Enterprise Data Model

The Enterprise Data Model (EDM) is a graph-connected schema that spans your entire organization. It is defined in JSON Schema Draft 2020-12, maintained as the single source of truth, and used to generate typed SDKs for TypeScript, Python, Go, and .NET.

Six Domains

┌─────────────────────────────────────────────────────────────────┐
│                    Enterprise Data Model                        │
│                                                                 │
│  ┌──────────────┐  ┌──────────────────┐  ┌──────────────────┐  │
│  │    People    │  │   Technology     │  │    Licenses      │  │
│  │              │  │                  │  │                  │  │
│  │  Person      │  │  TechnologyAsset │  │  SoftwareLicense │  │
│  │  Group       │  │  AccessEntitle-  │  │  LicenseAssign-  │  │
│  │              │  │  ment            │  │  ment            │  │
│  └──────┬───────┘  └────────┬─────────┘  └────────┬─────────┘  │
│         │                   │                      │            │
│         │           ┌───────┴──────────────────────┘            │
│         │           │                                           │
│         └───────────┤      Relationship (graph edge)            │
│                     │      links any two entities               │
│         ┌───────────┤      across any domain                    │
│         │           └───────┬──────────────────────┐            │
│         │                   │                      │            │
│  ┌──────┴───────┐  ┌────────┴─────────┐  ┌────────┴─────────┐  │
│  │    Assets    │  │ Risk & Compliance │  │     Common       │  │
│  │              │  │                  │  │                  │  │
│  │  Physical-   │  │  Vulnerability   │  │  Relationship    │  │
│  │  Asset       │  │  Compliance-     │  │  DataSource      │  │
│  │  CloudRes-   │  │  Control         │  │  Tag             │  │
│  │  ource       │  │  RiskItem        │  │                  │  │
│  └──────────────┘  └──────────────────┘  └──────────────────┘  │
└─────────────────────────────────────────────────────────────────┘

Domain	SDK service	Entities
People	`sdk.people`	Person, Group
Technology	`sdk.technology`	TechnologyAsset, AccessEntitlement
Licenses	`sdk.licenses`	SoftwareLicense, LicenseAssignment
Assets	`sdk.assets`	PhysicalAsset, CloudResource
Risk & Compliance	`sdk.risk`	Vulnerability, ComplianceControl, RiskItem
Common	`sdk.relationships`, `sdk.dataSources`	Relationship, DataSource, Tag

Common Fields

Every EDM entity shares these fields regardless of domain:

Field	Type	Description
`id`	string	Unique identifier with type prefix (e.g. `per-abc123`)
`tenantId`	string	Owning tenant — set server-side from JWT, never client-supplied
`createdAt`	ISO 8601	Creation timestamp (UTC)
`updatedAt`	ISO 8601	Last update timestamp (UTC)
`deletedAt`	ISO 8601 or null	Soft-delete timestamp; null means the entity is active
`tags`	string[]	Arbitrary labels for filtering and organization

Deletion is always soft. Setting deletedAt hides the entity from default list queries but preserves it for audit and compliance purposes. Pass includeDeleted: true to list queries to see soft-deleted entities.

ID Prefixes

Every entity ID is prefixed to make its type immediately identifiable in logs, foreign keys, and API responses.

Entity	Prefix	Example
Person	`per-`	`per-a1b2c3d4`
Group	`grp-`	`grp-e5f6g7h8`
TechnologyAsset	`tast-`	`tast-i9j0k1l2`
AccessEntitlement	`aent-`	`aent-m3n4o5p6`
SoftwareLicense	`lic-`	`lic-q7r8s9t0`
LicenseAssignment	`lasg-`	`lasg-u1v2w3x4`
PhysicalAsset	`past-`	`past-y5z6a7b8`
CloudResource	`cres-`	`cres-c9d0e1f2`
Vulnerability	`vuln-`	`vuln-g3h4i5j6`
ComplianceControl	`ctrl-`	`ctrl-k7l8m9n0`
RiskItem	`risk-`	`risk-o1p2q3r4`
Relationship	`rel-`	`rel-s5t6u7v8`
DataSource	`dsrc-`	`dsrc-w9x0y1z2`
StorageRecord	`srec-`	`srec-a3b4c5d6`
StorageObject	`sobj-`	`sobj-e7f8g9h0`
Tenant	`tnt-`	`tnt-i1j2k3l4`
AuditEvent	`aevt-`	`aevt-m5n6o7p8`

Graph Connectivity

Relationship entities are typed edges that link any two EDM entities across any domain. They enable graph-style queries without schema changes.

// Link a person to a cloud resource (access relationship)
const rel = await sdk.relationships.create({
  fromId: 'per-a1b2c3d4',    // Person
  toId:   'cres-c9d0e1f2',   // CloudResource
  type:   'has_access_to',
  metadata: { grantedAt: '2026-01-15T10:00:00Z', grantedBy: 'per-x9y8z7w6' }
})
 
// Query: which cloud resources does this person have access to?
const rels = await sdk.relationships.list({
  fromId: 'per-a1b2c3d4',
  type:   'has_access_to',
})

Common relationship types used across the EDM:

Type	Typical fromId entity	Typical toId entity
`member_of`	Person	Group
`has_access_to`	Person	TechnologyAsset / CloudResource
`assigned_to`	SoftwareLicense	Person
`affects`	Vulnerability	TechnologyAsset / CloudResource
`mitigated_by`	RiskItem	ComplianceControl
`owned_by`	PhysicalAsset / CloudResource	Person / Group
`sourced_from`	Any entity	DataSource

Schema Conventions

All EDM schemas follow JSON Schema Draft 2020-12 with these required fields:

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id":     "https://schemas.cyberpod.app/edm/v1/person.json",
  "title":   "Person",
  "description": "A human individual in the organization.",
  "type": "object",
  "additionalProperties": false,
  "required": ["id", "tenantId", "createdAt", "updatedAt"],
  "properties": { ... }
}

Key conventions:

additionalProperties: false on every schema — unknown fields are rejected
All date-time fields use "format": "date-time" (ISO 8601 UTC)
Nullable fields use "type": ["string", "null"] (JSON Schema 2020-12 style)
ID fields reference common/id.json for the prefix pattern

Call Path Storage Design