Skip to content

ReefLogic::common_proto API Reference

This page is generated from the protobuf sources under 1000_shared/001_models/proto and the per-service proto files in 2000_server/. Each Package section below lists the messages, enums, and gRPC services in that package with field tags, types, labels, and the inline comments authored in the .proto files. Use the Packages at a Glance table to jump to a package; horizontal dividers separate package boundaries.

Generated on 2026-05-11T13:01:57.289Z.

Proto files processed: 14

Packages at a Glance

Package Source
reeflogic.admin.v1 1000_shared/001_models/proto/common/admin.proto
reeflogic.client_oidc.v1 1000_shared/001_models/proto/common/client_oidc.proto
reeflogic.cmd.v1 1000_shared/001_models/proto/common/cmd.proto
reeflogic.common.v1 1000_shared/001_models/proto/common/common.proto
reeflogic.grant.v1 1000_shared/001_models/proto/common/grant.proto
reeflogic.oidc.v1 1000_shared/001_models/proto/common/oidc.proto
reeflogic.permission.v1 1000_shared/001_models/proto/common/permission.proto
reeflogic.query.v1 1000_shared/001_models/proto/common/query.proto
reeflogic.role.v1 1000_shared/001_models/proto/common/role.proto
reeflogic.tenant.v1 1000_shared/001_models/proto/common/tenant.proto
reeflogic.server.v1 2000_server/050_server/proto/reef_survey_service.proto
reeflogic.admin.v1 2000_server/100_server_admin/proto/reef_admin_service.proto
reeflogic.init.v1 2000_server/100_server_admin/proto/reef_init_service.proto
reeflogic.status.v1 2000_server/100_server_admin/proto/reef_status_service.proto

Package reeflogic.admin.v1

Source proto: 1000_shared/001_models/proto/common/admin.proto

Imports

  • common/common.proto
  • common/oidc.proto

Messages

ServerStatus

tell us about the admin server status

Tag Field Type Label Description
1 initialized bool - am I initialized
2 version_major int32 - which major version am I running
3 version_minor int32 - which minor version am I running
4 version_patch int32 - which patch version am I running
5 commit_hash string - which commit hash am I running
6 public_key reeflogic.common.v1.MLKEMPublicKey - MLKEM public key for cipher
7 admin_oidc_provider reeflogic.oidc.v1.OidcProvider optional Public ADMIN-scope OIDC config (only set when initialized = true). Lets a fresh admin client run PKCE login against the same IdP without having to re-type the issuer/client_id/audience. The server omits the introspection_client_secret here; only the public fields are surfaced.

ReefInitialize

Initial setup of the admin server. OIDC-only after the LDAP rip-out. The server validates the bearer token against proposed_admin_provider; if validation fails, init fails closed. Subsequent provider and role management is then performed through ReefAdminService.

Tag Field Type Label Description
1 proposed_admin_provider reeflogic.oidc.v1.OidcProvider - Proposed admin-scope OIDC config; scope MUST be SCOPE_ADMIN, tenant_uuid MUST be unset.
2 oidc_access_token string - Bearer access token from the client's PKCE login against proposed_admin_provider.
3 install_secret string - Out-of-band install secret consumed from t_bootstrap_state. One-shot.
4 client_kem_public_key bytes - Ephemeral client ML-KEM public key so the server can wrap the response back to the client. Server's transient pubkey is published via ReefStatusService.is_initialized.
5 pin_wrapped_dek bytes optional Optional client-side profile escrow material. Both blobs are produced on the client and stored opaquely on the server in t_subject_profile_escrow. DEK wrapped with PIN-derived KEK on the client
6 encrypted_client_profile bytes optional ClientOidcProfile blob, AES-256-GCM under DEK
7 pin_kem_envelope bytes optional Recovery PIN, KEM-wrapped to the server's published ML-KEM public key (ServerStatus.public_key). When present, the server deciphers with its private key and re-encrypts under the master key + a fresh per-row salt for storage in t_subject_profile_escrow.pin_ciphertext. Required for self-service profile recovery; absent when the user opted out of PIN escrow.

Package reeflogic.client_oidc.v1

Source proto: 1000_shared/001_models/proto/common/client_oidc.proto

Imports

  • common/oidc.proto

Messages

ClientOidcConfig

Provider-app registration details that the IdP requires from the client. Mirrors OidcProvider/OidcConnection from oidc.proto but adds the client-app fields (client_id, requested scopes, redirect URI template, groups claim name) that the server-side configuration does not own. Client-side OIDC profile shapes. These messages describe state stored on the Qt admin client only. They are never read by the server. The encrypted blob persisted to disk by ClientOidcProfileStore is the wire form of ClientOidcProfile. The same blob may also be uploaded to the server inside ReefInitialize.encrypted_client_profile (bytes, opaque to the server) where it is stored in t_subject_profile_escrow.profile_ciphertext for operator-driven recovery.

Tag Field Type Label Description
1 provider_uuid string - Server-side identifiers 342200224 copied from t_identity_providers / t_identity_provider_oidcs. idp-...
2 scope reeflogic.oidc.v1.OidcProvider.Scope - ADMIN | TENANT
3 tenant_uuid string - tnt-... (set iff scope == SCOPE_TENANT)
4 issuer string - -
5 audience string - -
6 client_id string - Client-app registration on the IdP 342200224 NOT in the server schema.
7 requested_scopes string repeated e.g. ["openid","profile","email","offline_access","urn:reeflogic:roles"]
8 redirect_uri_template string - e.g. "http://127.0.0.1:{port}/callback"
9 groups_claim_name string - default "urn:reeflogic:roles"

ClientOidcDiscoveryCache

Cached endpoints + JWKS so the client can validate access tokens locally without hitting the IdP on every restart. Refreshed periodically and on signature-validation failure.

Tag Field Type Label Description
1 authorization_endpoint string - -
2 token_endpoint string - -
3 userinfo_endpoint string - -
4 introspection_endpoint string - -
5 end_session_endpoint string - -
6 jwks_json string - raw cached JWKS document
7 jwks_fetched_unix_seconds int64 - -
8 discovery_fetched_unix_seconds int64 - -

ClientOidcSession

Live session state 342200224 rotates often. Tokens themselves never live in this message; only opaque keychain references do (the actual token bytes are in the OS keychain via AdminProfilePinStore).

Tag Field Type Label Description
1 subject_id string - iss|sub 342200224 the stable backend identity key
2 display_name string - optional UI helper
3 mail string - optional UI helper
4 access_token_keychain_ref string - Keychain entry names. Token bytes are never written to the encrypted profile blob 342200224 only the references are.
5 refresh_token_keychain_ref string - -
6 access_token_exp_unix_seconds int64 - -
7 refresh_token_exp_unix_seconds int64 - 0 if the IdP did not advertise it
8 token_type string - typically "Bearer"
9 resolved_group_uuids string repeated Group ids resolved at last successful login (cache of t_roles.uuid set for the active scope). Authoritative resolution happens server-side on every authenticated call; this cache is for UI state only.
10 last_successful_login_unix_seconds int64 - -

ClientOidcProfile

Top-level message persisted by ClientOidcProfileStore. Encrypted at rest with a PIN-derived AES-256-GCM key (PBKDF2-HMAC-SHA512 342206222 32-byte KEK).

Tag Field Type Label Description
1 config ClientOidcConfig - -
2 discovery ClientOidcDiscoveryCache - -
3 session ClientOidcSession - -

Package reeflogic.cmd.v1

Source proto: 1000_shared/001_models/proto/common/cmd.proto

Imports

  • google/protobuf/descriptor.proto
  • google/protobuf/empty.proto
  • google/rpc/status.proto
  • common/permission.proto
  • common/role.proto
  • common/grant.proto
  • common/oidc.proto
  • common/tenant.proto

Messages

AdminExecuteRequest

Tag Field Type Label Description
1 request_id string - -
2 client_version string optional -
3 kind AdminCommandKind - -
4 permission_view reeflogic.permission.v1.PermissionQueryRequest - permission view
5 role_view reeflogic.role.v1.RoleQueryRequest - role view
6 role_create reeflogic.role.v1.RoleCreateRequest - role create
7 role_delete reeflogic.role.v1.RoleDeleteRequest - role delete
8 role_update reeflogic.role.v1.RoleUpdateRequest - role update
9 oidc_provider_view reeflogic.oidc.v1.OidcProviderQueryRequest - oidc provider view
10 oidc_provider_update reeflogic.oidc.v1.OidcProviderUpdateRequest - oidc provider update
11 role_copy reeflogic.role.v1.RoleCopyRequest - role copy
12 grant_view reeflogic.grant.v1.GrantQueryRequest - grant view
13 grant_create reeflogic.grant.v1.GrantCreateRequest - grant create
14 grant_update reeflogic.grant.v1.GrantUpdateRequest - grant update
15 grant_delete reeflogic.grant.v1.GrantDeleteRequest - grant delete
16 tenant_view reeflogic.tenant.v1.TenantQueryRequest - tenant view
17 tenant_create reeflogic.tenant.v1.TenantCreateRequest - tenant create
18 tenant_update reeflogic.tenant.v1.TenantUpdateRequest - tenant update
19 tenant_retire reeflogic.tenant.v1.TenantRetireRequest - tenant soft retire
20 tenant_delete reeflogic.tenant.v1.TenantDeleteRequest - tenant hard delete

AdminExecuteReply

Tag Field Type Label Description
1 request_id string - -
2 status google.rpc.Status - -
3 permission_view reeflogic.permission.v1.PermissionQueryReply - permission view reply
4 role_view reeflogic.role.v1.RoleQueryReply - role view reply
5 role_create reeflogic.role.v1.RoleQueryReply - role create reply
6 role_delete google.protobuf.Empty - OK role delete
7 role_update reeflogic.role.v1.RoleQueryReply - role update reply
8 oidc_provider_view reeflogic.oidc.v1.OidcProviderQueryReply - oidc provider view reply
9 oidc_provider_update reeflogic.oidc.v1.OidcProviderUpdateReply - oidc provider update reply
10 role_copy reeflogic.role.v1.RoleQueryReply - role copy reply
11 grant_view reeflogic.grant.v1.GrantQueryReply - grant view reply
12 grant_create reeflogic.grant.v1.GrantQueryReply - grant create reply
13 grant_update reeflogic.grant.v1.GrantQueryReply - grant update reply
14 grant_delete google.protobuf.Empty - OK grant delete
15 tenant_view reeflogic.tenant.v1.TenantQueryReply - tenant view reply
16 tenant_create reeflogic.tenant.v1.TenantQueryReply - tenant create reply
17 tenant_update reeflogic.tenant.v1.TenantQueryReply - tenant update reply
18 tenant_retire google.protobuf.Empty - OK tenant retire
19 tenant_delete google.protobuf.Empty - OK tenant delete

RuntimeExecuteRequest

Tag Field Type Label Description
1 request_id string - -
2 client_version string optional -
3 kind RuntimeCommandKind - -
4 survey_view google.protobuf.Empty - -

RuntimeExecuteReply

Tag Field Type Label Description
1 request_id string - -
2 status google.rpc.Status - oneof result

Enums

AdminCommandKind

---------------- ADMIN ---------------- The OIDC admin provider is the singleton ADMIN-scope row created by ReefInitService.initialize. The admin command surface only needs VIEW and UPDATE; CREATE and DELETE are deliberately not exposed (the row is minted at bootstrap time and torn down only via server-host break-glass).

Name Value Description
ADMIN_COMMAND_KIND_UNSPECIFIED 0 -
ADMIN_COMMAND_PERMISSION_VIEW 1 -
ADMIN_COMMAND_ROLE_VIEW 2 -
ADMIN_COMMAND_ROLE_CREATE 3 -
ADMIN_COMMAND_ROLE_DELETE 4 -
ADMIN_COMMAND_ROLE_UPDATE 5 -
ADMIN_COMMAND_OIDC_PROVIDER_VIEW 6 -
ADMIN_COMMAND_OIDC_PROVIDER_UPDATE 7 -
ADMIN_COMMAND_ROLE_COPY 8 -
ADMIN_COMMAND_GRANT_VIEW 9 -
ADMIN_COMMAND_GRANT_CREATE 10 -
ADMIN_COMMAND_GRANT_UPDATE 11 -
ADMIN_COMMAND_GRANT_DELETE 12 -
ADMIN_COMMAND_TENANT_VIEW 13 -
ADMIN_COMMAND_TENANT_CREATE 14 -
ADMIN_COMMAND_TENANT_UPDATE 15 -
ADMIN_COMMAND_TENANT_RETIRE 16 RETIRE is a soft-delete (sets valid_until=now()); routes through the Update permission bit so operators can wind tenants down without holding the destructive Delete bit. DELETE is the destructive path and triggers ON DELETE CASCADE on t_identity_providers and t_roles.
ADMIN_COMMAND_TENANT_DELETE 17 -

RuntimeCommandKind

---------------- RUNTIME ----------------

Name Value Description
RUNTIME_COMMAND_KIND_UNSPECIFIED 0 -
RUNTIME_COMMAND_SURVEY_VIEW 1 -

Package reeflogic.common.v1

Source proto: 1000_shared/001_models/proto/common/common.proto

Messages

ReefSiteId

Tag Field Type Label Description
1 value string - -

GeoPoint

Tag Field Type Label Description
1 latitude double - -
2 longitude double - -
3 depth_meters double - -

AuditInfo

Tag Field Type Label Description
1 created_by string - -
2 created_unix_seconds int64 - -
3 updated_unix_seconds int64 - -

Pagination

Tag Field Type Label Description
1 page_size uint32 - -
2 page_token string - -

PagedResultMetadata

Tag Field Type Label Description
1 next_page_token string - -
2 total_items uint32 - -

MLKEMPublicKey

Tag Field Type Label Description
1 public_key bytes - -

Package reeflogic.grant.v1

Source proto: 1000_shared/001_models/proto/common/grant.proto

Imports

  • google/protobuf/timestamp.proto
  • common/query.proto

Messages

Grant

One row of t_role_grants joined with the role and the permission it links so the client can render it without a second round-trip. The uuid prefix is the schema default 'rog-' (varchar(40)); role_uuid and perm_uuid are the public identifiers of the joined rows. The resolved role_origin lets the client gate Update/Delete on TEMPLATE rows up front (the server still rejects mutations server-side).

Tag Field Type Label Description
1 id int64 - -
2 created_on google.protobuf.Timestamp - -
3 modified_on google.protobuf.Timestamp - -
4 uuid string - -
5 role_uuid string - -
6 role_name string - -
7 role_origin string - 'TEMPLATE' | 'CUSTOM'
8 perm_uuid string - -
9 perm_label string - -
10 perm_domain string - -
11 mask uint64 - CRUDX bitfield: C=1, R=2, U=4, D=8, X=16
12 valid_until google.protobuf.Timestamp optional -

GrantData

Editable surface for grant create/update. The (role_uuid, perm_uuid) pair is the natural identity of a grant row and is treated as immutable by the server: Create writes both; Update only mutates mask and valid_until (server-side ValidateGrantWriteData rejects changes to role_uuid / perm_uuid on the update path).

Tag Field Type Label Description
1 role_uuid string - -
2 perm_uuid string - -
3 mask uint64 - -
4 valid_until google.protobuf.Timestamp optional -

GrantQueryRequest

Paged read with optional role-uuid filter. When role_uuid is set the server restricts results to grants attached to that role; the free-text query searches over perm.label and role.name.

Tag Field Type Label Description
1 query reeflogic.query.v1.Query - -
2 role_uuid string optional -

GrantCreateRequest

Tag Field Type Label Description
1 grant_data GrantData - -

GrantUpdateRequest

Tag Field Type Label Description
1 grant_uuid string - -
2 grant_data GrantData - -

GrantDeleteRequest

Tag Field Type Label Description
1 grant_uuid string repeated -

GrantQueryReply

Tag Field Type Label Description
1 query_result reeflogic.query.v1.QueryResult - -
2 grant Grant repeated -

Package reeflogic.oidc.v1

Source proto: 1000_shared/001_models/proto/common/oidc.proto

Imports

  • common/query.proto

Messages

OidcConnection

OIDC identity provider connection configuration. Mirrors t_identity_provider_oidcs. Convention for this file: server-assigned identifiers use optional (explicit presence). All other scalars use plain proto3 342200224 a zero / empty value means "apply the DB default" defined in 2000_server/001_db/postgres/V1.0_0000__creation.sql.

Tag Field Type Label Description
1 uuid string optional server-assigned (oid-...); unset on create
2 idp_uuid string optional server-assigned (idp-...); unset on create
3 issuer string - Token validation anchors 342200224 required, NOT NULL in DB. expected iss claim
4 audience string - expected aud claim
5 use_discovery bool - Discovery & endpoint overrides (RFC 8414 / OpenID Connect Discovery 1.0). use_discovery: zero (false) => DB default true.
6 discovery_url_override string - -
7 jwks_url_override string - -
8 user_info_url_override string - -
9 introspection_url_override string - -
10 introspection_client_id string - Introspection client credentials (RFC 7662).
11 introspection_client_secret string optional ciphered during transport. Unset when reading to update settings
12 token_mode OidcConnection.TokenMode - -
13 allow_userinfo_fallback bool - Fallback behaviour. Zero (false) => DB default true for both.
14 allow_introspection_fallback bool - -
15 clock_skew_seconds int32 - Validation knobs. Zero => DB default (clock_skew_seconds=30, connect_timeout_ms=3000, read_timeout_ms=3000).
16 connect_timeout_ms int32 - -
17 read_timeout_ms int32 - -

OidcProvider

OIDC identity provider scope binding. Mirrors t_identity_providers and the admin-vs-tenant split enforced by t_identity_providers_scope_ck.

Tag Field Type Label Description
1 uuid string optional server-assigned (idp-...); unset on create
2 scope OidcProvider.Scope - required on create
3 tenant_uuid string optional t_tenants.uuid (tnt-...); required iff scope == SCOPE_TENANT
4 connection OidcConnection - -

OidcProviderQueryRequest

Admin-command message family for the OIDC provider surface. Only VIEW and UPDATE are exposed 342200224 the singleton ADMIN-scope row is minted by ReefInitService.initialize at bootstrap and never created or deleted via the admin command. Operator break-glass on the server host is the only path that resets it. Server-assigned uuids (OidcProvider.uuid, OidcConnection.uuid, OidcConnection.idp_uuid) are populated on Read/Update replies.

Tag Field Type Label Description
1 query reeflogic.query.v1.Query - -

OidcProviderQueryReply

Tag Field Type Label Description
1 query_result reeflogic.query.v1.QueryResult - -
2 provider OidcProvider repeated -

OidcProviderUpdateRequest

Tag Field Type Label Description
1 provider OidcProvider - provider.uuid required; connection.uuid required

OidcProviderUpdateReply

Tag Field Type Label Description
1 provider OidcProvider - -

Enums

TokenMode

Token validation mode 342200224 values match oidc_token_mode in the DB. OIDC_TOKEN_MODE_UNSPECIFIED (0) => DB default OIDC_TOKEN_MODE_AUTO.

Name Value Description
OIDC_TOKEN_MODE_UNSPECIFIED 0 -
OIDC_TOKEN_MODE_JWT_LOCAL 1 verify JWT signature locally via JWKS
OIDC_TOKEN_MODE_JWT_USERINFO 2 verify JWT then enrich via UserInfo
OIDC_TOKEN_MODE_OPAQUE_INTROSPECT 3 opaque token validated via introspection
OIDC_TOKEN_MODE_AUTO 4 auto-detect at runtime

Scope

Active authentication plane. ADMIN is global; TENANT is per-tenant.

Name Value Description
SCOPE_UNSPECIFIED 0 -
SCOPE_ADMIN 1 global; tenant_uuid MUST be unset
SCOPE_TENANT 2 per-tenant; tenant_uuid MUST be set

Package reeflogic.permission.v1

Source proto: 1000_shared/001_models/proto/common/permission.proto

Imports

  • google/protobuf/timestamp.proto
  • common/query.proto

Messages

Permission

Tag Field Type Label Description
1 id int64 - -
2 created_on google.protobuf.Timestamp - -
3 modified_on google.protobuf.Timestamp - -
4 uuid string - -
5 domain string - -
6 name string - -
7 description string - -

PermissionQueryRequest

Tag Field Type Label Description
1 query reeflogic.query.v1.Query - -

PermissionQueryReply

Tag Field Type Label Description
1 query_result reeflogic.query.v1.QueryResult - -
2 permission Permission repeated -

Package reeflogic.query.v1

Source proto: 1000_shared/001_models/proto/common/query.proto

Messages

Query

Tag Field Type Label Description
1 page_number int64 - -
2 page_size int64 - -
3 mode QueryMode - -
4 query string optional -

QueryResult

Tag Field Type Label Description
1 page_number int64 - -
2 page_size int64 - -
3 total_records int64 - -

Enums

QueryMode

Name Value Description
QUERY_MODE_WEB 0 -
QUERY_MODE_PLAIN 1 -
QUERY_MODE_ILIKE 2 -

Package reeflogic.role.v1

Source proto: 1000_shared/001_models/proto/common/role.proto

Imports

  • google/protobuf/timestamp.proto
  • common/query.proto

Messages

Role

Tag Field Type Label Description
1 id int64 - -
2 created_on google.protobuf.Timestamp - -
3 modified_on google.protobuf.Timestamp - -
4 uuid string - -
5 tenant_id int64 optional -
6 role string - -
7 domain string - -
8 name string - -
9 description string - -
10 valid_until google.protobuf.Timestamp optional -
11 origin string - Origin = 'TEMPLATE' (immutable platform-seeded role) or 'CUSTOM' (operator-authored). TEMPLATE rows always carry a non-empty template_key.
12 template_key string optional -

RoleQueryRequest

Tag Field Type Label Description
1 query reeflogic.query.v1.Query - -

RoleData

Tag Field Type Label Description
1 tenant_id int64 optional -
2 role string - -
3 domain string - -
4 name string - -
5 description string - -
6 valid_until google.protobuf.Timestamp optional -
7 template_key string optional OIDC mapping key. Server hardcodes origin=CUSTOM on create/copy, so this field is always optional on the write paths and applies to CUSTOM rows.
8 uuid string optional Optional operator-supplied row uuid override. Format: 'rol-', total length up to 40 characters (matches t_roles.uuid varchar(40) DEFAULT concat('rol-', gen_random_uuid())). When unset or empty, the server lets the DB DEFAULT generate the uuid as before.

RoleCreateRequest

Tag Field Type Label Description
1 role_data RoleData - -

RoleDeleteRequest

Tag Field Type Label Description
1 tenant_uuid string optional -
2 role_uuid string repeated -

RoleUpdateRequest

Tag Field Type Label Description
1 tenant_uuid string optional -
2 role_uuid string - -
3 role_data RoleData - -

RoleCopyRequest

Clones a TEMPLATE or CUSTOM admin role into a fresh CUSTOM row, copying the source row's grants atomically. The caller-supplied RoleData carries the new identity (name, description, optional template_key); the server auto-generates the new uuid via the t_roles uuid DEFAULT.

Tag Field Type Label Description
1 source_role_uuid string - -
2 role_data RoleData - -

RoleQueryReply

Tag Field Type Label Description
1 query_result reeflogic.query.v1.QueryResult - -
2 role Role repeated -

Package reeflogic.tenant.v1

Source proto: 1000_shared/001_models/proto/common/tenant.proto

Imports

  • google/protobuf/timestamp.proto
  • common/query.proto
  • common/oidc.proto

Messages

Tenant

Read view of t_tenants joined with the per-tenant OIDC identity provider (t_identity_providers SCOPE_TENANT row + its t_identity_provider_oidcs connection). Every healthy tenant row carries a populated oidc_provider because tenants are created with their OIDC binding in one transaction. The introspection_client_secret ciphertext is intentionally never surfaced on read 342200224 operators must retype the secret to change it. Convention for this file follows common/oidc.proto: - server-assigned identifiers use optional (explicit presence) - all other scalars use plain proto3 342200224 a zero / empty value means "apply the DB default" defined in 2000_server/001_db/postgres/V1.0_0000__creation.sql

Tag Field Type Label Description
1 id int64 - -
2 created_on google.protobuf.Timestamp - -
3 modified_on google.protobuf.Timestamp - -
4 uuid string - server-assigned (tnt-...)
5 tenant string - unique logical identifier
6 display_name string - -
7 valid_until google.protobuf.Timestamp optional -
8 oidc_provider reeflogic.oidc.v1.OidcProvider - -

TenantData

Mutable payload shared by create/update. The server stamps oidc_provider.scope = SCOPE_TENANT and binds the connection to the row inserted into t_identity_providers; the proto carries only the connection-shaped fields.

Tag Field Type Label Description
1 tenant string - unique logical identifier
2 display_name string - -
3 valid_until google.protobuf.Timestamp optional -
4 uuid string optional Optional operator-supplied row uuid override. Format: 'tnt-', total length up to 40 characters (matches t_tenants.uuid varchar(40) DEFAULT concat('tnt-', gen_random_uuid())). When unset or empty, the server lets the DB DEFAULT generate the uuid.
5 oidc_connection reeflogic.oidc.v1.OidcConnection - Required per-tenant OIDC connection. The server inserts the SCOPE_TENANT t_identity_providers row and the matching t_identity_provider_oidcs row in the same transaction as the t_tenants insert. On update, the server reuses the persisted connection row identified by tenant uuid. introspection_client_secret follows the same blank-keeps-existing semantics as the global ADMIN-scope OIDC update path (see common/oidc.proto for the field-level convention).

TenantQueryRequest

Admin-command message family for the tenant surface. Search/Create/Update/Retire/Delete map to AdminCommandKind values 1334220022317. Server-assigned uuids (Tenant.uuid, Tenant.oidc_provider.uuid, Tenant.oidc_provider.connection.uuid) are populated on Create/Update replies.

Tag Field Type Label Description
1 query reeflogic.query.v1.Query - -

TenantQueryReply

Tag Field Type Label Description
1 query_result reeflogic.query.v1.QueryResult - -
2 tenant Tenant repeated -

TenantCreateRequest

Tag Field Type Label Description
1 tenant_data TenantData - tenant_data.oidc_connection required

TenantUpdateRequest

Tag Field Type Label Description
1 tenant_uuid string - tnt-... of the row to mutate
2 tenant_data TenantData - oidc_connection required

TenantRetireRequest

Soft retire 342200224 sets t_tenants.valid_until = now() for each uuid. The row stays for audit; the per-tenant OIDC binding is left untouched so active sessions continue to validate while the operator winds the tenant down. Routes through the Update permission (mask=4) so operators with edit rights can retire without holding the destructive Delete bit.

Tag Field Type Label Description
1 tenant_uuid string repeated -

TenantDeleteRequest

Hard delete 342200224 removes t_tenants rows. ON DELETE CASCADE on t_identity_providers.tenant_id and t_roles.tenant_id removes the per-tenant OIDC binding, every per-tenant role (TEMPLATE seed roles included), and every role grant attached to them.

Tag Field Type Label Description
1 tenant_uuid string repeated -

Package reeflogic.server.v1

Source proto: 2000_server/050_server/proto/reef_survey_service.proto

Imports

  • common/common.proto

Services

ReefSurveyService

RPC Request Response Description
UpsertSurvey UpsertSurveyRequest UpsertSurveyResponse -
GetSurvey GetSurveyRequest GetSurveyResponse -

Messages

SurveyRecord

Tag Field Type Label Description
1 survey_id string - -
2 site_id reeflogic.common.v1.ReefSiteId - -
3 sample_point reeflogic.common.v1.GeoPoint - -
4 audit reeflogic.common.v1.AuditInfo - -
5 notes string - -

UpsertSurveyRequest

Tag Field Type Label Description
1 survey SurveyRecord - -

UpsertSurveyResponse

Tag Field Type Label Description
1 survey SurveyRecord - -
2 created bool - -

GetSurveyRequest

Tag Field Type Label Description
1 survey_id string - -

GetSurveyResponse

Tag Field Type Label Description
1 survey SurveyRecord - -

Package reeflogic.admin.v1

Source proto: 2000_server/100_server_admin/proto/reef_admin_service.proto

Imports

  • common/cmd.proto

Services

ReefAdminService

ReefLogic Admin CMD Service

RPC Request Response Description
execute reeflogic.cmd.v1.AdminExecuteRequest reeflogic.cmd.v1.AdminExecuteReply CMD interface

Package reeflogic.init.v1

Source proto: 2000_server/100_server_admin/proto/reef_init_service.proto

Imports

  • common/admin.proto
  • google/protobuf/empty.proto

Services

ReefInitService

ReefLogic Admin Init Service runs once (see configuration attribute server_admin.enable_reef_init_service true/false)

RPC Request Response Description
initialize reeflogic.admin.v1.ReefInitialize google.protobuf.Empty Initialize ReefLogic. will throw an exception if it is already initialized or if initialization fails

Package reeflogic.status.v1

Source proto: 2000_server/100_server_admin/proto/reef_status_service.proto

Imports

  • common/admin.proto
  • google/protobuf/empty.proto

Services

ReefStatusService

ReefLogic Admin Status Service No AuthN/Z, tell us if is initialized and get MLKEM pub key

RPC Request Response Description
is_initialized google.protobuf.Empty reeflogic.admin.v1.ServerStatus Is initialized