeReceipt
Immutable receipt showing that runtime comparison executed at least once for an approval lineage.
This matters because a clean comparison can exist even when there are zero DriftItem rows.
DriftItem
Post-approval divergence record.
Important fields:
approval_idtarget_reffingerprintseveritystatussummary
Drift does not mutate approval truth in place. It creates review work.
EvidenceEntry
Workspace-scoped evidence health accumulator.
Important fields:
source_snapshot_hashscopetarget_reffamilysupport_countcontradiction_countfreshnesslast_observed_at
2. Zero-config runtime plan state
These are the durable rows behind the hosted zero-config runtime lookup.
GovernancePlan
Environment-scoped runtime plan object used by:
GET /api/v1/governance/plan?agent=<agent>&environment=<env>
Important fields:
agentenvironmentstatusobservationsconfidencetool_inventorytools_observedinferred_sessionpolicy_layerworkflow_truthcompiled_plancompiled_sessioncompiled_hashapproved_byapproved_atversion
Key statuses:
LEARNINGREADYAPPROVEDENFORCING
This is the row the zero-config runtime consults at startup. It is not the same object as the Studio approval rows.
3. Replay runtime control-plane state
These are the durable objects behind Govern mode and the hosted replay runtime APIs.
ReplaySession
Canonical durable runtime session record.
Important fields:
session_idagentmodetierstatuscontract_hashcompiled_session_hashstate_versioncontrol_revisioncurrent_phasetotal_tool_callstotal_step_counttotal_costtotal_unguarded_callslabelscompromised_atkilled_at
ReplayPreparedRequest
Durable preflight record for one governed request.
Important fields:
prepared_request_idrequest_seqstate_versioncontrol_revisionrequest_hashprepared_request_jsonnarrowing_jsonconsumed_at
When workflow governance is active, this row also stores the workflow tuple binding.
ReplayPendingCall
Durable ledger entry for a proposed governed tool call.
Important fields:
step_idtool_call_idtool_namearguments_hashcommit_requirementexecution_stateevidence_levelcommit_statestatus
ReplayExecutionReceipt
Durable receipt for a governed execution.
Important fields:
pending_call_idtool_nameidempotency_keystatusevidence_leveloutput_hashexternal_refstarted_atcompleted_at
ReplaySessionSnapshot
Materialized snapshot of session state rebuilt from the event stream.
ReplayDecisionEvent
Append-only runtime lifecycle event log for authoritative and advisory replay activity.
ReplaySessionLease
Fence-based single-writer lease for authoritative runtime sessions.
ReplayWorkflow
Top-level durable workflow record for multi-session governance.
Important fields:
workflow_idroot_session_idstatuscompiled_workflow_hashlimits_jsonstate_versioncontrol_revisiontotal_session_countactive_session_counttotal_step_counttotal_costtotal_handoff_countunresolved_handoff_countkill_scope
There are additional workflow tables for events, links, handoffs, resource claims, and budget reservations. The top-level point is that workflow governance is a real durable control-plane envelope in this repo, not just an SDK convenience.
4. Execution history and references
These are the durable objects behind runs, captures, inference, and references.
Run
Top-level execution record.
Important fields:
run_idstatusprovidermodel_idbaseline_keystrict_hashrun_mode_laneprovider_modecorpus_manifest_hash
Step
Per-step execution and evaluation detail inside a run.
Important fields:
statuscontract_pathcontract_toolstep_indextool_call_namesfingerprintresponse_shape_hash
CapturedCall
Hosted capture record for observed runtime traffic.
Important fields:
agentprovidermodel_idprimary_tool_namerequestresponsevalidationsdk_session_idreplay_trace
InferredContract
Tenant-scoped inferred contract state derived from captures and customer overrides.
Important fields:
agenttool_nameprovidermodel_idcontract_yamlinvariantstool_schemasample_countcustomer_invariantspassing_capture_id
Baseline
Reference and trust object used for comparisons over time.
Important fields:
baseline_keystatesuccess_countpromoted_atstale_atretired_atpromotion_corpus_manifest_hashprovidermodel_id
States:
CANDIDATEACTIVESTALERETIRED
What is not a durable model
The Phase 7 Studio workbench is built from read models, not new authority tables.
Examples:
- Atlas
- Control
- Focus
- approval preview
- impact preview
- conformance findings
These are read-only projections assembled by the Studio query layer and the workbench loader. They sit on top of the durable objects above. They are not a separate truth store.
That distinction matters:
- durable rows hold authority, lineage, approvals, and runtime state
- workbench views are projections over those rows
Minimal relationship map
flowchart TD
Workspace["GovernanceWorkspace"] --> Draft["BusinessDraft"]
Workspace --> Source["BusinessSource"]
Workspace --> Evidence["EvidenceEntry"]
Draft --> Snapshot["BusinessDraftSnapshot"]
Draft --> Command["BusinessCommand"]
Snapshot --> Approval["GovernanceApproval"]
Approval --> Artifact["CompiledGovernanceArtifact"]
Approval --> Receipt["ApprovalRuntimeReceipt"]
Approval --> Drift["DriftItem"]
Plan["GovernancePlan"] --> PlanArtifact["compiled_session / compiled_hash"]
ReplaySession["ReplaySession"] --> Prepared["ReplayPreparedRequest"]
ReplaySession --> Pending["ReplayPendingCall"]
Pending --> ExecReceipt["ReplayExecutionReceipt"]
ReplaySession --> SessionSnapshot["ReplaySessionSnapshot"]
ReplaySession --> ReplayWorkflow["ReplayWorkflow"]
Run["Run"] --> Step["Step"]
Captured["CapturedCall"] --> Inferred["InferredContract"]
Run --> Baseline["Baseline"]
Why this matters
Use this page to answer:
- where does Studio approval live?
- where does zero-config runtime attachment read from?
- where does governed runtime state live?
- what is a durable row versus a workbench projection?
- what object is the reference system built on?
If you need field-level detail, go to the schema directly. This page is for orientation.