Store State
Caracal separates durable state from propagation state.
| Store | Role |
|---|---|
| Postgres | Durable product, authority, audit, coordination, and outbox state. |
| Redis Streams | Event propagation, invalidation, revocation, and consumer coordination. |
| Replay volumes | Temporary audit emission buffer for STS and Gateway. |
| Secret manager/files | Runtime credentials and HMAC/encryption material. |
Postgres Ownership
Section titled “Postgres Ownership”| Domain | Tables |
|---|---|
| Product model | zones, providers, applications, resources, application_dependencies |
| Authority | sessions, delegated_grants, provider_grants, step_up_challenges |
| Policy | policies, policy_versions, policy_sets, policy_set_versions, policy_set_bindings |
| Audit | audit_events, partitions, audit_export_watermark, audit_ingest_alerts, admin_audit_events |
| Agents | agent_sessions, agent_topology, agent_services, agent_invocations, delegation_edges, delegation_graph_epochs |
| Operations | event_outbox, caracal_outbox, admin_tokens, gateway_resource_bindings, gateway_binding_revision, resource_rate_limits |
Integrity Controls
Section titled “Integrity Controls”- Migrations are forward-only in production tooling.
schema_migrationsrecords applied versions.- Audit role cannot update or delete
audit_events. - Policy versions are immutable.
- Zone-scoped tables use fail-closed row-level security.
- Audit partitions are maintained for the rolling window.
Redis Ownership
Section titled “Redis Ownership”Redis keeps delivery state, pending entries, consumer groups, rate-limit coordination, and revocation/invalidation streams. Redis does not replace Postgres for durable product state.
Restore Priority
Section titled “Restore Priority”- Postgres and runtime secrets.
- STS/Gateway replay volumes.
- Redis streams/pending entries when available.
- Audit exports and SIEM archive.
Next Step
Section titled “Next Step”Use Manage Keys to understand how signing, encryption, and HMAC keys protect stored and propagated state.

