← Back to Documentation
Database Schema
Complete reference of all database tables, relationships, and enums in the Intrex schema.
Entity Relationships
tenants → users, branches, domains, connectors, templates, instances
branches → obligation_instances, domains, notification_routes
obligation_templates → obligation_instances
obligation_instances → obligation_documents
domains → ssl_check_results
connectors → notification_routes, notification_deliveries
notification_events → notification_deliveries, acknowledgements
Tables
tenants
— Customer organizationsFields:
id (uuid PK)name (varchar)statusstripeCustomerIdplanNamecreatedAtRelations:
usersbranchesdomainsconnectors
users
— Application users with rolesFields:
id (serial PK)tenantId (FK)emailpasswordHashrole (enum)statusRelations:
tenantobligationInstancesacknowledgements
branches
— Business locationsFields:
id (uuid PK)tenantId (FK)codenamecityCorporationdistrictregionRelations:
tenantobligationInstancesdomains
jurisdictions
— Geographic compliance zonesFields:
id (uuid PK)countryCoderegiondistrictcityCorporationlabelRelations:
obligationTemplates
obligation_templates
— Reusable compliance rulesFields:
id (uuid PK)tenantId (FK)jurisdictionId (FK)categorytitlerecurrenceTypeseverityRelations:
tenantjurisdictioninstances
obligation_instances
— Actual compliance itemsFields:
id (uuid PK)tenantId (FK)branchId (FK)templateId (FK)categorystatusdueAtcompletedAtRelations:
tenantbranchtemplatedocuments
obligation_documents
— Proof attachmentsFields:
id (uuid PK)obligationInstanceId (FK)storageKeyfilenamemimeTypesizeBytesRelations:
obligationInstance
domains
— SSL-monitored domainsFields:
id (uuid PK)tenantId (FK)branchId (FK)hostnameportstatuslastCheckedAtRelations:
tenantbranchsslCheckResults
ssl_check_results
— SSL check historyFields:
id (uuid PK)domainId (FK)checkStatusvalidFromvalidTodaysRemainingissuerCnRelations:
domain
connectors
— Notification channelsFields:
id (uuid PK)tenantId (FK)type (enum)namestatusconfigEncryptedJsonRelations:
tenantroutes
notification_routes
— Routing rulesFields:
id (uuid PK)tenantId (FK)branchId (FK)connectorId (FK)eventTypeseverityMinrecipientRefRelations:
tenantbranchconnector
notification_events
— Queued notificationsFields:
id (uuid PK)tenantId (FK)eventTypefingerprintpayloadJsonscheduledForstatusRelations:
tenantdeliveriesacknowledgement
notification_deliveries
— Delivery attemptsFields:
id (uuid PK)notificationEventId (FK)connectorId (FK)attemptNodeliveryStatussentAtRelations:
notificationEventconnector
acknowledgements
— User acknowledgmentsFields:
id (uuid PK)notificationEventId (FK)ackByUserId (FK)ackNoteackAtRelations:
notificationEventuser
activity_logs
— Audit trailFields:
id (serial PK)tenantId (FK)userId (FK)actionentityTypeentityIdbeforeJsonafterJsonRelations:
tenantuser
Enumerations
app_rolehead_office_adminbranch_manageroperator
obligation_categorytrade_licensefire_safetytax_vatenvironmental_permitinspection_renewal
obligation_statusupcomingdue_todayoverduecompletedwaived
severitylowmediumhighcritical
connector_typeemail_smtptelegram_botwhatsapp_businesswebhook
connector_statusactivedisablederrorpending_verification
ssl_check_statusokwarningexpiredhandshake_faileddns_failedtimeouthostname_mismatch
notification_event_typeobligation_dueobligation_overduessl_expiryssl_failuredigest
notification_statusqueuedprocessingsentfailedcancelledackeddead_letter
Row Level Security
All tenant-scoped tables have RLS policies enforced. Users can only access rows wheretenantIdmatches their session tenant.
-- Example RLS Policy
CREATE POLICY tenant_isolation ON obligation_instances
FOR ALL
USING (tenant_id = current_setting('app.current_tenant')::uuid);Key Indexes
| Table | Index | Purpose |
|---|---|---|
| obligation_instances | (tenant_id, status, due_at) | Dashboard filtering |
| notification_events | (fingerprint) | Deduplication |
| ssl_check_results | (domain_id, checked_at) | History queries |
| activity_logs | (tenant_id, timestamp) | Audit queries |