Skip to content

Store State

Caracal separates durable state from propagation state.

StoreRole
PostgresDurable product, authority, audit, coordination, and outbox state.
Redis StreamsEvent propagation, invalidation, revocation, and consumer coordination.
Replay volumesTemporary audit emission buffer for STS and Gateway.
Secret manager/filesRuntime credentials and HMAC/encryption material.
DomainTables
Product modelzones, providers, applications, resources, application_dependencies
Authoritysessions, delegated_grants, provider_grants, step_up_challenges
Policypolicies, policy_versions, policy_sets, policy_set_versions, policy_set_bindings
Auditaudit_events, partitions, audit_export_watermark, audit_ingest_alerts, admin_audit_events
Agentsagent_sessions, agent_topology, agent_services, agent_invocations, delegation_edges, delegation_graph_epochs
Operationsevent_outbox, caracal_outbox, admin_tokens, gateway_resource_bindings, gateway_binding_revision, resource_rate_limits
  • Migrations are forward-only in production tooling.
  • schema_migrations records applied versions.
  • Audit role cannot update or delete audit_events.
  • Policy versions are immutable.
  • Zone-scoped tables use fail-closed row-level security.
  • Audit partitions are maintained for the rolling window.

Redis keeps delivery state, pending entries, consumer groups, rate-limit coordination, and revocation/invalidation streams. Redis does not replace Postgres for durable product state.

  1. Postgres and runtime secrets.
  2. STS/Gateway replay volumes.
  3. Redis streams/pending entries when available.
  4. Audit exports and SIEM archive.

Use Manage Keys to understand how signing, encryption, and HMAC keys protect stored and propagated state.