Argus

Appearance

本頁由 docs-site/scripts/sync-api-docs.shproto/gen/grpc-doc/ 自動產生。 不要直接編輯本檔;改 proto + 跑 make proto 後重新同步。

Protocol Documentation

Table of Contents

Top

v1/annotation.proto

AuthMethod

Authorization method for RPC calls.

NameNumberDescription
AUTH_METHOD_UNSPECIFIED0Unspecified authorization method.
IAM1Standard IAM authorization check on organizational resources.
CUSTOM2Custom authorization logic.

File-level Extensions

ExtensionTypeBaseNumberDescription
allow_without_credentialbool.google.protobuf.MethodOptions100000Whether the method allows access without authentication credentials.
auditbool.google.protobuf.MethodOptions100003Whether to audit calls to this method.
auth_methodAuthMethod.google.protobuf.MethodOptions100002The authorization method to use for this RPC.
permissionstring.google.protobuf.MethodOptions100001The permission required to call this method.

Top

v1/access_grant_service.proto

AccessGrant

FieldTypeLabelDescription
namestringThe name of the access grant, generated by the server. Format: projects/{project}/accessGrants/{access_grant} The {access_grant} segment is a server-generated unique ID.
creatorstringThe creator of the access grant. Format: users/
statusAccessGrant.StatusThe status of the access grant. An ACTIVE grant with expire_time in the past is effectively expired and no longer authorizes access. Use expire_time to determine whether an ACTIVE grant has expired.
expire_timegoogle.protobuf.TimestampThe expiration time of the access grant.
ttlgoogle.protobuf.DurationInput only. The time-to-live duration for the access grant. The server computes expire_time from this value at activation time.
issuestringThe issue associated with the access grant. Can be empty. Format: projects/{project}/issues/
targetsstringrepeatedThe target databases for this access grant. Format: instances/{instance}/databases/
querystringThe query permission granted.
unmaskboolWhether the grant allows unmasking sensitive data.
create_timegoogle.protobuf.Timestamp
update_timegoogle.protobuf.Timestamp
reasonstring

ActivateAccessGrantRequest

FieldTypeLabelDescription
namestringThe name of the access grant to activate. Format: projects/{project}/accessGrants/

CreateAccessGrantRequest

FieldTypeLabelDescription
parentstringThe parent project for the access grant. Format: projects/
access_grantAccessGrantThe access grant to create.

GetAccessGrantRequest

FieldTypeLabelDescription
namestringThe name of the access grant to retrieve. Format: projects/{project}/accessGrants/

ListAccessGrantsRequest

FieldTypeLabelDescription
parentstringThe parent project of the access grants. Format: projects/
page_sizeint32The maximum number of access grants to return.
page_tokenstringA page token from a previous ListAccessGrants call.
filterstringFilter expression using AIP-160 syntax. Supported fields: - name: the fullname in "projects/{project}/accessGrants/{access_grant}" format, support "==" operator. - creator: the creator name in "users/{email}" format, support "==" operator. - status: the access status, support "==" and "in" operator. - issue: the access issue fullname, support "==" operator. - expire_time: the access expire time in "2006-01-02T15:04:05Z07:00" format, support ">=", ">", "<=" and "<" operator. - create_time: the access creation time in "2006-01-02T15:04:05Z07:00" format, support ">=", ">", "<=" and "<" operator. - query: the access query, support "==" and ".contains(xx)" operator - target: the target database fullname, support "==" operator.

Examples: - creator == "users/dev@example.com" - status == "ACTIVE" - status in ["ACTIVE", "PENDING"] - creator == "users/dev@example.com" && status == "ACTIVE" - issue == "projects/x/issues/123" - status == "ACTIVE" && expire_time > "2024-02-01T00:00:00Z" - target == "instances/sample/databases/employee" | | order_by | string | | The order by of access grants. Support creator, expire_time, create_time. The default sorting order is ascending. For example: - order_by = "creator" - order_by = "expire_time desc" - order_by = "expire_time asc, create_time desc" |

ListAccessGrantsResponse

FieldTypeLabelDescription
access_grantsAccessGrantrepeatedThe access grants from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

RevokeAccessGrantRequest

FieldTypeLabelDescription
namestringThe name of the access grant to revoke. Format: projects/{project}/accessGrants/

SearchMyAccessGrantsRequest

FieldTypeLabelDescription
parentstringThe parent project to search in. Format: projects/
page_sizeint32The maximum number of access grants to return.
page_tokenstringA page token from a previous SearchMyAccessGrants call.
filterstringCheck the filter field in the ListAccessGrantsRequest message.
order_bystringCheck the order_by field in the ListAccessGrantsRequest message.

SearchMyAccessGrantsResponse

FieldTypeLabelDescription
access_grantsAccessGrantrepeatedThe access grants from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

AccessGrant.Status

The status of the access grant.

NameNumberDescription
STATUS_UNSPECIFIED0
PENDING1The access grant is pending approval.
ACTIVE2The access grant is active. Check expire_time to determine whether the grant is still valid or has expired.
REVOKED3The access grant has been revoked.

AccessGrantService

AccessGrantService manages temporary access grants within projects.

Method NameRequest TypeResponse TypeDescription
GetAccessGrantGetAccessGrantRequestAccessGrantGets an access grant by name.
ListAccessGrantsListAccessGrantsRequestListAccessGrantsResponseLists access grants in a project.
CreateAccessGrantCreateAccessGrantRequestAccessGrantCreates an access grant.
ActivateAccessGrantActivateAccessGrantRequestAccessGrantActivates a pending access grant.
RevokeAccessGrantRevokeAccessGrantRequestAccessGrantRevokes an active access grant.
SearchMyAccessGrantsSearchMyAccessGrantsRequestSearchMyAccessGrantsResponseSearches access grants created by the caller.

Top

v1/common.proto

PermissionDeniedDetail

PermissionDeniedDetail provides structured information about permission failures. Used as error detail when returning CodePermissionDenied errors.

FieldTypeLabelDescription
methodstringThe API method that was called.
required_permissionsstringrepeatedThe permissions required but not granted to the user.
resourcesstringrepeatedThe resources the user was trying to access.

Position

Position in a text expressed as one-based line and one-based column. We use 1-based numbering to match the majority of industry standards:

Handling unknown positions:

  • If the entire position is unknown, leave this field as nil/undefined
  • If only line is known, set line and leave column as 0 (e.g., line=5, column=0)
  • If only column is known (rare), set column and leave line as 0 Frontends should check for nil/undefined/zero values and handle them appropriately.
FieldTypeLabelDescription
lineint32Line position in a text (one-based). First line of the text is line 1. A value of 0 indicates the line information is unknown.
columnint32Column position in a text (one-based). Column is measured in Unicode code points (characters/runes), not bytes or grapheme clusters. First character of the line is column 1. A value of 0 indicates the column information is unknown.

Examples: - "SELECT * FROM t" - column 8 is '*' - "SELECT 你好 FROM t" - column 8 is '你' (even though it's at byte offset 7) - "SELECT 😀 FROM t" - column 8 is '😀' (even though it's 4 bytes in UTF-8) |

Range

Range represents a span within a text or sequence. Whether the indices are byte offsets or character indices depends on the context. Check the documentation of the field using Range for specific semantics.

FieldTypeLabelDescription
startint32Start index (inclusive).
endint32End index (exclusive).

Engine

Database engine type.

NameNumberDescription
ENGINE_UNSPECIFIED0Unspecified database engine.
CLICKHOUSE1ClickHouse columnar database.
MYSQL2MySQL relational database.
POSTGRES3PostgreSQL relational database.
SNOWFLAKE4Snowflake cloud data warehouse.
SQLITE5SQLite embedded database.
TIDB6TiDB distributed SQL database.
MONGODB7MongoDB document database.
REDIS8Redis key-value store.
ORACLE9Oracle relational database.
SPANNER10Google Cloud Spanner distributed database.
MSSQL11Microsoft SQL Server relational database.
REDSHIFT12Amazon Redshift data warehouse.
MARIADB13MariaDB relational database.
OCEANBASE14OceanBase distributed database.
STARROCKS15StarRocks analytics database.
DORIS16Apache Doris analytics database.
HIVE17Apache Hive data warehouse.
ELASTICSEARCH18Elasticsearch search engine.
BIGQUERY19Google BigQuery data warehouse.
DYNAMODB20Amazon DynamoDB NoSQL database.
DATABRICKS21Databricks lakehouse platform.
COCKROACHDB22CockroachDB distributed SQL database.
COSMOSDB23Azure Cosmos DB multi-model database.
TRINO24Trino distributed SQL query engine.
CASSANDRA25Apache Cassandra NoSQL database.

ExportFormat

Data export format.

NameNumberDescription
FORMAT_UNSPECIFIED0Unspecified export format.
CSV1Comma-separated values format.
JSON2JavaScript Object Notation format.
SQL3SQL statements format.
XLSX4Microsoft Excel spreadsheet format.

RiskLevel

RiskLevel is the risk level.

NameNumberDescription
RISK_LEVEL_UNSPECIFIED0Unspecified risk level.
LOW1Low risk operation.
MODERATE2Moderate risk operation.
HIGH3High risk operation.

State

Resource lifecycle state.

NameNumberDescription
STATE_UNSPECIFIED0
ACTIVE1Resource is active and operational.
DELETED2Resource is soft-deleted but may be recoverable.

StatementType

StatementType represents the type of SQL statement.

NameNumberDescription
STATEMENT_TYPE_UNSPECIFIED0
CREATE_DATABASE1DDL - CREATE statements
CREATE_TABLE2
CREATE_VIEW3
CREATE_INDEX4
CREATE_SEQUENCE5
CREATE_SCHEMA6
CREATE_FUNCTION7
CREATE_TRIGGER8
CREATE_PROCEDURE9
CREATE_EVENT10
CREATE_EXTENSION11
CREATE_TYPE12
DROP_DATABASE20DDL - DROP statements
DROP_TABLE21
DROP_VIEW22
DROP_INDEX23
DROP_SEQUENCE24
DROP_SCHEMA25
DROP_FUNCTION26
DROP_TRIGGER27
DROP_PROCEDURE28
DROP_EVENT29
DROP_EXTENSION30
DROP_TYPE31
ALTER_DATABASE40DDL - ALTER statements
ALTER_TABLE41
ALTER_VIEW42
ALTER_SEQUENCE43
ALTER_EVENT44
ALTER_TYPE45
ALTER_INDEX46
TRUNCATE50DDL - Other
RENAME51
RENAME_INDEX52
RENAME_SCHEMA53
RENAME_SEQUENCE54
COMMENT55
INSERT60DML statements
UPDATE61
DELETE62

VCSType

Version control system type.

NameNumberDescription
VCS_TYPE_UNSPECIFIED0Unspecified VCS type.
GITHUB1GitHub version control platform.
GITLAB2GitLab version control platform.
BITBUCKET3Bitbucket version control platform.
AZURE_DEVOPS4Azure DevOps version control platform.

WebhookType

Webhook integration type.

NameNumberDescription
WEBHOOK_TYPE_UNSPECIFIED0Unspecified type.
SLACK1Slack integration.
DISCORD2Discord integration.
TEAMS3Microsoft Teams integration.
DINGTALK4DingTalk integration.
FEISHU5Feishu integration.
WECOM6WeCom (WeChat Work) integration.
LARK7Lark integration.
GOOGLE_CHAT8Google Chat integration.
TELEGRAM9[Argus P1-4 M4.0] Telegram Bot API integration.

Top

v1/issue_service.proto

ApprovalFlow

FieldTypeLabelDescription
rolesstringrepeatedThe roles required for approval in order.

ApprovalTemplate

FieldTypeLabelDescription
flowApprovalFlowThe approval flow definition.
titlestringThe title of the approval template.
descriptionstringThe description of the approval template.

ApproveIssueRequest

FieldTypeLabelDescription
namestringThe name of the issue to add an approver. Format: projects/{project}/issues/
commentstringThe comment explaining the approval decision.

BatchUpdateIssuesStatusRequest

FieldTypeLabelDescription
parentstringThe parent resource shared by all issues being updated. Format: projects/{project} If the operation spans parents, a dash (-) may be accepted as a wildcard. We only support updating the status of databases for now.
issuesstringrepeatedThe list of issues to update. Format: projects/{project}/issues/
statusIssueStatusThe new status.
reasonstringThe reason for the status change.

BatchUpdateIssuesStatusResponse

CreateIssueCommentRequest

FieldTypeLabelDescription
parentstringThe issue name Format: projects/{project}/issues/
issue_commentIssueCommentThe comment to create.

CreateIssueRequest

FieldTypeLabelDescription
parentstringThe parent, which owns this collection of issues. Format: projects/
issueIssueThe issue to create.

GetIssueRequest

FieldTypeLabelDescription
namestringThe name of the issue to retrieve. Format: projects/{project}/issues/
forceboolIf set to true, bypass cache and fetch the latest data.

Issue

FieldTypeLabelDescription
namestringThe name of the issue. Format: projects/{project}/issues/
titlestringThe title of the issue.
descriptionstringThe description of the issue.
typeIssue.Type
statusIssueStatusThe status of the issue.
approversIssue.Approverrepeated
approval_templateApprovalTemplateThe approval template for the issue.
creatorstringFormat: users/hello@world.com
create_timegoogle.protobuf.Timestamp
update_timegoogle.protobuf.Timestamp
planstringThe plan associated with the issue. Can be empty. Format: projects/{project}/plans/
role_grantRoleGrantUsed if the issue type is ROLE_GRANT.
risk_levelRiskLevelThe risk level of the issue.
labelsstringrepeatedLabels attached to the issue for categorization and filtering.
approval_statusIssue.ApprovalStatus
access_grantstringThe access grant associated with this issue. Format: projects/{project}/accessGrants/

Issue.Approver

Approvers and their approval status for the issue.

FieldTypeLabelDescription
statusIssue.Approver.StatusThe new status.
principalstringFormat: users/hello@world.com

IssueComment

A comment on an issue.

FieldTypeLabelDescription
namestringFormat: projects/{project}/issues/{issue}/issueComments/
commentstringThe text content of the comment.
payloadstringTODO: use struct message instead.
create_timegoogle.protobuf.Timestamp
update_timegoogle.protobuf.Timestamp
creatorstringFormat: users/
approvalIssueComment.ApprovalApproval event.
issue_updateIssueComment.IssueUpdateIssue update event.
plan_spec_updateIssueComment.PlanSpecUpdatePlan spec update event.

IssueComment.Approval

Approval event information.

FieldTypeLabelDescription
statusIssueComment.Approval.StatusThe approval status.

IssueComment.IssueUpdate

Issue update event information.

FieldTypeLabelDescription
from_titlestringoptional
to_titlestringoptional
from_descriptionstringoptional
to_descriptionstringoptional
from_statusIssueStatusoptional
to_statusIssueStatusoptional
from_labelsstringrepeated
to_labelsstringrepeated

IssueComment.PlanSpecUpdate

Plan spec update event information (tracks sheet changes to plan specs).

FieldTypeLabelDescription
specstringThe spec that was updated. Format: projects/{project}/plans/{plan}/specs/
from_sheetstringoptionalThe previous sheet. Format: projects/{project}/sheets/
to_sheetstringoptionalThe new sheet. Format: projects/{project}/sheets/

ListIssueCommentsRequest

FieldTypeLabelDescription
parentstringFormat: projects/{projects}/issues/
page_sizeint32The maximum number of issue comments to return. The service may return fewer than this value. If unspecified, at most 10 issue comments will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListIssueComments call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListIssueComments must match the call that provided the page token. |

ListIssueCommentsResponse

FieldTypeLabelDescription
issue_commentsIssueCommentrepeatedThe issue comments from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

ListIssuesRequest

FieldTypeLabelDescription
parentstringThe parent, which owns this collection of issues. Format: projects/
page_sizeint32The maximum number of issues to return. The service may return fewer than this value. If unspecified, at most 10 issues will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListIssues call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListIssues must match the call that provided the page token. | | filter | string | | Filter is used to filter issues returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filters: - creator: issue creator full name in "users/{email or id}" format, support "==" operator. - status: the issue status, support "==" and "in" operator, check the IssueStatus enum for the values. - create_time: issue create time in "2006-01-02T15:04:05Z07:00" format, support ">=" or "<=" operator. - type: the issue type, support "==" and "in" operator, check the Type enum in the Issue message for the values. - labels: the issue labels, support "==" and "in" operator. - risk_level: the issue risk level, support "in" operator, check the RiskLevel enum for the values. - approval_status: issue approval status, support "==" operator. - current_approver: the issue approver, should in "users/{email} format", support "==" operator.

For example: creator == "users/ed@bytebase.com" && status in ["OPEN", "DONE"] status == "CANCELED" && type == "DATABASE_CHANGE" labels in ["label1", "label2"] risk_level in ["HIGH", "MODERATE"] create_time >= "2025-01-02T15:04:05Z07:00" | | query | string | | Query is the query statement. | | order_by | string | | The order by of issues. Support: - create_time - update_time The default sorting order is ascending. For example: - order_by = "create_time desc" - order_by = "update_time asc" |

ListIssuesResponse

FieldTypeLabelDescription
issuesIssuerepeatedThe issues from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

RejectIssueRequest

FieldTypeLabelDescription
namestringThe name of the issue to add a rejection. Format: projects/{project}/issues/
commentstringThe comment explaining the rejection decision.

RequestIssueRequest

FieldTypeLabelDescription
namestringThe name of the issue to request a issue. Format: projects/{project}/issues/
commentstringThe comment explaining the request.

RoleGrant

FieldTypeLabelDescription
rolestringThe requested role. Format: roles/EXPORTER.
userstringThe user to be granted. Format: users/{email}.
conditiongoogle.type.ExprThe condition for the role. Same as the condition in IAM Binding message.
expirationgoogle.protobuf.DurationThe duration for which the grant is valid.

SearchIssuesRequest

FieldTypeLabelDescription
parentstringThe parent, which owns this collection of issues. Format: projects/{project} Use "projects/-" to list all issues from all projects.
page_sizeint32The maximum number of issues to return. The service may return fewer than this value. If unspecified, at most 10 issues will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous SearchIssues call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to SearchIssues must match the call that provided the page token. | | filter | string | | Filter is used to filter issues returned in the list. Check the filter field in the ListIssuesRequest message. | | query | string | | Query is the query statement. | | order_by | string | | The order by of issues. Support: - create_time - update_time The default sorting order is ascending. For example: - order_by = "create_time desc" - order_by = "update_time asc" |

SearchIssuesResponse

FieldTypeLabelDescription
issuesIssuerepeatedThe issues from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

UpdateIssueCommentRequest

FieldTypeLabelDescription
parentstringThe issue name Format: projects/{project}/issues/
issue_commentIssueCommentThe comment to update.
update_maskgoogle.protobuf.FieldMaskThe list of fields to update.
allow_missingboolIf set to true, and the issue comment is not found, a new issue comment will be created. In this situation, update_mask is ignored.

UpdateIssueRequest

FieldTypeLabelDescription
issueIssueThe issue to update.

The issue's name field is used to identify the issue to update. Format: projects/{project}/issues/{issue} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the issue is not found, a new issue will be created. In this situation, update_mask is ignored. |

Issue.ApprovalStatus

The overall approval status for the issue.

NameNumberDescription
APPROVAL_STATUS_UNSPECIFIED0Unspecified approval status.
CHECKING1Approval checks are being evaluated.
PENDING2Approval is pending.
APPROVED3Issue has been approved.
REJECTED4Issue has been rejected.
SKIPPED5Approval was skipped.

Issue.Approver.Status

The approval status of an approver.

NameNumberDescription
STATUS_UNSPECIFIED0Unspecified status.
PENDING1Awaiting approval.
APPROVED2Approved.
REJECTED3Rejected.

Issue.Type

The type of issue.

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified issue type.
DATABASE_CHANGE1Database schema or data change.
ROLE_GRANT2Role grant request.
DATABASE_EXPORT3Database data export request.
ACCESS_GRANT4Temporary access grant request.

IssueComment.Approval.Status

Approval status values.

NameNumberDescription
STATUS_UNSPECIFIED0Unspecified status.
PENDING1Approval pending.
APPROVED2Approved.
REJECTED3Rejected.

IssueStatus

The status of an issue.

NameNumberDescription
ISSUE_STATUS_UNSPECIFIED0Unspecified status.
OPEN1Issue is open and active.
DONE2Issue is completed.
CANCELED3Issue is canceled.

IssueService

IssueService manages issues for tracking database changes and tasks.

Method NameRequest TypeResponse TypeDescription
GetIssueGetIssueRequestIssueRetrieves an issue by name. Permissions required: bb.issues.get
CreateIssueCreateIssueRequestIssueCreates a new issue for database changes or tasks. Permissions required: bb.issues.create
ListIssuesListIssuesRequestListIssuesResponseLists issues in a project. Permissions required: bb.issues.list
SearchIssuesSearchIssuesRequestSearchIssuesResponseSearch for issues that the caller has the bb.issues.get permission on and also satisfy the specified filter & query. Permissions required: bb.issues.get
UpdateIssueUpdateIssueRequestIssueUpdates an issue's properties such as title, description, or labels. Permissions required: bb.issues.update
ListIssueCommentsListIssueCommentsRequestListIssueCommentsResponseLists comments on an issue. Permissions required: bb.issueComments.list
CreateIssueCommentCreateIssueCommentRequestIssueCommentAdds a comment to an issue. Permissions required: bb.issueComments.create
UpdateIssueCommentUpdateIssueCommentRequestIssueCommentUpdates an existing issue comment. Permissions required: bb.issueComments.update
BatchUpdateIssuesStatusBatchUpdateIssuesStatusRequestBatchUpdateIssuesStatusResponseUpdates the status of multiple issues in a single operation. Permissions required: bb.issues.update
ApproveIssueApproveIssueRequestIssueApproves an issue. Access determined by approval flow configuration - caller must be a designated approver for the current approval step. Permissions required: None (determined by approval flow)
RejectIssueRejectIssueRequestIssueRejects an issue. Access determined by approval flow configuration - caller must be a designated approver for the current approval step. Permissions required: None (determined by approval flow)
RequestIssueRequestIssueRequestIssueRequests changes on an issue. Access determined by approval flow configuration - caller must be a designated approver for the current approval step. Permissions required: None (determined by approval flow)

Top

v1/setting_service.proto

AISetting

FieldTypeLabelDescription
enabledbool
providerAISetting.Provider
endpointstring
api_keystring
modelstring
versionstring

Algorithm

FieldTypeLabelDescription
full_maskAlgorithm.FullMask
range_maskAlgorithm.RangeMask
md5_maskAlgorithm.MD5Mask
inner_outer_maskAlgorithm.InnerOuterMask

Algorithm.FullMask

FieldTypeLabelDescription
substitutionstringsubstitution is the string used to replace the original value, the max length of the string is 16 bytes.

Algorithm.InnerOuterMask

FieldTypeLabelDescription
prefix_lenint32
suffix_lenint32
typeAlgorithm.InnerOuterMask.MaskType
substitutionstring

Algorithm.MD5Mask

FieldTypeLabelDescription
saltstringsalt is the salt value to generate a different hash that with the word alone.

Algorithm.RangeMask

FieldTypeLabelDescription
slicesAlgorithm.RangeMask.SlicerepeatedWe store it as a repeated field to face the fact that the original value may have multiple parts should be masked. But frontend can be started with a single rule easily.

Algorithm.RangeMask.Slice

FieldTypeLabelDescription
startint32start is the start character index (0-based) of the original value, should be less than end. Uses character indices (not byte offsets) for display-oriented masking. Example: For "你好world", character index 2 refers to 'w' (the 3rd character).
endint32end is the end character index (exclusive) of the original value. Uses character indices (not byte offsets) for display-oriented masking.
substitutionstringsubstitution is the string used to replace the OriginalValue[start:end).

Announcement

FieldTypeLabelDescription
levelAnnouncement.AlertLevelThe alert level of announcement
textstringThe text of announcement
linkstringThe optional link, user can follow the link to check extra details

AppIMSetting

FieldTypeLabelDescription
settingsAppIMSetting.IMSettingrepeated

AppIMSetting.DingTalk

FieldTypeLabelDescription
client_idstring
client_secretstring
robot_codestring

AppIMSetting.Feishu

FieldTypeLabelDescription
app_idstring
app_secretstring

AppIMSetting.IMSetting

FieldTypeLabelDescription
typeWebhookType
slackAppIMSetting.Slack
feishuAppIMSetting.Feishu
wecomAppIMSetting.Wecom
larkAppIMSetting.Lark
dingtalkAppIMSetting.DingTalk
teamsAppIMSetting.Teams
telegramAppIMSetting.Telegram

AppIMSetting.Lark

FieldTypeLabelDescription
app_idstring
app_secretstring

AppIMSetting.Slack

FieldTypeLabelDescription
tokenstring

AppIMSetting.Teams

FieldTypeLabelDescription
tenant_idstringAzure AD tenant ID (Directory ID).
client_idstringAzure AD application (client) ID.
client_secretstringAzure AD client secret.

AppIMSetting.Telegram

[Argus P1-4 M4.0] Telegram Bot API credentials.

FieldTypeLabelDescription
bot_tokenstring
chat_idstring

AppIMSetting.Wecom

FieldTypeLabelDescription
corp_idstring
agent_idstring
secretstring

DataClassificationSetting

FieldTypeLabelDescription
configsDataClassificationSetting.DataClassificationConfigrepeated

DataClassificationSetting.DataClassificationConfig

FieldTypeLabelDescription
idstringid is the uuid for classification. Each project can chose one classification config.
titlestring
levelsDataClassificationSetting.DataClassificationConfig.Levelrepeatedlevels is user defined level list for classification.
classificationDataClassificationSetting.DataClassificationConfig.ClassificationEntryrepeatedclassification is the id - DataClassification map. The id should in [0-9]+-[0-9]+-[0-9]+ format.

DataClassificationSetting.DataClassificationConfig.ClassificationEntry

FieldTypeLabelDescription
keystring
valueDataClassificationSetting.DataClassificationConfig.DataClassification

DataClassificationSetting.DataClassificationConfig.DataClassification

FieldTypeLabelDescription
idstringid is the classification id in [0-9]+-[0-9]+-[0-9]+ format.
titlestring
levelint32optionalThe sensitivity level. Maps to Level.level.

DataClassificationSetting.DataClassificationConfig.Level

FieldTypeLabelDescription
titlestring
levelint32The numeric level for ordering. Higher = more sensitive.

EmailSetting

FieldTypeLabelDescription
fromstring
from_namestring
typeEmailSetting.Type
smtpEmailSetting.SMTPConfig

EmailSetting.SMTPConfig

FieldTypeLabelDescription
hoststring
portint32
usernamestring
passwordstring
encryptionEmailSetting.SMTPConfig.Encryption
authenticationEmailSetting.SMTPConfig.Authentication

EnvironmentSetting

FieldTypeLabelDescription
environmentsEnvironmentSetting.Environmentrepeated

EnvironmentSetting.Environment

FieldTypeLabelDescription
namestringThe resource name of the environment. Format: environments/{environment}. Output only.
idstringThe resource id of the environment. This value should be 4-63 characters, and valid characters are /[a-z][0-9]-/.
titlestringThe display name of the environment.
tagsEnvironmentSetting.Environment.TagsEntryrepeated
colorstring

EnvironmentSetting.Environment.TagsEntry

FieldTypeLabelDescription
keystring
valuestring

GetSettingRequest

The request message for getting a setting.

FieldTypeLabelDescription
namestringThe resource name of the setting.

GetSettingResponse

The response message for getting a setting.

FieldTypeLabelDescription
settingSetting

ListSettingsRequest

ListSettingsResponse

FieldTypeLabelDescription
settingsSettingrepeatedThe settings from the specified request.

SemanticTypeSetting

FieldTypeLabelDescription
typesSemanticTypeSetting.SemanticTyperepeated

SemanticTypeSetting.SemanticType

FieldTypeLabelDescription
idstringid is the uuid for semantic type.
titlestringthe title of the semantic type, it should not be empty.
descriptionstringthe description of the semantic type, it can be empty.
algorithmAlgorithm
iconstringicon is the icon for semantic type, it can be emoji or base64 encoded image.

Setting

The schema of setting.

FieldTypeLabelDescription
namestringThe resource name of the setting. Format: settings/{setting} Example: "settings/SEMANTIC_TYPES"
valueSettingValueThe configuration value of the setting.

SettingValue

The data in setting value.

FieldTypeLabelDescription
app_imAppIMSetting
workspace_profileWorkspaceProfileSetting
workspace_approvalWorkspaceApprovalSetting
data_classificationDataClassificationSetting
semantic_typeSemanticTypeSetting
aiAISetting
environmentEnvironmentSetting
emailEmailSetting

TestEmailSettingRequest

FieldTypeLabelDescription
parentstring
email_settingEmailSetting
tostring

TestEmailSettingResponse

FieldTypeLabelDescription
successbool
errorstring

UpdateSettingRequest

The request message for updating or creating a setting.

FieldTypeLabelDescription
settingSettingThe setting to update.
validate_onlyboolvalidate_only is a flag to indicate whether to validate the setting value, server would not persist the setting value if it is true.
allow_missingbool
update_maskgoogle.protobuf.FieldMask

WorkspaceApprovalSetting

FieldTypeLabelDescription
rulesWorkspaceApprovalSetting.Rulerepeated

WorkspaceApprovalSetting.Rule

FieldTypeLabelDescription
templateApprovalTemplate
conditiongoogle.type.ExprThe condition that is associated with the rule. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

The source field filters which rules apply. The condition field then evaluates with full context.

All supported variables: statement.affected_rows: affected row count in the DDL/DML, support "==", "!=", "<", "<=", ">", ">=" operations. statement.table_rows: table row count number, support "==", "!=", "<", "<=", ">", ">=" operations. resource.environment_id: the environment resource id, support "==", "!=", "in [xx]", "!(in [xx])" operations. resource.project_id: the project resource id, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations. resource.db_engine: the database engine type, support "==", "!=", "in [xx]", "!(in [xx])" operations. Check the Engine enum for values. statement.sql_type: the SQL type, support "==", "!=", "in [xx]", "!(in [xx])" operations. resource.database_name: the database name, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations. resource.schema_name: the schema name, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations. resource.table_name: the table name, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations. statement.text: the SQL statement, support "contains()", "matches()", "startsWith()", "endsWith()" operations. request.expiration_days: the role expiration days for the request, support "==", "!=", "<", "<=", ">", ">=" operations. request.role: the request role full name, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations.

When source is CHANGE_DATABASE, support: statement., resource. (excluding request.*) When source is CREATE_DATABASE, support: resource.environment_id, resource.project_id, resource.db_engine, resource.database_name When source is EXPORT_DATA, support: resource.environment_id, resource.project_id, resource.db_engine, resource.database_name, resource.schema_name, resource.table_name When source is REQUEST_ROLE, support: resource.project_id, request.expiration_days, request.role When source is REQUEST_ACCESS, support: resource.environment_id, resource.project_id, request.unmask

For examples: resource.environment_id == "prod" && statement.affected_rows >= 100 resource.table_name.matches("sensitive_.*") && resource.db_engine == "MYSQL" | | source | WorkspaceApprovalSetting.Rule.Source | | |

WorkspaceProfileSetting

FieldTypeLabelDescription
external_urlstringThe external URL is used for sso authentication callback.
disallow_signupboolDisallow self-service signup, users can only be invited by the owner.
require_mfaboolRequire MFA for all users.
refresh_token_durationgoogle.protobuf.DurationThe duration for refresh token. Default is 7 days.
announcementAnnouncementThe setting of custom announcement
maximum_role_expirationgoogle.protobuf.DurationThe max duration for role expired.
domainsstringrepeatedThe workspace domain, e.g., bytebase.com.
enforce_identity_domainboolOnly user and group from the domains can be created and login.
database_change_modeDatabaseChangeModeThe workspace database change mode.
disallow_password_signinboolWhether to disallow password signin. (Except workspace admins)
inactive_session_timeoutgoogle.protobuf.DurationThe session expiration time if not activity detected for the user. Value <= 0 means no limit.
enable_audit_log_stdoutboolWhether to enable audit logging to stdout in structured JSON format. Requires TEAM or ENTERPRISE license.
watermarkboolWhether to display watermark on pages. Requires ENTERPRISE license.
directory_sync_tokenstringThe token for directory sync authentication.
password_restrictionWorkspaceProfileSetting.PasswordRestrictionPassword restriction settings.
access_token_durationgoogle.protobuf.DurationThe duration for access token. Default is 1 hour.
enable_debugboolWhether debug mode is enabled.
sql_result_sizeint64The maximum result size limit in bytes for query and export, works for the SQL Editor and Export Center. The default value is 100MB, we will use the default value if the setting not exists, or the limit <= 0.
query_timeoutgoogle.protobuf.DurationThe query timeout duration for query and export, works for the SQL Editor and Export Center.
allow_email_code_signinboolAllow signin/signup using email + a 6-digit one-time verification code. Requires the EMAIL setting to be configured on the workspace.
disallow_self_approval_defaultbool[Argus P0-1] Zero-trust default: when true, every project is treated as if project.setting.allow_self_approval were false, regardless of the project value. Projects may only loosen self-approval when this flag is off. New workspaces seed this to true.

WorkspaceProfileSetting.PasswordRestriction

FieldTypeLabelDescription
min_lengthint32min_length is the minimum length for password, should no less than 8.
require_numberboolrequire_number requires the password must contains at least one number.
require_letterboolrequire_letter requires the password must contains at least one letter, regardless of upper case or lower case
require_uppercase_letterboolrequire_uppercase_letter requires the password must contains at least one upper case letter.
require_special_characterboolrequire_special_character requires the password must contains at least one special character.
require_reset_password_for_first_loginboolrequire_reset_password_for_first_login requires users to reset their password after the 1st login.
password_rotationgoogle.protobuf.Durationpassword_rotation requires users to reset their password after the duration.

AISetting.Provider

NameNumberDescription
PROVIDER_UNSPECIFIED0
OPEN_AI1
CLAUDE2
GEMINI3
AZURE_OPENAI4

Algorithm.InnerOuterMask.MaskType

NameNumberDescription
MASK_TYPE_UNSPECIFIED0
INNER1
OUTER2

Announcement.AlertLevel

We support three levels of AlertLevel: INFO, WARNING, and ERROR.

NameNumberDescription
ALERT_LEVEL_UNSPECIFIED0
INFO1
WARNING2
CRITICAL3

DatabaseChangeMode

NameNumberDescription
DATABASE_CHANGE_MODE_UNSPECIFIED0
PIPELINE1A more advanced database change process, including custom approval workflows and other advanced features. Default to this mode.
EDITOR2A simple database change process in SQL editor. Users can execute SQL directly.

EmailSetting.SMTPConfig.Authentication

NameNumberDescription
AUTHENTICATION_UNSPECIFIED0
AUTHENTICATION_NONE1
PLAIN2
LOGIN3
CRAM_MD54

EmailSetting.SMTPConfig.Encryption

NameNumberDescription
ENCRYPTION_UNSPECIFIED0
ENCRYPTION_NONE1
STARTTLS2
SSL_TLS3

EmailSetting.Type

NameNumberDescription
TYPE_UNSPECIFIED0
SMTP1

Setting.SettingName

NameNumberDescription
SETTING_NAME_UNSPECIFIED0
WORKSPACE_PROFILE1
WORKSPACE_APPROVAL2
APP_IM3
AI4
DATA_CLASSIFICATION5
SEMANTIC_TYPES6
ENVIRONMENT7
EMAIL8

WorkspaceApprovalSetting.Rule.Source

NameNumberDescription
SOURCE_UNSPECIFIED0
CHANGE_DATABASE1
CREATE_DATABASE2
EXPORT_DATA3
REQUEST_ROLE4
REQUEST_ACCESS5

SettingService

SettingService manages workspace-level settings and configurations.

Method NameRequest TypeResponse TypeDescription
ListSettingsListSettingsRequestListSettingsResponseLists all workspace settings. Permissions required: bb.settings.list
GetSettingGetSettingRequestSettingRetrieves a workspace setting by name. Permissions required: bb.settings.get
UpdateSettingUpdateSettingRequestSettingUpdates a workspace setting. Permissions required: bb.settings.set
TestEmailSettingTestEmailSettingRequestTestEmailSettingResponseSends a test email using the provided config (without persisting). Permissions required: bb.settings.set

Top

v1/actuator_service.proto

ActuatorInfo

System information and configuration for the Argus instance. Actuator concept is similar to the Spring Boot Actuator.

FieldTypeLabelDescription
versionstringThe Argus server version.
git_commitstringThe git commit hash of the build.
readonlyboolWhether the Argus instance is running in read-only mode.
saasboolWhether the Argus instance is running in SaaS mode where some features cannot be edited by users.
demoboolWhether the Argus instance is running in demo mode.
hoststringThe host address of the Argus instance.
portstringThe port number of the Argus instance.
external_urlstringThe external URL where users or webhook callbacks access Argus.
last_active_timegoogle.protobuf.TimestampThe last time any API call was made, refreshed on each request.
workspacestringThe unique identifier for the workspace. Format: workspaces/
unlicensed_featuresstringrepeatedList of features that are not licensed.
dockerboolWhether the Argus instance is running in Docker.
activated_user_countint32The number of activated users.
activated_instance_countint32The number of activated database instances.
total_instance_countint32The total number of database instances.
external_url_from_flagboolWhether the external URL is set via command-line flag (and thus cannot be changed via UI).
replica_countint32The number of active replicas (servers sharing the same database).
restrictionRestriction
default_projectstringThe default project for unassigned databases. Format: projects/
user_count_in_iamint32The number of users in the workspace IAM (for seat limit display).

DeleteCacheRequest

Request message for deleting cache.

GetActuatorInfoRequest

Request message for getting actuator information.

FieldTypeLabelDescription
namestringOptional. The workspace to scope the response to. Format: workspaces/{workspace} When unset, the workspace is resolved from the request context (self-hosted) or no workspace-scoped fields are returned (SaaS).

Restriction

FieldTypeLabelDescription
disallow_signupboolWhether self-service user signup is disabled.
disallow_password_signinboolWhether password-based signin is disabled (except for workspace admins).
password_restrictionWorkspaceProfileSetting.PasswordRestrictionPassword complexity and restriction requirements.
allow_email_code_signinboolWhether email + 6-digit code signin is enabled for this workspace.
password_reset_enabledboolWhether password reset via email is available for this workspace. True when the workspace (or deployment) has an email setting configured.

ActuatorService

ActuatorService manages system health and operational information.

Method NameRequest TypeResponse TypeDescription
GetActuatorInfoGetActuatorInfoRequestActuatorInfoGets system information and health status of the Argus instance. When name is provided (or the workspace-scoped binding is used), the response includes workspace-scoped fields for that workspace. Permissions required: None
DeleteCacheDeleteCacheRequest.google.protobuf.EmptyClears the system cache to force data refresh. Permissions required: None

Top

v1/ai_service.proto

AIChatMessage

A single message in the conversation.

FieldTypeLabelDescription
roleAIChatMessageRoleThe role of the message sender.
contentstringoptionalThe text content of the message. Optional for assistant messages that only contain tool calls.
tool_callsAIChatToolCallrepeatedTool calls made by the assistant. Only present in assistant messages.
tool_call_idstringoptionalThe ID of the tool call this message is responding to. Only present in tool messages.

AIChatRequest

Request message for AIService.Chat.

FieldTypeLabelDescription
messagesAIChatMessagerepeatedThe conversation messages.
tool_definitionsAIChatToolDefinitionrepeatedThe tool definitions available to the AI.

AIChatResponse

Response message for AIService.Chat.

FieldTypeLabelDescription
contentstringoptionalThe text content of the AI response. Optional when the response only contains tool calls.
tool_callsAIChatToolCallrepeatedTool calls the AI wants to make.
usageAIChatUsageoptionalToken usage for this provider call, when available.

AIChatToolCall

A tool call made by the AI.

FieldTypeLabelDescription
idstringThe unique ID of this tool call.
namestringThe name of the tool to call.
argumentsstringThe JSON-encoded arguments to pass to the tool.
metadatastringoptionalOpaque provider-specific metadata (e.g., Gemini thought_signature). Frontend must echo this back unchanged when sending tool results.

AIChatToolDefinition

A tool definition that the AI can invoke.

FieldTypeLabelDescription
namestringThe name of the tool.
descriptionstringA description of what the tool does.
parameters_schemastringThe JSON Schema describing the tool's parameters.

AIChatUsage

Token usage for a single AI provider call.

FieldTypeLabelDescription
total_tokensint32Total tokens used by the provider call.

AIChatMessageRole

Role of a chat message.

NameNumberDescription
AI_CHAT_MESSAGE_ROLE_UNSPECIFIED0Unspecified role.
AI_CHAT_MESSAGE_ROLE_SYSTEM1System message providing instructions.
AI_CHAT_MESSAGE_ROLE_USER2User message.
AI_CHAT_MESSAGE_ROLE_ASSISTANT3Assistant (AI) message.
AI_CHAT_MESSAGE_ROLE_TOOL4Tool result message.

AIService

AIService provides AI chat capabilities for the page agent.

Method NameRequest TypeResponse TypeDescription
ChatAIChatRequestAIChatResponseChat sends a conversation with tool definitions to the configured AI provider and returns the AI response.

Top

v1/iam_policy.proto

Binding

Binding associates members with a role and optional conditions.

FieldTypeLabelDescription
rolestringThe role that is assigned to the members. Format: roles/
membersstringrepeatedSpecifies the principals requesting access for a Argus resource. For users, the member should be: user:{email} For groups, the member should be: group:{email} For service accounts, the member should be: serviceAccount:{email} For workload identities, the member should be: workloadIdentity:
conditiongoogle.type.ExprThe condition that is associated with this binding, only used in the project IAM policy. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Support variables: resource.database: the database full name in "instances/{instance}/databases/{database}" format, used by the "roles/sqlEditorUser" and "roles/sqlEditorReadUser" roles, support "==" operator. resource.schema_name: the schema name, used by the "roles/sqlEditorUser" and "roles/sqlEditorReadUser" roles, support "==" operator. resource.table_name: the table name, used by the "roles/sqlEditorUser" and "roles/sqlEditorReadUser" roles, support "==" operator. resource.environment_id: the environment to allow the DDL/DML operation in the SQL Editor, only works for the role with bb.sql.ddl or bb.sql.dml permissions. Support "in" operator. request.time: the expiration. Only support "<" operation in request.time &lt; timestamp(&#34;{ISO datetime string format}&#34;).

For example: resource.database == "instances/local-pg/databases/postgres" && resource.schema_name in ["public","another_schema"] resource.database == "instances/local-pg/databases/bytebase" && resource.schema_name == "public" && resource.table_name in ["audit_log"] resource.database == "instances/local-pg/databases/postgres" && resource.environment_id in ["test"] request.time < timestamp("2025-04-26T11:24:48.655Z") | | parsed_expr | google.api.expr.v1alpha1.Expr | | The parsed expression of the condition. |

BindingDelta

A single change to a binding.

FieldTypeLabelDescription
actionBindingDelta.ActionThe action that was performed on a Binding.
rolestringRole that is assigned to members. For example, roles/projectOwner.
memberstringFollows the same format of Binding.members.
conditiongoogle.type.ExprThe condition that is associated with this binding.

GetIamPolicyRequest

Request message for getting an IAM policy.

FieldTypeLabelDescription
resourcestringThe name of the resource to get the IAM policy. Format: projects/{project} Format: workspaces/

IamPolicy

IAM policy that binds members to roles.

FieldTypeLabelDescription
bindingsBindingrepeatedCollection of binding. A binding binds one or more project members to a single project role.
etagstringThe current etag of the policy. If an etag is provided and does not match the current etag of the policy, the call will be blocked and an ABORTED error will be returned.

PolicyDelta

Describes changes between two IAM policies.

FieldTypeLabelDescription
binding_deltasBindingDeltarepeatedThe delta for Bindings between two policies.

SetIamPolicyRequest

Request message for setting an IAM policy.

FieldTypeLabelDescription
resourcestringThe name of the resource to set the IAM policy. Format: projects/{project} Format: workspaces/
policyIamPolicy
etagstringThe current etag of the policy.

BindingDelta.Action

Type of action performed on a binding.

NameNumberDescription
ACTION_UNSPECIFIED0Unspecified action.
ADD1Add a binding.
REMOVE2Remove a binding.

Top

v1/audit_log_service.proto

AuditData

Additional audit data specific to certain operations.

FieldTypeLabelDescription
policy_deltaPolicyDeltaChanges to IAM policies.

AuditLog

Audit log entry recording system activity or API call.

FieldTypeLabelDescription
namestringThe name of the log. Formats: - projects/{project}/auditLogs/{uid} - workspaces/{workspace}/auditLogs/
create_timegoogle.protobuf.TimestampThe timestamp when the audit log was created.
userstringThe user who performed the action. Format: users/
methodstringThe method or action being audited. For example: /argus.v1.SQLService/Query or bb.project.repository.push
severityAuditLog.SeverityThe severity level of this audit log entry.
resourcestringThe resource associated with this audit log.
requeststringThe request payload in JSON format.
responsestringThe response payload in JSON format. Some fields may be omitted if they are too large or contain sensitive information.
statusgoogle.rpc.StatusThe status of the operation.
latencygoogle.protobuf.DurationThe duration of the operation.
service_datagoogle.protobuf.AnyService-specific metadata about the request, response, and activities.
request_metadataRequestMetadataMetadata about the request context.

ExportAuditLogsRequest

Request message for exporting audit logs.

FieldTypeLabelDescription
parentstring
filterstringThe filter of the log. It should be a valid CEL expression. Check the filter field in the SearchAuditLogsRequest message.
order_bystringThe order by of the log. Only support order by create_time. The default sorting order is ascending. For example: - order_by = "create_time asc" - order_by = "create_time desc"
formatExportFormatThe export format.
page_sizeint32The maximum number of logs to return. The service may return fewer than this value. If unspecified, at most 10 log entries will be returned. The maximum value is 5000; values above 5000 will be coerced to 5000.
page_tokenstringA page token, received from a previous ExportAuditLogs call. Provide this to retrieve the subsequent page.

ExportAuditLogsResponse

Response message for exporting audit logs.

FieldTypeLabelDescription
contentbytesThe exported audit log content in the requested format.
next_page_tokenstringA token to retrieve next page of log entities. Pass this value in the page_token field in the subsequent call to retrieve the next page of log entities.

RequestMetadata

Metadata about the incoming request.

FieldTypeLabelDescription
caller_ipstringThe IP address of the request originator.
caller_supplied_user_agentstringThe user agent string provided by the caller. This is supplied by the client and is not authenticated.

SearchAuditLogsRequest

Request message for searching audit logs.

FieldTypeLabelDescription
parentstring
filterstringThe filter of the log. It should be a valid CEL expression. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - method: the API name, can be found in the docs, should start with "/argus.v1." prefix. For example "/argus.v1.UserService/CreateUser". Support "==" operator. - severity: support "==" operator, check Severity enum in AuditLog message for values. - user: the actor, in "users/{login_id}" format (Identity Model L2), support "==" operator. - create_time: support ">=" and "<=" operator.

For example: - filter = "method == '/argus.v1.SQLService/Query'" - filter = "method == '/argus.v1.SQLService/Query' && severity == 'ERROR'" - filter = "method == '/argus.v1.SQLService/Query' && severity == 'ERROR' && user == 'users/alice'" - filter = "method == '/argus.v1.SQLService/Query' && severity == 'ERROR' && create_time <= '2021-01-01T00:00:00Z' && create_time >= '2020-01-01T00:00:00Z'" | | order_by | string | | The order by of the log. Only support order by create_time. The default sorting order is ascending. For example: - order_by = "create_time asc" - order_by = "create_time desc" | | page_size | int32 | | The maximum number of logs to return. The service may return fewer than this value. If unspecified, at most 10 log entries will be returned. The maximum value is 5000; values above 5000 will be coerced to 5000. | | page_token | string | | A page token, received from a previous SearchLogs call. Provide this to retrieve the subsequent page. |

SearchAuditLogsResponse

Response message for searching audit logs.

FieldTypeLabelDescription
audit_logsAuditLogrepeated
next_page_tokenstringA token to retrieve next page of log entities. Pass this value in the page_token field in the subsequent call to retrieve the next page of log entities.

AuditLog.Severity

Severity level for audit log entries.

NameNumberDescription
SEVERITY_UNSPECIFIED0Unspecified severity level.
DEBUG1Debug-level information.
INFO2Informational messages.
NOTICE3Notable events.
WARNING4Warning conditions.
ERROR5Error conditions.
CRITICAL6Critical conditions.
ALERT7Action must be taken immediately.
EMERGENCY8System is unusable.

AuditLogService

AuditLogService manages audit logs for system activities and API calls.

Method NameRequest TypeResponse TypeDescription
SearchAuditLogsSearchAuditLogsRequestSearchAuditLogsResponseSearches audit logs with optional filtering and pagination. Permissions required: bb.auditLogs.search
ExportAuditLogsExportAuditLogsRequestExportAuditLogsResponseExports audit logs in a specified format for external analysis. Permissions required: bb.auditLogs.export

Top

v1/user_service.proto

BatchGetUsersRequest

FieldTypeLabelDescription
namesstringrepeatedThe user names to retrieve. Format: users/

BatchGetUsersResponse

FieldTypeLabelDescription
usersUserrepeatedThe users from the specified request.

CreateUserRequest

FieldTypeLabelDescription
userUserThe user to create.

DeleteUserRequest

FieldTypeLabelDescription
namestringThe name of the user to delete. Format: users/

GetUserRequest

FieldTypeLabelDescription
namestringThe name of the user to retrieve. Format: users/

ListUsersRequest

FieldTypeLabelDescription
page_sizeint32The maximum number of users to return. The service may return fewer than this value. If unspecified, at most 10 users will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListUsers call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListUsers must match the call that provided the page token. | | show_deleted | bool | | Show deleted users if specified. | | filter | string | | Filter is used to filter users returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - name: the user name, support "==" and ".contains()" operator. - email: the user email, support "==" and ".contains()" operator. - state: check State enum for values, support "==" operator. - project: the project full name in "projects/{id}" format, support "==" operator.

For example: name == "ed" name.contains("ed") email == "ed@bytebase.com" email.contains("ed") state == "DELETED" project == "projects/sample-project" You can combine filter conditions like: name.contains("ed") && project == "projects/sample-project" (name == "ed" || email == "ed@bytebase.com") && project == "projects/sample-project" |

ListUsersResponse

FieldTypeLabelDescription
usersUserrepeatedThe users from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

UndeleteUserRequest

FieldTypeLabelDescription
namestringThe name of the deleted user. Format: users/

UpdateEmailRequest

FieldTypeLabelDescription
namestringThe name of the user whose email to update. Format: users/{email} Note: This is the current (old) email address. The new email is specified in the 'email' field.
emailstringThe new email address.

UpdateUserRequest

FieldTypeLabelDescription
userUserThe user to update.

The user's name field is used to identify the user to update. Format: users/{email} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | otp_code | string | optional | The otp_code is used to verify the user's identity by MFA. | | regenerate_temp_mfa_secret | bool | | The regenerate_temp_mfa_secret flag means to regenerate temporary MFA secret for user. This is used for MFA setup. The temporary MFA secret and recovery codes will be returned in the response. | | regenerate_recovery_codes | bool | | The regenerate_recovery_codes flag means to regenerate recovery codes for user. | | allow_missing | bool | | If set to true, and the user is not found, a new user will be created. In this situation, update_mask is ignored. |

User

FieldTypeLabelDescription
namestringThe name of the user. Format: users/
stateStateThe lifecycle state of the user account.
emailstringThe email address of the user, used for notifications. Identity Model L2 (P0-AUTH-6): contact-only; may be empty for principals created without an email claim (Mode B contractors / IdP JIT).
login_idstringlogin_id is the principal's primary identifier under Identity Model L2 (P0-AUTH-6). Lower-cased; allowed chars [a-z0-9._@-]; max 256. Settable on CreateUser; ignored on UpdateUser (login_id is permanent after creation — rotate via DeleteUser + CreateUser if needed).
passwordstringThe password for authentication. Only used during user creation or password updates.
service_keystringThe service key for service account authentication.
mfa_enabledboolThe mfa_enabled flag means if the user has enabled MFA.
temp_otp_secretstringTemporary OTP secret used during MFA setup and regeneration.
temp_recovery_codesstringrepeatedTemporary recovery codes used during MFA setup and regeneration.
temp_otp_secret_created_timegoogle.protobuf.TimestampTimestamp when temp_otp_secret was created. Used by frontend to show countdown timer.
profileUser.ProfileUser profile metadata.
groupsstringrepeatedThe groups for the user. Format: groups/
workspacestringThe current workspace. Format: workspaces/

User.Profile

FieldTypeLabelDescription
last_login_timegoogle.protobuf.TimestampThe last time the user successfully logged in.
last_change_password_timegoogle.protobuf.TimestampThe last time the user changed their password.
sourcestringsource means where the user comes from. For now we support Entra ID SCIM sync, so the source could be Entra ID.
account_lockedboolP1-AUTH-9: account_locked is true when the account is currently locked due to too many failed password attempts. Read-only when retrieved; set to false via UpdateUser update_mask "profile.account_locked" to manually unlock the account (admin only).
idp_onlyboolP1-AUTH-1/10: idp_only marks users that MUST authenticate through an external IdP (SSO). When true, the password-login path is blocked. Toggled by admins via UpdateUser update_mask "profile.idp_only". Automatically set to true for JIT-provisioned SSO users.

UserService

UserService manages user accounts and authentication.

Method NameRequest TypeResponse TypeDescription
GetUserGetUserRequestUserGet the user. Any authenticated user can get the user. Permissions required: bb.users.get
BatchGetUsersBatchGetUsersRequestBatchGetUsersResponseGet the users in batch. Any authenticated user can batch get users. Permissions required: bb.users.get
GetCurrentUser.google.protobuf.EmptyUserGet the current authenticated user. Permissions required: None
ListUsersListUsersRequestListUsersResponseList all users. Any authenticated user can list users. Permissions required: bb.users.list
CreateUserCreateUserRequestUserCreates a user in the caller's workspace (admin action, self-hosted only). In SaaS mode, admins should add users via workspace IAM policy instead. Permissions required: bb.users.create
UpdateUserUpdateUserRequestUserUpdates a user. Users can update their own profile, or users with bb.users.update permission can update any user. Note: Email updates are not supported through this API. Use UpdateEmail instead. Permissions required: bb.users.update (or self)
DeleteUserDeleteUserRequest.google.protobuf.EmptyDeletes a user. Requires bb.users.delete permission with additional validation: the last remaining workspace admin cannot be deleted. Permissions required: bb.users.delete
UndeleteUserUndeleteUserRequestUserRestores a deleted user. Permissions required: bb.users.undelete
UpdateEmailUpdateEmailRequestUserUpdates a user's email address. Permissions required: bb.users.updateEmail

Top

v1/auth_service.proto

ExchangeTokenRequest

FieldTypeLabelDescription
tokenstringExternal OIDC token (JWT) from CI/CD platform.
emailstringWorkload Identity email for identifying which identity to authenticate as. Format: {name}@workload.bytebase.com

ExchangeTokenResponse

FieldTypeLabelDescription
access_tokenstringArgus access token.

IdentityProviderContext

Context for identity provider authentication.

FieldTypeLabelDescription
oauth2_contextOAuth2IdentityProviderContextOAuth2 authentication context.
oidc_contextOIDCIdentityProviderContextOpenID Connect authentication context.

LoginRequest

FieldTypeLabelDescription
emailstringUser's email address. DEPRECATED for password login: prefer login_id (Identity Model L2, P0-AUTH-5D, docs/modules/auth-internal-deployment.md §3.0.3). Still used as the fallback identifier for clients that haven't been updated and as the pairing key for email_code passwordless login.
passwordstringUser's password for authentication.
login_idstringlogin_id is the principal's primary identifier under Identity Model L2 (Argus internal, P0-AUTH-5). When non-empty it takes precedence over email for password login. SSO login resolves login_id from the IdP identifier — this field is unused on that path.
webboolIf true, sets access token and refresh token as HTTP-only cookies instead of returning the token in the response body. Use for browser-based clients.
idp_namestringThe name of the identity provider. Format: idps/
idp_contextIdentityProviderContextThe idp_context is used to get the user information from identity provider.
otp_codestringoptionalThe otp_code is used to verify the user's identity by MFA.
recovery_codestringoptionalThe recovery_code is used to recovery the user's identity with MFA.
mfa_temp_tokenstringoptionalThe mfa_temp_token is used to verify the user's identity by MFA.
email_codestringoptional6-digit code from email for passwordless login/signup. Pairs with email. Mutually exclusive with password and idp_name.
workspacestringoptionalPreferred workspace to land in after login. If the user is a member of this workspace, the token is issued for it; otherwise falls back to the default resolution (last login workspace → first membership). Typically populated from the ?workspace= query parameter in invite links. Format: workspaces/

LoginResponse

FieldTypeLabelDescription
tokenstringAccess token for authenticated requests. Only returned when web=false. For web=true, the token is set as an HTTP-only cookie.
mfa_temp_tokenstringoptionalTemporary token for MFA verification.
require_reset_passwordboolWhether user must reset password before continuing.
userUserThe user from the successful login.
require_mfa_enrollmentboolWhether the user must enrol TOTP before continuing (P0-AUTH-12). Mirrors require_reset_password's pattern: an access token is still issued so the user can reach /2fa/setup and call UpdateUser on themselves, but the frontend router force-redirects to the enrollment page until mfa_enabled flips true. Triggered when the workspace require_mfa setting is true OR when the user holds workspaceAdmin (hardcoded guardrail per A3 v1.2).

LogoutRequest

Request to logout current user session.

OAuth2IdentityProviderContext

OAuth2 authentication context.

FieldTypeLabelDescription
codestringAuthorization code from OAuth2 provider.

OIDCIdentityProviderContext

OpenID Connect authentication context.

FieldTypeLabelDescription
codestringAuthorization code from OIDC provider.

RefreshRequest

Request to refresh the access token.

RefreshResponse

Response from refreshing the access token.

RequestPasswordResetRequest

FieldTypeLabelDescription
emailstringThe email address of the account to reset.
workspacestringoptionalOptional workspace context captured at send time, used to locate the EMAIL setting, and later (at verify time) for signup gate checks and workspace assignment. Unset for SaaS brand-new signup (no workspace exists yet). Format: workspaces/

ResetPasswordRequest

FieldTypeLabelDescription
emailstringThe email address of the account.
codestringThe 6-digit code from the reset email.
new_passwordstringThe new password to set.

SendEmailLoginCodeRequest

FieldTypeLabelDescription
emailstringThe email address to send the code to.
workspacestringoptionalOptional workspace context captured at send time, used to locate the EMAIL setting, and later (at verify time) for signup gate checks and workspace assignment. Unset for SaaS brand-new signup (no workspace exists yet). Format: workspaces/

SignupRequest

FieldTypeLabelDescription
emailstringThe email for the new account. Identity Model L2 (P0-AUTH-6): becomes optional contact info; clients should send login_id as the primary identifier. Empty stays NULL on the principal row. Pre-existing clients that send only email continue to work — the backend mirrors it into login_id (see auth_service.go).
passwordstringThe password for the new account.
titlestringThe display name of the user.
login_idstringlogin_id is the principal's primary identifier (Identity Model L2, P0-AUTH-6). Lower-cased; allowed chars [a-z0-9._@-]; max 256. When empty, the backend falls back to mirroring email.

SwitchWorkspaceRequest

FieldTypeLabelDescription
workspacestringThe target workspace to switch to. Format: workspaces/
webboolIf true, sets tokens as HTTP-only cookies (browser clients).
otp_codestringoptionalOTP code for MFA verification. Required if the target workspace enforces MFA.
recovery_codestringoptionalRecovery code for MFA verification (alternative to otp_code).
mfa_temp_tokenstringoptionalTemporary MFA token from a previous SwitchWorkspace call that returned mfa_temp_token.

AuthService

AuthService handles user authentication operations.

Method NameRequest TypeResponse TypeDescription
LoginLoginRequestLoginResponseAuthenticates a user and returns access tokens. Permissions required: None
LogoutLogoutRequest.google.protobuf.EmptyLogs out the current user session. Permissions required: None
ExchangeTokenExchangeTokenRequestExchangeTokenResponseExchanges an external OIDC token for a Argus access token. Used by CI/CD pipelines with Workload Identity Federation. Permissions required: None (validates via OIDC token)
SignupSignupRequestLoginResponseRegisters a new user account. Creates a principal and assigns a workspace: - If the user's email was pre-invited to a workspace, joins that workspace. - Otherwise, creates a new workspace with the user as admin. Returns access tokens so the user is logged in immediately after signup.
RefreshRefreshRequestRefreshResponseRefreshes the access token using the refresh token cookie. Permissions required: None (validates via refresh token cookie)
SwitchWorkspaceSwitchWorkspaceRequestLoginResponseSwitches the current user's active workspace and issues new tokens. The user must be a member of the target workspace.
RequestPasswordResetRequestPasswordResetRequest.google.protobuf.EmptyRequests a password reset email for the given email address. Always returns success to avoid leaking whether the email exists. Permissions required: None
ResetPasswordResetPasswordRequest.google.protobuf.EmptyResets the user's password using a password reset token from email. Permissions required: None (validates via token)
SendEmailLoginCodeSendEmailLoginCodeRequest.google.protobuf.EmptySends a 6-digit verification code to the email for login/signup. Always returns success (no email enumeration). Enforces 60-sec resend cooldown. Permissions required: None

Top

v1/cel_service.proto

BatchDeparseRequest

Request message for batch deparsing CEL expressions.

FieldTypeLabelDescription
expressionsgoogle.api.expr.v1alpha1.ExprrepeatedThe CEL expression ASTs to deparse.

BatchDeparseResponse

Response message for batch deparsing CEL expressions.

FieldTypeLabelDescription
expressionsstringrepeatedThe deparsed CEL expressions as strings.

BatchParseRequest

Request message for batch parsing CEL expressions.

FieldTypeLabelDescription
expressionsstringrepeatedThe CEL expression strings to parse.

BatchParseResponse

Response message for batch parsing CEL expressions.

FieldTypeLabelDescription
expressionsgoogle.api.expr.v1alpha1.ExprrepeatedThe parsed CEL expressions as AST.

CelService

CelService manages CEL (Common Expression Language) parsing and formatting operations.

Method NameRequest TypeResponse TypeDescription
BatchParseBatchParseRequestBatchParseResponseParses multiple CEL expression strings into AST representations. Permissions required: None
BatchDeparseBatchDeparseRequestBatchDeparseResponseConverts multiple CEL AST representations back into expression strings. Permissions required: None

Top

v1/database_catalog_service.proto

ColumnCatalog

Column metadata within a table.

FieldTypeLabelDescription
namestringThe column name.
semantic_typestringThe semantic type describing the data purpose.
labelsColumnCatalog.LabelsEntryrepeatedUser-defined labels for this column.
classificationstringThe data classification level for this column.
object_schemaObjectSchemaoptionalObject schema for complex column types like JSON.

ColumnCatalog.LabelsEntry

FieldTypeLabelDescription
keystring
valuestring

DatabaseCatalog

Catalog metadata for a database including schemas, tables, and columns.

FieldTypeLabelDescription
namestringThe name of the database catalog. Format: instances/{instance}/databases/{database}/catalog
schemasSchemaCatalogrepeatedThe schemas in the database.

GetDatabaseCatalogRequest

Request message for getting a database catalog.

FieldTypeLabelDescription
namestringThe name of the database catalog to retrieve. Format: instances/{instance}/databases/{database}/catalog

ObjectSchema

Schema definition for object-type columns.

FieldTypeLabelDescription
typeObjectSchema.TypeThe data type of this object.
struct_kindObjectSchema.StructKindStruct schema.
array_kindObjectSchema.ArrayKindArray schema.
semantic_typestringThe semantic type of this object.

ObjectSchema.ArrayKind

Array type with element schema.

FieldTypeLabelDescription
kindObjectSchemaThe schema of array elements.

ObjectSchema.StructKind

Structure type with named properties.

FieldTypeLabelDescription
propertiesObjectSchema.StructKind.PropertiesEntryrepeatedProperties of the struct.

ObjectSchema.StructKind.PropertiesEntry

FieldTypeLabelDescription
keystring
valueObjectSchema

SchemaCatalog

Schema metadata within a database.

FieldTypeLabelDescription
namestringThe schema name.
tablesTableCatalogrepeatedThe tables in the schema.

TableCatalog

Table metadata within a schema.

FieldTypeLabelDescription
namestringThe table name.
columnsTableCatalog.ColumnsRegular table columns.
object_schemaObjectSchemaObject schema for JSON/XML columns.
classificationstringThe data classification level for this table.

TableCatalog.Columns

Column list for regular tables.

FieldTypeLabelDescription
columnsColumnCatalogrepeatedThe columns in the table.

UpdateDatabaseCatalogRequest

Request message for updating a database catalog.

FieldTypeLabelDescription
catalogDatabaseCatalogThe database catalog to update.

The catalog's name field is used to identify the database catalog to update. Format: instances/{instance}/databases/{database}/catalog | | allow_missing | bool | | If set to true, and the database catalog is not found, a new database catalog will be created. In this situation, update_mask is ignored. |

ObjectSchema.Type

Object schema data types.

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified type.
STRING1String type.
NUMBER2Number type.
BOOLEAN3Boolean type.
OBJECT4Object/struct type.
ARRAY5Array type.

DatabaseCatalogService

DatabaseCatalogService manages database schema metadata and classification.

Method NameRequest TypeResponse TypeDescription
GetDatabaseCatalogGetDatabaseCatalogRequestDatabaseCatalogGets the catalog metadata for a database. Permissions required: bb.databaseCatalogs.get
UpdateDatabaseCatalogUpdateDatabaseCatalogRequestDatabaseCatalogUpdates catalog metadata such as classifications and labels. Permissions required: bb.databaseCatalogs.update

Top

v1/database_group_service.proto

CreateDatabaseGroupRequest

Request message for creating a database group.

FieldTypeLabelDescription
parentstringThe parent resource where this database group will be created. Format: projects/
database_groupDatabaseGroupThe database group to create.
database_group_idstringThe ID to use for the database group, which will become the final component of the database group's resource name.

This value should be 4-63 characters, and valid characters are /[a-z][0-9]-/. | | validate_only | bool | | If set, validate the create request and preview the full database group response, but do not actually create it. |

DatabaseGroup

A group of databases matched by expressions.

FieldTypeLabelDescription
namestringThe name of the database group. Format: projects/{project}/databaseGroups/
titlestringThe short name used in actual databases specified by users.
database_exprgoogle.type.ExprThe condition that is associated with this database group. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Support variables: resource.environment_id: the environment resource id. Support "==", "!=", "in [XX]", "!(in [xx])" operations. resource.instance_id: the instance resource id. Support "==", "!=", "in [XX]", "!(in [xx])", "contains", "matches", "startsWith", "endsWith" operations. resource.database_name: the database name. Support "==", "!=", "in [XX]", "!(in [xx])", "contains", "matches", "startsWith", "endsWith" operations. resource.database_labels: the database labels. Support map access operations. All variables should join with "&&" condition.

For example: resource.environment_id == "test" && resource.database_name.startsWith("sample_") resource.database_labels["tenant"] == "tenant1" | | matched_databases | DatabaseGroup.Database | repeated | The list of databases that match the database group condition. |

DatabaseGroup.Database

A database within a database group.

FieldTypeLabelDescription
namestringThe resource name of the database. Format: instances/{instance}/databases/

DeleteDatabaseGroupRequest

Request message for deleting a database group.

FieldTypeLabelDescription
namestringThe name of the database group to delete. Format: projects/{project}/databaseGroups/

GetDatabaseGroupRequest

Request message for getting a database group.

FieldTypeLabelDescription
namestringThe name of the database group to retrieve. Format: projects/{project}/databaseGroups/
viewDatabaseGroupViewThe view to return. Defaults to DATABASE_GROUP_VIEW_BASIC.

ListDatabaseGroupsRequest

Request message for listing database groups.

FieldTypeLabelDescription
parentstringThe parent resource whose database groups are to be listed. Format: projects/
viewDatabaseGroupViewThe view to return. Defaults to DATABASE_GROUP_VIEW_BASIC.

ListDatabaseGroupsResponse

Response message for listing database groups.

FieldTypeLabelDescription
database_groupsDatabaseGrouprepeatedThe database groups from the specified request.

UpdateDatabaseGroupRequest

Request message for updating a database group.

FieldTypeLabelDescription
database_groupDatabaseGroupThe database group to update.

The database group's name field is used to identify the database group to update. Format: projects/{project}/databaseGroups/{databaseGroup} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the database group is not found, a new database group will be created. In this situation, update_mask is ignored. |

DatabaseGroupView

View options for database group responses.

NameNumberDescription
DATABASE_GROUP_VIEW_UNSPECIFIED0The default / unset value. The API will default to the BASIC view.
DATABASE_GROUP_VIEW_BASIC1Include basic information about the database group, but exclude the list of matched databases and unmatched databases.
DATABASE_GROUP_VIEW_FULL2Include everything.

DatabaseGroupService

DatabaseGroupService manages database groups for organizing databases by criteria.

Method NameRequest TypeResponse TypeDescription
ListDatabaseGroupsListDatabaseGroupsRequestListDatabaseGroupsResponseLists database groups in a project. Permissions required: bb.databaseGroups.list
GetDatabaseGroupGetDatabaseGroupRequestDatabaseGroupGets a database group by name. Permissions required: bb.databaseGroups.get
CreateDatabaseGroupCreateDatabaseGroupRequestDatabaseGroupCreates a new database group. Permissions required: bb.databaseGroups.create
UpdateDatabaseGroupUpdateDatabaseGroupRequestDatabaseGroupUpdates a database group. Permissions required: bb.databaseGroups.update When allow_missing=true, also requires: bb.databaseGroups.create
DeleteDatabaseGroupDeleteDatabaseGroupRequest.google.protobuf.EmptyDeletes a database group. Permissions required: bb.databaseGroups.delete

Top

v1/instance_role_service.proto

InstanceRole

InstanceRole is the API message for instance role.

FieldTypeLabelDescription
namestringThe name of the role. Format: instances/{instance}/roles/{role} The role name is the unique name for the role.
role_namestringThe role name. It's unique within the instance.
passwordstringoptionalThe role password.
connection_limitint32optionalThe connection count limit for this role.
valid_untilstringoptionalThe expiration for the role's password.
attributestringoptionalThe role attribute. For PostgreSQL, it contains super_user, no_inherit, create_role, create_db, can_login, replication, and bypass_rls. Docs: https://www.postgresql.org/docs/current/role-attributes.html For MySQL, it's the global privileges as GRANT statements, which means it only contains "GRANT ... ON . TO ...". Docs: https://dev.mysql.com/doc/refman/8.0/en/grant.html

ListInstanceRolesRequest

FieldTypeLabelDescription
parentstringThe parent, which owns this collection of roles. Format: instances/
page_sizeint32Not used. The maximum number of roles to return. The service may return fewer than this value. If unspecified, at most 10 roles will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringNot used. A page token, received from a previous ListInstanceRoles call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListInstanceRoles must match the call that provided the page token. | | refresh | bool | | Refresh will refresh and return the latest data. |

ListInstanceRolesResponse

FieldTypeLabelDescription
rolesInstanceRolerepeatedThe roles from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

InstanceRoleService

InstanceRoleService manages database roles within instances.

Method NameRequest TypeResponse TypeDescription
ListInstanceRolesListInstanceRolesRequestListInstanceRolesResponseLists all database roles in an instance. Permissions required: bb.instanceRoles.list

Top

v1/instance_service.proto

AddDataSourceRequest

FieldTypeLabelDescription
namestringThe name of the instance to add a data source to. Format: instances/
data_sourceDataSourceIdentified by data source ID. Only READ_ONLY data source can be added.
validate_onlyboolValidate only also tests the data source connection.

BatchSyncInstancesRequest

FieldTypeLabelDescription
requestsSyncInstanceRequestrepeatedThe request message specifying the instances to sync. A maximum of 1000 instances can be synced in a batch.

BatchSyncInstancesResponse

BatchUpdateInstancesRequest

FieldTypeLabelDescription
requestsUpdateInstanceRequestrepeatedThe request message specifying the resources to update.

BatchUpdateInstancesResponse

FieldTypeLabelDescription
instancesInstancerepeated

CreateInstanceRequest

FieldTypeLabelDescription
instanceInstanceThe instance to create.
instance_idstringThe ID to use for the instance, which will become the final component of the instance's resource name.

This value should be 4-63 characters, and valid characters are /[a-z][0-9]-/. | | validate_only | bool | | Validate only also tests the data source connection. |

DataSource

FieldTypeLabelDescription
idstringThe unique identifier for this data source.
typeDataSourceTypeThe type of data source (ADMIN or READ_ONLY).
usernamestringThe username for database authentication.
passwordstringThe password for database authentication.
use_sslboolUse SSL to connect to the data source. By default, we use system default SSL configuration.
ssl_castringThe SSL certificate authority certificate.
ssl_certstringThe SSL client certificate.
ssl_keystringThe SSL client private key.
ssl_ca_pathstringThe local filesystem path to the SSL certificate authority certificate.
ssl_cert_pathstringThe local filesystem path to the SSL client certificate.
ssl_key_pathstringThe local filesystem path to the SSL client private key.
ssl_ca_setboolWhether an SSL certificate authority certificate has been configured.
ssl_cert_setboolWhether an SSL client certificate has been configured.
ssl_key_setboolWhether an SSL client private key has been configured.
ssl_ca_path_setboolWhether an SSL certificate authority path has been configured.
ssl_cert_path_setboolWhether an SSL client certificate path has been configured.
ssl_key_path_setboolWhether an SSL client private key path has been configured.
verify_tls_certificateboolverify_tls_certificate enables TLS certificate verification for SSL connections. Default is false (no verification) for backward compatibility. Set to true for secure connections (recommended for production). Only set to false for development or when certificates cannot be properly validated (e.g., self-signed certs, VPN environments).
hoststringThe hostname or IP address of the database server.
portstringThe port number of the database server.
databasestringThe name of the database to connect to.
srvboolsrv, authentication_database and replica_set are used for MongoDB. srv is a boolean flag that indicates whether the host is a DNS SRV record.
authentication_databasestringauthentication_database is the database name to authenticate against, which stores the user credentials.
replica_setstringreplica_set is used for MongoDB replica set.
sidstringsid and service_name are used for Oracle.
service_namestring
ssh_hoststringConnection over SSH. The hostname of the SSH server agent. Required.
ssh_portstringThe port of the SSH server agent. It's 22 typically. Required.
ssh_userstringThe user to login the server. Required.
ssh_passwordstringThe password to login the server. If it's empty string, no password is required.
ssh_private_keystringThe private key to login the server. If it's empty string, we will use the system default private key from os.Getenv("SSH_AUTH_SOCK").
authentication_private_keystringPKCS#8 private key in PEM format. If it's empty string, no private key is required. Used for authentication when connecting to the data source.
authentication_private_key_passphrasestringPassphrase for the encrypted PKCS#8 private key. Only used when the private key is encrypted.
external_secretDataSourceExternalSecret
authentication_typeDataSource.AuthenticationType
azure_credentialDataSource.AzureCredential
aws_credentialDataSource.AWSCredential
gcp_credentialDataSource.GCPCredential
sasl_configSASLConfig
additional_addressesDataSource.Addressrepeatedadditional_addresses is used for MongoDB replica set.
direct_connectionbooldirect_connection is used for MongoDB to dispatch all the operations to the node specified in the connection string.
regionstringregion is the location of where the DB is, works for AWS RDS. For example, us-east-1.
warehouse_idstringwarehouse_id is used by Databricks.
master_namestringmaster_name is the master name used by connecting redis-master via redis sentinel.
master_usernamestringmaster_username and master_password are master credentials used by redis sentinel mode.
master_passwordstring
redis_typeDataSource.RedisType
clusterstringCluster is the cluster name for the data source. Used by CockroachDB.
extra_connection_parametersDataSource.ExtraConnectionParametersEntryrepeatedExtra connection parameters for the database connection. For PostgreSQL HA, this can be used to set target_session_attrs=read-write

DataSource.AWSCredential

FieldTypeLabelDescription
access_key_idstring
secret_access_keystring
session_tokenstring
role_arnstringARN of IAM role to assume for cross-account access. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
external_idstringOptional external ID for additional security when assuming role. See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

DataSource.Address

FieldTypeLabelDescription
hoststring
portstring

DataSource.AzureCredential

FieldTypeLabelDescription
tenant_idstring
client_idstring
client_secretstring

DataSource.ExtraConnectionParametersEntry

FieldTypeLabelDescription
keystring
valuestring

DataSource.GCPCredential

FieldTypeLabelDescription
contentstring

DataSourceExternalSecret

FieldTypeLabelDescription
secret_typeDataSourceExternalSecret.SecretTypeThe type of external secret store.
urlstringThe URL of the external secret store.
auth_typeDataSourceExternalSecret.AuthTypeThe authentication method for accessing the secret store.
app_roleDataSourceExternalSecret.AppRoleAuthOptionAppRole authentication configuration.
tokenstringToken for direct authentication.
engine_namestringengine name is the name for secret engine.
secret_namestringthe secret name in the engine to store the password.
password_key_namestringthe key name for the password.
skip_vault_tls_verificationboolTLS configuration for connecting to Vault server. These fields are separate from the database TLS configuration in DataSource. skip_vault_tls_verification disables TLS certificate verification for Vault connections. Default is false (verification enabled) for security. Only set to true for development or when certificates cannot be properly validated.
vault_ssl_castringCA certificate for Vault server verification.
vault_ssl_certstringClient certificate for mutual TLS authentication with Vault.
vault_ssl_keystringClient private key for mutual TLS authentication with Vault.

DataSourceExternalSecret.AppRoleAuthOption

FieldTypeLabelDescription
role_idstringThe role ID for Vault AppRole authentication.
secret_idstringthe secret id for the role without ttl.
typeDataSourceExternalSecret.AppRoleAuthOption.SecretTypeThe type of secret for AppRole authentication.
mount_pathstringThe path where the approle auth method is mounted.

DeleteInstanceRequest

FieldTypeLabelDescription
namestringThe name of the instance to delete. Format: instances/
forceboolIf set to true, any databases and sheets from this project will also be moved to default project, and all open issues will be closed.
purgeboolIf set to true, permanently purge the soft-deleted instance and all related resources. This operation is irreversible. Following AIP-165, this should only be used for administrative cleanup of old soft-deleted instances. The instance must already be soft-deleted for this to work.

GetInstanceRequest

FieldTypeLabelDescription
namestringThe name of the instance to retrieve. Format: instances/

Instance

FieldTypeLabelDescription
namestringThe name of the instance. Format: instances/
stateStateThe lifecycle state of the instance.
titlestringThe display title of the instance.
engineEngineThe database engine type.
engine_versionstringThe version of the database engine.
external_linkstringExternal URL to the database instance console.
data_sourcesDataSourcerepeatedData source configurations for connecting to the instance.
environmentstringoptionalThe environment resource. Format: environments/prod where prod is the environment resource ID.
rolesInstanceRolerepeatedDatabase roles available in this instance.
sync_intervalgoogle.protobuf.DurationHow often the instance is synced.
sync_databasesstringrepeatedEnable sync for following databases. Default empty, means sync all schemas & databases.
last_sync_timegoogle.protobuf.TimestampThe last time the instance was synced.
labelsInstance.LabelsEntryrepeatedLabels are key-value pairs that can be attached to the instance. For example, { "org_group": "infrastructure", "environment": "production" }

Instance.LabelsEntry

FieldTypeLabelDescription
keystring
valuestring

InstanceResource

FieldTypeLabelDescription
titlestringThe display title of the instance.
engineEngineThe database engine type.
engine_versionstringThe version of the database engine.
data_sourcesDataSourcerepeatedData source configurations for the instance.
namestringThe name of the instance. Format: instances/
environmentstringoptionalThe environment resource. Format: environments/prod where prod is the environment resource ID.

KerberosConfig

FieldTypeLabelDescription
primarystringThe primary component of the Kerberos principal.
instancestringThe instance component of the Kerberos principal.
realmstringThe Kerberos realm.
keytabbytesThe keytab file contents for authentication.
kdc_hoststringThe hostname of the Key Distribution Center (KDC).
kdc_portstringThe port of the Key Distribution Center (KDC).
kdc_transport_protocolstringThe transport protocol for KDC communication (tcp or udp).

ListInstanceDatabaseRequest

FieldTypeLabelDescription
namestringThe name of the instance. Format: instances/
instanceInstanceoptionalThe target instance. We need to set this field if the target instance is not created yet.

ListInstanceDatabaseResponse

FieldTypeLabelDescription
databasesstringrepeatedAll database name list in the instance.

ListInstancesRequest

FieldTypeLabelDescription
page_sizeint32The maximum number of instances to return. The service may return fewer than this value. If unspecified, at most 10 instances will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListInstances call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListInstances must match the call that provided the page token. | | show_deleted | bool | | Show deleted instances if specified. | | filter | string | | Filter the instance. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filters: - name: the instance name, support "==" and ".contains()" operator. - resource_id: the instance id, support "==" and ".contains()" operator. - environment: the environment full name in "environments/{id}" format, support "==" operator. - state: the instance state, check State enum for values, support "==" operator. - engine: the instance engine, check Engine enum for values. Support "==", "in [xx]", "!(in [xx])" operator. - host: the instance host, support "==" and ".contains()" operator. - port: the instance port, support "==" and ".contains()" operator. - project: the project full name in "projects/{id}" format, support "==" operator. - labels.{key}: the instance label, support "==" and "in" operators.

For example: name == "sample instance" name.contains("sample") resource_id == "sample-instance" resource_id.contains("sample") state == "DELETED" environment == "environments/test" environment == "" (find instances which environment is not set) engine == "MYSQL" engine in ["MYSQL", "POSTGRES"] !(engine in ["MYSQL", "POSTGRES"]) host == "127.0.0.1" host.contains("127.0") port == "54321" port.contains("543") labels.org_group == "infrastructure" labels.environment in ["prod", "production"] project == "projects/sample-project" You can combine filter conditions like: name.contains("sample") && environment == "environments/test" host == "127.0.0.1" && port == "54321" | | order_by | string | | The order by of instances. Support title, environment. The default sorting order is ascending. For example: - order_by = "title" - order_by = "title desc" - order_by = "title desc, environment asc" |

ListInstancesResponse

FieldTypeLabelDescription
instancesInstancerepeatedThe instances from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

RemoveDataSourceRequest

FieldTypeLabelDescription
namestringThe name of the instance to remove a data source from. Format: instances/
data_sourceDataSourceIdentified by data source ID. Only READ_ONLY data source can be removed.

SASLConfig

FieldTypeLabelDescription
krb_configKerberosConfigKerberos authentication configuration.

SyncInstanceRequest

FieldTypeLabelDescription
namestringThe name of instance. Format: instances/
enable_full_syncboolWhen full sync is enabled, all databases in the instance will be synchronized. Otherwise, only the instance metadata (such as the database list) and any newly discovered databases will be synced.

SyncInstanceResponse

FieldTypeLabelDescription
databasesstringrepeatedAll database name list in the instance.

UndeleteInstanceRequest

FieldTypeLabelDescription
namestringThe name of the deleted instance. Format: instances/

UpdateDataSourceRequest

FieldTypeLabelDescription
namestringThe name of the instance to update a data source. Format: instances/
data_sourceDataSourceIdentified by data source ID.
update_maskgoogle.protobuf.FieldMaskThe list of fields to update.
validate_onlyboolValidate only also tests the data source connection.
allow_missingboolIf set to true, and the data source is not found, a new data source will be created. In this situation, update_mask is ignored.

UpdateInstanceRequest

FieldTypeLabelDescription
instanceInstanceThe instance to update.

The instance's name field is used to identify the instance to update. Format: instances/{instance} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the instance is not found, a new instance will be created. In this situation, update_mask is ignored. |

DataSource.AuthenticationType

NameNumberDescription
AUTHENTICATION_UNSPECIFIED0
PASSWORD1
GOOGLE_CLOUD_SQL_IAM2
AWS_RDS_IAM3
AZURE_IAM4

DataSource.RedisType

NameNumberDescription
REDIS_TYPE_UNSPECIFIED0
STANDALONE1
SENTINEL2
CLUSTER3

DataSourceExternalSecret.AppRoleAuthOption.SecretType

NameNumberDescription
SECRET_TYPE_UNSPECIFIED0Unspecified secret type.
PLAIN1Plain text secret.
ENVIRONMENT2Secret from environment variable.

DataSourceExternalSecret.AuthType

NameNumberDescription
AUTH_TYPE_UNSPECIFIED0Unspecified authentication type.
TOKEN1ref: https://developer.hashicorp.com/vault/docs/auth/token
VAULT_APP_ROLE2ref: https://developer.hashicorp.com/vault/docs/auth/approle

DataSourceExternalSecret.SecretType

NameNumberDescription
SECRET_TYPE_UNSPECIFIED0Unspecified secret type.
VAULT_KV_V21ref: https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2
AWS_SECRETS_MANAGER2ref: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
GCP_SECRET_MANAGER3ref: https://cloud.google.com/secret-manager/docs
AZURE_KEY_VAULT4ref: https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets

DataSourceType

NameNumberDescription
DATA_SOURCE_UNSPECIFIED0Unspecified data source type.
ADMIN1Admin data source with write permissions.
READ_ONLY2Read-only data source for query operations.

InstanceService

InstanceService manages database instances and their connections.

Method NameRequest TypeResponse TypeDescription
GetInstanceGetInstanceRequestInstanceGets a database instance by name. Permissions required: bb.instances.get
ListInstancesListInstancesRequestListInstancesResponseLists all database instances. Permissions required: bb.instances.list
CreateInstanceCreateInstanceRequestInstanceCreates a new database instance. Permissions required: bb.instances.create
UpdateInstanceUpdateInstanceRequestInstanceUpdates a database instance. Permissions required: bb.instances.update
DeleteInstanceDeleteInstanceRequest.google.protobuf.EmptyDeletes or soft-deletes a database instance. Permissions required: bb.instances.delete
UndeleteInstanceUndeleteInstanceRequestInstanceRestores a soft-deleted database instance. Permissions required: bb.instances.undelete
SyncInstanceSyncInstanceRequestSyncInstanceResponseSyncs database schemas and metadata from an instance. Permissions required: bb.instances.sync
ListInstanceDatabaseListInstanceDatabaseRequestListInstanceDatabaseResponseLists all databases within an instance without creating them. Permissions required: bb.instances.get
BatchSyncInstancesBatchSyncInstancesRequestBatchSyncInstancesResponseSyncs multiple instances in a single request. Permissions required: bb.instances.sync
BatchUpdateInstancesBatchUpdateInstancesRequestBatchUpdateInstancesResponseUpdates multiple instances in a single request. Permissions required: bb.instances.update
AddDataSourceAddDataSourceRequestInstanceAdds a read-only data source to an instance. Permissions required: bb.instances.update
RemoveDataSourceRemoveDataSourceRequestInstanceRemoves a read-only data source from an instance. Permissions required: bb.instances.update
UpdateDataSourceUpdateDataSourceRequestInstanceUpdates a data source configuration. Permissions required: bb.instances.update

Top

v1/database_service.proto

BatchGetDatabasesRequest

FieldTypeLabelDescription
parentstringThe parent resource shared by all databases being retrieved. - projects/{project}: batch get databases in a project; - instances/{instances}: batch get databases in a instance; Use "-" as wildcard to batch get databases across parent.
namesstringrepeatedThe list of database names to retrieve.

BatchGetDatabasesResponse

FieldTypeLabelDescription
databasesDatabaserepeatedThe databases from the specified request.

BatchSyncDatabasesRequest

FieldTypeLabelDescription
parentstringThe parent resource shared by all databases being updated. Format: instances/{instance} If the operation spans parents, a dash (-) may be accepted as a wildcard.
namesstringrepeatedThe list of database names to sync.

BatchSyncDatabasesResponse

BatchUpdateDatabasesRequest

FieldTypeLabelDescription
parentstringThe parent resource shared by all databases being updated. Format: instances/{instance} If the operation spans parents, a dash (-) may be accepted as a wildcard. We only support updating the project of databases for now.
requestsUpdateDatabaseRequestrepeatedThe request message specifying the resources to update. A maximum of 1000 databases can be modified in a batch.

BatchUpdateDatabasesResponse

FieldTypeLabelDescription
databasesDatabaserepeatedDatabases updated.

BoundingBox

BoundingBox defines the spatial bounds for GEOMETRY spatial indexes.

FieldTypeLabelDescription
xmindoubleMinimum X coordinate
ymindoubleMinimum Y coordinate
xmaxdoubleMaximum X coordinate
ymaxdoubleMaximum Y coordinate

Changelog

FieldTypeLabelDescription
namestringFormat: instances/{instance}/databases/{database}/changelogs/
create_timegoogle.protobuf.Timestamp
statusChangelog.Status
schemastring
schema_sizeint64
task_runstringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/
plan_titlestringThe title of the plan associated with this changelog's task run. This field is populated by deriving the plan from task_run for display purposes.

CheckConstraintMetadata

CheckConstraintMetadata is the metadata for check constraints.

FieldTypeLabelDescription
namestringThe name is the name of a check constraint.
expressionstringThe expression is the expression of a check constraint.

ColumnMetadata

ColumnMetadata is the metadata for columns.

FieldTypeLabelDescription
namestringThe name is the name of a column.
positionint32The position is the position in columns.
has_defaultbool
defaultstringThe default value of column.
default_on_nullboolOracle specific metadata. The default_on_null is the default on null of a column.
on_updatestringThe on_update is the on update action of a column. For MySQL like databases, it's only supported for TIMESTAMP columns with CURRENT_TIMESTAMP as on update value.
nullableboolThe nullable is the nullable of a column.
typestringThe type is the type of a column.
character_setstringThe character_set is the character_set of a column.
collationstringThe collation is the collation of a column.
commentstringThe comment is the comment of a column.
generationGenerationMetadataThe generation is the generation of a column.
is_identitybool
identity_generationColumnMetadata.IdentityGenerationThe identity_generation is for identity columns, PG only.
identity_seedint64The identity_seed is for identity columns, MSSQL only.
identity_incrementint64The identity_increment is for identity columns, MSSQL only.
default_constraint_namestringThe default_constraint_name is the name of the default constraint, MSSQL only. In MSSQL, default values are implemented as named constraints. When modifying or dropping a column's default value, you must reference the constraint by name. This field stores the actual constraint name from the database.

Example: A column definition like: CREATE TABLE employees ( status NVARCHAR(20) DEFAULT 'active' )

Will create a constraint with an auto-generated name like 'DF__employees__statu__3B75D760' or a user-defined name if specified: ALTER TABLE employees ADD CONSTRAINT DF_employees_status DEFAULT 'active' FOR status

To modify the default, you must first drop the existing constraint by name: ALTER TABLE employees DROP CONSTRAINT DF__employees__statu__3B75D760 ALTER TABLE employees ADD CONSTRAINT DF_employees_status DEFAULT 'inactive' FOR status

This field is populated when syncing from the database. When empty (e.g., when parsing from SQL files), the system cannot automatically drop the constraint. |

Database

FieldTypeLabelDescription
namestringThe name of the database. Format: instances/{instance}/databases/{database} {database} is the database name in the instance.
stateStateThe existence of a database.
successful_sync_timegoogle.protobuf.TimestampThe latest synchronization time.
projectstringThe project for a database. Format: projects/
releasestringThe release that was last applied to this database. Format: projects/{project}/releases/{release_id} Example: projects/my-project/releases/release_20260115-RC00
environmentstringoptionalThe environment resource. Format: environments/prod where prod is the environment resource ID.
effective_environmentstringoptionalThe effective environment based on environment tag above and environment tag on the instance. Inheritance follows https://cloud.google.com/resource-manager/docs/tags/tags-overview.
labelsDatabase.LabelsEntryrepeatedLabels will be used for deployment and policy control.
instance_resourceInstanceResourceThe instance resource.
backup_availableboolThe database is available for DML prior backup.
sync_statusSyncStatusThe sync status of the database.
sync_errorstringThe error message if sync failed.

Database.LabelsEntry

FieldTypeLabelDescription
keystring
valuestring

DatabaseMetadata

DatabaseMetadata is the metadata for databases.

FieldTypeLabelDescription
namestringThe database metadata name.

Format: instances/{instance}/databases/{database}/metadata | | schemas | SchemaMetadata | repeated | The schemas is the list of schemas in a database. | | character_set | string | | The character_set is the character set of a database. | | collation | string | | The collation is the collation of a database. | | extensions | ExtensionMetadata | repeated | The extensions is the list of extensions in a database. | | owner | string | | The owner of the database. | | search_path | string | | The search_path is the search path of a PostgreSQL database. |

DatabaseSDLSchema

DatabaseSDLSchema contains the schema in SDL format.

FieldTypeLabelDescription
schemabytesThe SDL schema content. - For SINGLE_FILE format: contains the complete SDL schema as a text string. - For MULTI_FILE format: contains the ZIP archive as binary data.
content_typestringThe MIME type of the schema content. Indicates how the client should interpret the schema field. Examples: - "text/plain; charset=utf-8" for SINGLE_FILE format - "application/zip" for MULTI_FILE format

DatabaseSchema

DatabaseSchema is the metadata for databases.

FieldTypeLabelDescription
schemastringThe schema dump from database.

DependencyColumn

DependencyColumn is the metadata for dependency columns.

FieldTypeLabelDescription
schemastringThe schema is the schema of a reference column.
tablestringThe table is the table of a reference column.
columnstringThe column is the name of a reference column.

DependencyTable

FieldTypeLabelDescription
schemastringThe schema is the schema of a reference table.
tablestringThe table is the name of a reference table.

DiffSchemaRequest

FieldTypeLabelDescription
namestringThe name of the database or changelog. Format: database: instances/{instance}/databases/{database} changelog: instances/{instance}/databases/{database}/changelogs/
schemastringThe target schema.
changelogstringThe resource name of the changelog Format: instances/{instance}/databases/{database}/changelogs/

DiffSchemaResponse

FieldTypeLabelDescription
diffstring

DimensionConstraint

DimensionConstraint defines constraints for a spatial dimension.

FieldTypeLabelDescription
dimensionstringDimension name/type (X, Y, Z, M, etc.)
min_valuedoubleMinimum value for this dimension
max_valuedoubleMaximum value for this dimension
tolerancedoubleTolerance for this dimension

DimensionalConfig

DimensionalConfig defines dimensional and constraint parameters for spatial indexes.

FieldTypeLabelDescription
dimensionsint32Number of dimensions (2-4, default 2)
data_typestringSpatial data type (GEOMETRY, GEOGRAPHY, POINT, POLYGON, etc.)
sridint32Spatial reference system identifier (SRID)
constraintsDimensionConstraintrepeatedCoordinate system constraints

EnumTypeMetadata

FieldTypeLabelDescription
namestringThe name of a type.
valuesstringrepeatedThe enum values of a type.
commentstringThe comment describing the enum type.
skip_dumpboolWhether to skip this enum type during schema dump operations.

EventMetadata

FieldTypeLabelDescription
namestringThe name of the event.
definitionstringThe schedule of the event.
time_zonestringThe time zone of the event.
sql_modestringThe SQL mode setting for the event.
character_set_clientstringThe character set used by the client creating the event.
collation_connectionstringThe collation used for the connection when creating the event.
commentstringThe comment is the comment of an event.

ExtensionMetadata

ExtensionMetadata is the metadata for extensions.

FieldTypeLabelDescription
namestringThe name is the name of an extension.
schemastringThe schema is the extension that is installed to. But the extension usage is not limited to the schema.
versionstringThe version is the version of an extension.
descriptionstringThe description is the description of an extension.

ExternalTableMetadata

FieldTypeLabelDescription
namestringThe name is the name of a external table.
external_server_namestringThe external_server_name is the name of the external server.
external_database_namestringThe external_database_name is the name of the external database.
columnsColumnMetadatarepeatedThe columns is the ordered list of columns in a foreign table.

ForeignKeyMetadata

ForeignKeyMetadata is the metadata for foreign keys.

FieldTypeLabelDescription
namestringThe name is the name of a foreign key.
columnsstringrepeatedThe columns are the ordered referencing columns of a foreign key.
referenced_schemastringThe referenced_schema is the referenced schema name of a foreign key. It is an empty string for databases without such concept such as MySQL.
referenced_tablestringThe referenced_table is the referenced table name of a foreign key.
referenced_columnsstringrepeatedThe referenced_columns are the ordered referenced columns of a foreign key.
on_deletestringThe on_delete is the on delete action of a foreign key.
on_updatestringThe on_update is the on update action of a foreign key.
match_typestringThe match_type is the match type of a foreign key. The match_type is the PostgreSQL specific field. It's empty string for other databases.

FunctionMetadata

FunctionMetadata is the metadata for functions.

FieldTypeLabelDescription
namestringThe name is the name of a function.
definitionstringThe definition is the definition of a function.
signaturestringThe signature is the name with the number and type of input arguments the function takes.
character_set_clientstringMySQL specific metadata.
collation_connectionstring
database_collationstring
sql_modestring
commentstring
dependency_tablesDependencyTablerepeatedThe dependency_tables is the list of dependency tables of a function. For PostgreSQL, it's the list of tables that the function depends on the return type definition.
skip_dumpbool

GenerationMetadata

FieldTypeLabelDescription
typeGenerationMetadata.Type
expressionstring

GetChangelogRequest

FieldTypeLabelDescription
namestringThe name of the changelog to retrieve. Format: instances/{instance}/databases/{database}/changelogs/
viewChangelogView

GetDatabaseMetadataRequest

FieldTypeLabelDescription
namestringThe name of the database to retrieve metadata. Format: instances/{instance}/databases/{database}/metadata
filterstringFilter is used to filter databases returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - schema: the schema name, support "==" operator. - table: the table name, support "==" and ".contains()" operator.

For example: schema == "schema-a" table == "table-a" table.contains("table-a") schema == "schema-a" && table.contains("sample") The filter is used to search for tables containing "sample" in the schema "schemas/schema-a". The column masking level will only be returned when a table filter is used. | | limit | int32 | | Limit the response size of returned table metadata per schema. For example, if the database has 3 schemas, and each schema has 100 tables, if limit is 20, then only 20 tables will be returned for each schema, total 60 tables. Default 0, means no limit. |

GetDatabaseRequest

FieldTypeLabelDescription
namestringThe name of the database to retrieve. Format: instances/{instance}/databases/

GetDatabaseSDLSchemaRequest

FieldTypeLabelDescription
namestringThe name of the database to retrieve SDL schema. Format: instances/{instance}/databases/{database}/sdlSchema
formatGetDatabaseSDLSchemaRequest.SDLFormatThe format of the SDL schema output.

GetDatabaseSchemaRequest

FieldTypeLabelDescription
namestringThe name of the database to retrieve schema. Format: instances/{instance}/databases/{database}/schema

GetSchemaStringRequest

FieldTypeLabelDescription
namestringThe name of the database. Format: instances/{instance}/databases/
typeGetSchemaStringRequest.ObjectType
schemastringIt's empty for DATABASE.
objectstringIt's empty for DATABASE and SCHEMA.
metadataDatabaseMetadataIf use the metadata to generate the schema string, the type is OBJECT_TYPE_UNSPECIFIED. Also the schema and object are empty.

GetSchemaStringResponse

FieldTypeLabelDescription
schema_stringstring

GridLevel

GridLevel defines a tessellation grid level with its density.

FieldTypeLabelDescription
levelint32Grid level number (1-4 for SQL Server)
densitystringGrid density (LOW, MEDIUM, HIGH)

IndexMetadata

IndexMetadata is the metadata for indexes.

FieldTypeLabelDescription
namestringThe name is the name of an index.
expressionsstringrepeatedThe expressions are the ordered columns or expressions of an index. This could refer to a column or an expression.
key_lengthint64repeatedThe key_lengths are the ordered key lengths of an index. If the key length is not specified, it's -1.
descendingboolrepeatedThe descending is the ordered descending of an index.
typestringThe type is the type of an index.
uniqueboolThe unique is whether the index is unique.
primaryboolThe primary is whether the index is a primary key index.
visibleboolThe visible is whether the index is visible.
commentstringThe comment is the comment of an index.
definitionstringThe definition of an index.
parent_index_schemastringThe schema name of the parent index.
parent_index_namestringThe index name of the parent index.
granularityint64The number of granules in the block. It's a ClickHouse specific field.
is_constraintboolIt's a PostgreSQL specific field. The unique constraint and unique index are not the same thing in PostgreSQL.
spatial_configSpatialIndexConfigSpatial index configuration for spatial databases like SQL Server, PostgreSQL with PostGIS, etc.
opclass_namesstringrepeatedhttps://www.postgresql.org/docs/current/catalog-pg-opclass.html Name of the operator class for each column. (PostgreSQL specific).
opclass_defaultsboolrepeatedTrue if the operator class is the default. (PostgreSQL specific).

ListChangelogsRequest

FieldTypeLabelDescription
parentstringThe parent of the changelogs. Format: instances/{instance}/databases/
page_sizeint32The maximum number of changelogs to return. The service may return fewer than this value. If unspecified, at most 10 changelogs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from the previous call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided must match the call that provided the page token. | | view | ChangelogView | | | | filter | string | | Filter is used to filter changelogs returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - status: the changelog status, support "==" operation. check Changelog.Status for available values. - create_time: the changelog create time in "2006-01-02T15:04:05Z07:00" format, support ">=" or "<=" operator.

Example: status == "DONE" status == "FAILED" && type == "SDL" create_time >= "2024-01-01T00:00:00Z" && create_time <= "2024-01-02T00:00:00Z" |

ListChangelogsResponse

FieldTypeLabelDescription
changelogsChangelogrepeatedThe list of changelogs.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

ListDatabasesRequest

FieldTypeLabelDescription
parentstring- projects/{project}: list databases in a project, require "bb.projects.get" permission. - workspaces/{id}: list databases in the workspace, require "bb.databases.list" permission. - instances/{instances}: list databases in a instance, require "bb.instances.get" permission
page_sizeint32The maximum number of databases to return. The service may return fewer than this value. If unspecified, at most 10 databases will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListDatabases call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListDatabases must match the call that provided the page token. | | filter | string | | Filter is used to filter databases returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - environment: the environment full name in "environments/{id}" format, support "==" operator. - name: the database name, support ".contains()" operator. - project: the project full name in "projects/{id}" format, support "==" operator. - instance: the instance full name in "instances/{id}" format, support "==" operator. - engine: the database engine, check Engine enum for values. Support "==", "in [xx]", "!(in [xx])" operator. - exclude_unassigned: should be "true" or "false", will not show unassigned databases if it's true, support "==" operator. - table: filter by the database table, support "==" and ".contains()" operator. - labels.{key}: the database label, support "==" and "in" operators.

For example: environment == "environments/{environment resource id}" environment == "" (find databases which environment is not set) project == "projects/{project resource id}" instance == "instances/{instance resource id}" name.contains("database name") engine == "MYSQL" engine in ["MYSQL", "POSTGRES"] !(engine in ["MYSQL", "POSTGRES"]) exclude_unassigned == true table == "sample" table.contains("sam") labels.environment == "production" labels.region == "asia" labels.region in ["asia", "europe"]

You can combine filter conditions like: environment == "environments/prod" && name.contains("employee") | | show_deleted | bool | | Show deleted database if specified. | | order_by | string | | The order by of databases. Support name, project, instance. The default sorting order is ascending. For example: - order_by = "name" - order by name ascending - order_by = "name desc" - order_by = "name desc, project asc" |

ListDatabasesResponse

FieldTypeLabelDescription
databasesDatabaserepeatedThe databases from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

MaterializedViewMetadata

MaterializedViewMetadata is the metadata for materialized views.

FieldTypeLabelDescription
namestringThe name is the name of a materialized view.
definitionstringThe definition is the definition of a materialized view.
commentstringThe comment is the comment of a materialized view.
dependency_columnsDependencyColumnrepeatedThe dependency_columns is the list of dependency columns of a materialized view.
triggersTriggerMetadatarepeatedThe columns is the ordered list of columns in a table.
indexesIndexMetadatarepeatedThe indexes is the list of indexes in a table.
skip_dumpbool

PackageMetadata

PackageMetadata is the metadata for packages.

FieldTypeLabelDescription
namestringThe name is the name of a package.
definitionstringThe definition is the definition of a package.

ProcedureMetadata

ProcedureMetadata is the metadata for procedures.

FieldTypeLabelDescription
namestringThe name is the name of a procedure.
definitionstringThe definition is the definition of a procedure.
signaturestringThe signature is the name with the number and type of input arguments the procedure takes.
character_set_clientstringMySQL specific metadata.
collation_connectionstring
database_collationstring
sql_modestring
commentstringThe comment is the comment of a procedure.
skip_dumpbool

SchemaMetadata

SchemaMetadata is the metadata for schemas. This is the concept of schema in Postgres, but it's a no-op for MySQL.

FieldTypeLabelDescription
namestringThe name is the schema name. It is an empty string for databases without such concept such as MySQL.
tablesTableMetadatarepeatedThe tables is the list of tables in a schema.
external_tablesExternalTableMetadatarepeatedThe external_tables is the list of external tables in a schema.
viewsViewMetadatarepeatedThe views is the list of views in a schema.
functionsFunctionMetadatarepeatedThe functions is the list of functions in a schema.
proceduresProcedureMetadatarepeatedThe procedures is the list of procedures in a schema.
streamsStreamMetadatarepeatedThe streams is the list of streams in a schema, currently, only used for Snowflake.
tasksTaskMetadatarepeatedThe routines is the list of routines in a schema, currently, only used for Snowflake.
materialized_viewsMaterializedViewMetadatarepeatedThe materialized_views is the list of materialized views in a schema.
packagesPackageMetadatarepeatedThe packages is the list of packages in a schema.
ownerstringThe owner of the schema.
sequencesSequenceMetadatarepeatedThe sequences is the list of sequences in a schema, sorted by name.
eventsEventMetadatarepeatedThe events is the list of scheduled events in a schema.
enum_typesEnumTypeMetadatarepeatedThe enum_types is the list of user-defined enum types in a schema.
skip_dumpboolWhether to skip this schema during schema dump operations.
commentstringThe comment is the comment of a schema.

SequenceMetadata

FieldTypeLabelDescription
namestringThe name of a sequence.
data_typestringThe data type of a sequence.
startstringThe start value of a sequence.
min_valuestringThe minimum value of a sequence.
max_valuestringThe maximum value of a sequence.
incrementstringIncrement value of a sequence.
cycleboolCycle is whether the sequence cycles.
cache_sizestringCache size of a sequence.
last_valuestringLast value of a sequence.
owner_tablestringThe owner table of the sequence.
owner_columnstringThe owner column of the sequence.
commentstringThe comment describing the sequence.
skip_dumpboolWhether to skip this sequence during schema dump operations.

SpatialIndexConfig

SpatialIndexConfig defines the spatial index configuration for spatial databases.

FieldTypeLabelDescription
methodstringSpatial indexing method (e.g., "SPATIAL", "R-TREE", "GIST")
tessellationTessellationConfigTessellation configuration for grid-based spatial indexes
storageStorageConfigStorage and performance configuration
dimensionalDimensionalConfigDimensional configuration

StorageConfig

StorageConfig defines storage and performance parameters for spatial indexes.

FieldTypeLabelDescription
fillfactorint32Fill factor percentage (1-100)
bufferingstringBuffering mode for PostgreSQL (auto, on, off)
tablespacestringTablespace configuration for Oracle
work_tablespacestring
sdo_levelint32
commit_intervalint32
pad_indexboolSQL Server specific parameters
sort_in_tempdbstringON, OFF
drop_existingbool
onlinebool
allow_row_locksbool
allow_page_locksbool
maxdopint32
data_compressionstringNONE, ROW, PAGE

StreamMetadata

FieldTypeLabelDescription
namestringThe name is the name of a stream.
table_namestringThe table_name is the name of the table/view that the stream is created on.
ownerstringThe owner of the stream.
commentstringThe comment of the stream.
typeStreamMetadata.TypeThe type of the stream.
staleboolIndicates whether the stream was last read before the stale_after time.
modeStreamMetadata.ModeThe mode of the stream.
definitionstringThe definition of the stream.

SyncDatabaseRequest

FieldTypeLabelDescription
namestringThe name of the database to sync. Format: instances/{instance}/databases/

SyncDatabaseResponse

TableMetadata

TableMetadata is the metadata for tables.

FieldTypeLabelDescription
namestringThe name is the name of a table.
columnsColumnMetadatarepeatedThe columns is the ordered list of columns in a table.
indexesIndexMetadatarepeatedThe indexes is the list of indexes in a table.
enginestringThe engine is the engine of a table.
collationstringThe collation is the collation of a table.
charsetstringThe character set of table.
row_countint64The row_count is the estimated number of rows of a table.
data_sizeint64The data_size is the estimated data size of a table.
index_sizeint64The index_size is the estimated index size of a table.
data_freeint64The data_free is the estimated free data size of a table.
create_optionsstringThe create_options is the create option of a table.
commentstringThe comment is the comment of a table.
foreign_keysForeignKeyMetadatarepeatedThe foreign_keys is the list of foreign keys in a table.
partitionsTablePartitionMetadatarepeatedThe partitions is the list of partitions in a table.
check_constraintsCheckConstraintMetadatarepeatedThe check_constraints is the list of check constraints in a table.
ownerstringThe owner of the table.
sorting_keysstringrepeatedThe sorting_keys is a tuple of column names or arbitrary expressions. ClickHouse specific field. Reference: https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree#order_by
triggersTriggerMetadatarepeatedThe triggers is the list of triggers associated with the table.
skip_dumpboolWhether to skip this table during schema dump operations.
sharding_infostringhttps://docs.pingcap.com/tidb/stable/information-schema-tables/
primary_key_typestringhttps://docs.pingcap.com/tidb/stable/clustered-indexes/#clustered-indexes CLUSTERED or NONCLUSTERED.

TablePartitionMetadata

TablePartitionMetadata is the metadata for table partitions.

FieldTypeLabelDescription
namestringThe name is the name of a table partition.
typeTablePartitionMetadata.TypeThe type of a table partition.
expressionstringThe expression is the expression of a table partition. For PostgreSQL, the expression is the text of {FOR VALUES partition_bound_spec}, see https://www.postgresql.org/docs/current/sql-createtable.html. For MySQL, the expression is the expr or column_list of the following syntax. PARTITION BY { [LINEAR] HASH(expr)
valuestringThe value is the value of a table partition. For MySQL, the value is for RANGE and LIST partition types, - For a RANGE partition, it contains the value set in the partition's VALUES LESS THAN clause, which can be either an integer or MAXVALUE. - For a LIST partition, this column contains the values defined in the partition's VALUES IN clause, which is a list of comma-separated integer values. - For others, it's an empty string.
use_defaultstringThe use_default is whether the users use the default partition, it stores the different value for different database engines. For MySQL, it's [INT] type, 0 means not use default partition, otherwise, it's equals to number in syntax [SUB]PARTITION {number}.
subpartitionsTablePartitionMetadatarepeatedThe subpartitions is the list of subpartitions in a table partition.
indexesIndexMetadatarepeated
check_constraintsCheckConstraintMetadatarepeated

TaskMetadata

FieldTypeLabelDescription
namestringThe name is the name of a task.
idstringThe id is the snowflake-generated id of a task. Example: 01ad32a0-1bb6-5e93-0000-000000000001
ownerstringThe owner of the task.
commentstringThe comment of the task.
warehousestringThe warehouse of the task.
schedulestringThe schedule interval of the task.
predecessorsstringrepeatedThe predecessor tasks of the task.
stateTaskMetadata.StateThe state of the task.
conditionstringThe condition of the task.
definitionstringThe definition of the task.

TessellationConfig

TessellationConfig defines tessellation parameters for spatial indexes.

FieldTypeLabelDescription
schemestringTessellation scheme (e.g., "GEOMETRY_GRID", "GEOGRAPHY_GRID", "GEOMETRY_AUTO_GRID")
grid_levelsGridLevelrepeatedGrid levels and densities for multi-level tessellation
cells_per_objectint32Number of cells per object (1-8192 for SQL Server)
bounding_boxBoundingBoxBounding box for GEOMETRY tessellation (not used for GEOGRAPHY)

TriggerMetadata

FieldTypeLabelDescription
namestringThe name is the name of the trigger.
eventstringThe event is the event of the trigger, such as INSERT, UPDATE, DELETE, TRUNCATE.
timingstringThe timing is the timing of the trigger, such as BEFORE, AFTER.
bodystringThe body is the body of the trigger.
sql_modestringThe SQL mode setting for the trigger.
character_set_clientstringThe character set used by the client creating the trigger.
collation_connectionstringThe collation used for the connection when creating the trigger.
commentstringThe comment describing the trigger.
skip_dumpboolWhether to skip this trigger during schema dump operations.

UpdateDatabaseRequest

FieldTypeLabelDescription
databaseDatabaseThe database to update.

The database's name field is used to identify the database to update. Format: instances/{instance}/databases/{database} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the database is not found, a new database will be created. In this situation, update_mask is ignored. |

ViewMetadata

ViewMetadata is the metadata for views.

FieldTypeLabelDescription
namestringThe name is the name of a view.
definitionstringThe definition is the definition of a view.
commentstringThe comment is the comment of a view.
dependency_columnsDependencyColumnrepeatedThe dependency_columns is the list of dependency columns of a view.
columnsColumnMetadatarepeatedThe columns is the ordered list of columns in a table.
triggersTriggerMetadatarepeatedThe triggers is the list of triggers in a view.
skip_dumpbool

Changelog.Status

NameNumberDescription
STATUS_UNSPECIFIED0
PENDING1
DONE2
FAILED3

ChangelogView

NameNumberDescription
CHANGELOG_VIEW_UNSPECIFIED0The default / unset value. The API will default to the BASIC view.
CHANGELOG_VIEW_BASIC1
CHANGELOG_VIEW_FULL2

ColumnMetadata.IdentityGeneration

NameNumberDescription
IDENTITY_GENERATION_UNSPECIFIED0
ALWAYS1
BY_DEFAULT2

GenerationMetadata.Type

NameNumberDescription
TYPE_UNSPECIFIED0
VIRTUAL1
STORED2

GetDatabaseSDLSchemaRequest.SDLFormat

SDLFormat specifies the output format for SDL schema.

NameNumberDescription
SDL_FORMAT_UNSPECIFIED0Unspecified format. Defaults to SINGLE_FILE.
SINGLE_FILE1Single file format: returns the complete SDL schema as a single file.
MULTI_FILE2Multi-file format: returns the SDL schema as a ZIP archive containing multiple files organized by schema objects (tables, views, functions, etc.).

GetSchemaStringRequest.ObjectType

NameNumberDescription
OBJECT_TYPE_UNSPECIFIED0
DATABASE1
SCHEMA2
TABLE3
VIEW4
MATERIALIZED_VIEW5
FUNCTION6
PROCEDURE7
SEQUENCE8

StreamMetadata.Mode

NameNumberDescription
MODE_UNSPECIFIED0
DEFAULT1
APPEND_ONLY2
INSERT_ONLY3

StreamMetadata.Type

NameNumberDescription
TYPE_UNSPECIFIED0
DELTA1

SyncStatus

SyncStatus is the status of the database sync operation.

NameNumberDescription
SYNC_STATUS_UNSPECIFIED0
OK1The database was synced successfully.
FAILED2The database sync failed.

TablePartitionMetadata.Type

Type is the type of a table partition, some database engines may not support all types. Only avilable for the following database engines now: MySQL: RANGE, RANGE COLUMNS, LIST, LIST COLUMNS, HASH, LINEAR HASH, KEY, LINEAR_KEY (https://dev.mysql.com/doc/refman/8.0/en/partitioning-types.html) TiDB: RANGE, RANGE COLUMNS, LIST, LIST COLUMNS, HASH, KEY PostgreSQL: RANGE, LIST, HASH (https://www.postgresql.org/docs/current/ddl-partitioning.html)

NameNumberDescription
TYPE_UNSPECIFIED0
RANGE1
RANGE_COLUMNS2
LIST3
LIST_COLUMNS4
HASH5
LINEAR_HASH6
KEY7
LINEAR_KEY8

TaskMetadata.State

NameNumberDescription
STATE_UNSPECIFIED0
STARTED1
SUSPENDED2

DatabaseService

DatabaseService manages databases and their schemas.

Method NameRequest TypeResponse TypeDescription
GetDatabaseGetDatabaseRequestDatabaseRetrieves a database by name. Permissions required: bb.databases.get
BatchGetDatabasesBatchGetDatabasesRequestBatchGetDatabasesResponseRetrieves multiple databases by their names. Permissions required: bb.databases.get
ListDatabasesListDatabasesRequestListDatabasesResponseLists databases in a project, instance, or workspace. Permissions required: bb.projects.get (for project parent), bb.databases.list (for workspace parent), or bb.instances.get (for instance parent)
UpdateDatabaseUpdateDatabaseRequestDatabaseUpdates database properties such as labels and project assignment. Permissions required: bb.databases.update
BatchUpdateDatabasesBatchUpdateDatabasesRequestBatchUpdateDatabasesResponseUpdates multiple databases in a single batch operation. Permissions required: bb.databases.update
SyncDatabaseSyncDatabaseRequestSyncDatabaseResponseSynchronizes database schema from the instance. Permissions required: bb.databases.sync
BatchSyncDatabasesBatchSyncDatabasesRequestBatchSyncDatabasesResponseSynchronizes multiple databases in a single batch operation. Permissions required: bb.databases.sync
GetDatabaseMetadataGetDatabaseMetadataRequestDatabaseMetadataRetrieves database metadata including tables, columns, and indexes. Permissions required: bb.databases.getSchema
GetDatabaseSchemaGetDatabaseSchemaRequestDatabaseSchemaRetrieves database schema as DDL statements. Permissions required: bb.databases.getSchema
GetDatabaseSDLSchemaGetDatabaseSDLSchemaRequestDatabaseSDLSchemaRetrieves database schema in SDL (Schema Definition Language) format. Permissions required: bb.databases.getSchema
DiffSchemaDiffSchemaRequestDiffSchemaResponseCompares and generates migration statements between two schemas. Permissions required: bb.databases.get
ListChangelogsListChangelogsRequestListChangelogsResponseLists migration history for a database. Permissions required: bb.changelogs.list
GetChangelogGetChangelogRequestChangelogRetrieves a specific changelog entry. Permissions required: bb.changelogs.get
GetSchemaStringGetSchemaStringRequestGetSchemaStringResponseGenerates schema DDL for a database object. Permissions required: bb.databases.getSchema

Top

v1/group_service.proto

BatchGetGroupsRequest

Request message for batch getting groups.

FieldTypeLabelDescription
namesstringrepeatedThe group names to retrieve. Format: groups/

BatchGetGroupsResponse

Response message for batch getting groups.

FieldTypeLabelDescription
groupsGrouprepeatedThe groups from the specified request.

CreateGroupRequest

Request message for creating a group.

FieldTypeLabelDescription
groupGroupThe group to create.
group_emailstringThe email to use for the group, which will become the final component of the group's resource name.

DeleteGroupRequest

Request message for deleting a group.

FieldTypeLabelDescription
namestringThe name of the group to delete. Format: groups/

GetGroupRequest

Request message for getting a group.

FieldTypeLabelDescription
namestringThe name of the group to retrieve. Format: groups/

Group

A group of users within the workspace.

FieldTypeLabelDescription
namestringThe name of the group to retrieve. Format: groups/{group}, the group should be email or uuid.
titlestringThe display title of the group.
descriptionstringThe description of the group.
membersGroupMemberrepeatedThe members of the group.
sourcestringThe source system where the group originated (e.g., Entra ID for SCIM sync).
emailstringThe unique email for the group.

GroupMember

A member of a group with a role.

FieldTypeLabelDescription
memberstringMember is the principal who belong to this group.

Format: users/hello@world.com | | role | GroupMember.Role | | The member's role in the group. |

ListGroupsRequest

Request message for listing groups.

FieldTypeLabelDescription
page_sizeint32The maximum number of groups to return. The service may return fewer than this value. If unspecified, at most 10 groups will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListGroups call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListGroups must match the call that provided the page token. | | filter | string | | Filter is used to filter groups returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - title: the group title, support "==" and ".contains()" operator. - email: the group email, support "==" and ".contains()" operator. - project: the project full name in "projects/{id}" format, support "==" operator.

For example: title == "dba" email == "dba@bytebase.com" title.contains("dba") email.contains("dba") project == "projects/sample-project" You can combine filter conditions like: title.contains("dba") || email.contains("dba") |

ListGroupsResponse

Response message for listing groups.

FieldTypeLabelDescription
groupsGrouprepeatedThe groups from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

UpdateGroupRequest

Request message for updating a group.

FieldTypeLabelDescription
groupGroupThe group to update.

The group's name field is used to identify the group to update. Format: groups/{email} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the group is not found, a new group will be created. In this situation, update_mask is ignored. |

GroupMember.Role

The role of a group member.

NameNumberDescription
ROLE_UNSPECIFIED0Unspecified role.
OWNER1Group owner.
MEMBER2Group member.

GroupService

GroupService manages user groups for organizing users and permissions.

Method NameRequest TypeResponse TypeDescription
GetGroupGetGroupRequestGroupGets a group by name. Group members or users with bb.groups.get permission can get the group. Permissions required: bb.groups.get OR caller is the group member
BatchGetGroupsBatchGetGroupsRequestBatchGetGroupsResponseGets multiple groups in a single request. Group members or users with bb.groups.get permission can get the group. Permissions required: bb.groups.get OR caller is the group member
ListGroupsListGroupsRequestListGroupsResponseLists all groups in the workspace. Permissions required: bb.groups.list
CreateGroupCreateGroupRequestGroupCreates a new group. Permissions required: bb.groups.create
UpdateGroupUpdateGroupRequestGroupUpdates a group. Group owners or users with bb.groups.update permission can update. Permissions required: bb.groups.update OR caller is group owner When allow_missing=true, also requires: bb.groups.create
DeleteGroupDeleteGroupRequest.google.protobuf.EmptyDeletes a group. Group owners or users with bb.groups.delete permission can delete. Permissions required: bb.groups.delete OR caller is group owner

Top

v1/idp_service.proto

CreateIdentityProviderRequest

FieldTypeLabelDescription
identity_providerIdentityProviderThe identity provider to create.
identity_provider_idstringThe ID to use for the identity provider, which will become the final component of the identity provider's resource name.

This value should be 4-63 characters, and valid characters are /[a-z][0-9]-/. | | validate_only | bool | | If set to true, the request will be validated without actually creating the identity provider. |

DeleteIdentityProviderRequest

FieldTypeLabelDescription
namestringThe name of the identity provider to delete. Format: idps/

FieldMapping

FieldMapping saves the field names from user info API of identity provider. As we save all raw json string of user info response data into principal.idp_user_info, we can extract the relevant data based with FieldMapping.

FieldTypeLabelDescription
identifierstringIdentifier is the field name of the unique identifier in 3rd-party idp user info. Required.
display_namestringDisplayName is the field name of display name in 3rd-party idp user info. Optional.
phonestringPhone is the field name of primary phone in 3rd-party idp user info. Optional.
groupsstringGroups is the field name of groups in 3rd-party idp user info. Optional. Mainly used for OIDC: https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/

GetIdentityProviderRequest

FieldTypeLabelDescription
namestringThe name of the identity provider to retrieve. Format: idps/

IdentityProvider

FieldTypeLabelDescription
namestringThe name of the identity provider. Format: idps/
titlestringThe display title of the identity provider.
domainstringThe domain for email matching when using this identity provider.
typeIdentityProviderTypeThe type of identity provider protocol.
configIdentityProviderConfigThe configuration details for the identity provider.

IdentityProviderConfig

FieldTypeLabelDescription
oauth2_configOAuth2IdentityProviderConfigOAuth2 protocol configuration.
oidc_configOIDCIdentityProviderConfigOIDC protocol configuration.
ldap_configLDAPIdentityProviderConfigLDAP protocol configuration.

LDAPIdentityProviderConfig

LDAPIdentityProviderConfig is the structure for LDAP identity provider config.

FieldTypeLabelDescription
hoststringHost is the hostname or IP address of the LDAP server, e.g., "ldap.example.com".
portint32Port is the port number of the LDAP server, e.g., 389. When not set, the default port of the corresponding security protocol will be used, i.e. 389 for StartTLS and 636 for LDAPS.
skip_tls_verifyboolSkipTLSVerify controls whether to skip TLS certificate verification.
bind_dnstringBindDN is the DN of the user to bind as a service account to perform search requests.
bind_passwordstringBindPassword is the password of the user to bind as a service account.
base_dnstringBaseDN is the base DN to search for users, e.g., "ou=users,dc=example,dc=com".
user_filterstringUserFilter is the filter to search for users, e.g., "(uid=%s)".
security_protocolLDAPIdentityProviderConfig.SecurityProtocolSecurityProtocol is the security protocol to be used for establishing connections with the LDAP server.
field_mappingFieldMappingFieldMapping is the mapping of the user attributes returned by the LDAP server.

ListIdentityProvidersRequest

FieldTypeLabelDescription
parentstringThe parent workspace whose identity providers should be listed. Format: workspaces/{workspace} When unset, the workspace is resolved from the request context.

ListIdentityProvidersResponse

FieldTypeLabelDescription
identity_providersIdentityProviderrepeatedThe identity providers from the specified request.

OAuth2IdentityProviderConfig

OAuth2IdentityProviderConfig is the structure for OAuth2 identity provider config.

FieldTypeLabelDescription
auth_urlstringThe authorization endpoint URL for OAuth2 flow.
token_urlstringThe token endpoint URL for exchanging authorization code.
user_info_urlstringThe user information endpoint URL.
client_idstringThe OAuth2 client identifier.
client_secretstringThe OAuth2 client secret for authentication.
scopesstringrepeatedThe list of OAuth2 scopes to request.
field_mappingFieldMappingMapping configuration for user attributes from OAuth2 response.
skip_tls_verifyboolWhether to skip TLS certificate verification.
auth_styleOAuth2AuthStyleThe authentication style for client credentials.

OAuth2IdentityProviderTestRequestContext

FieldTypeLabelDescription
codestringAuthorize code from website.

OIDCIdentityProviderConfig

OIDCIdentityProviderConfig is the structure for OIDC identity provider config.

FieldTypeLabelDescription
issuerstringThe OIDC issuer URL for the identity provider.
client_idstringThe OIDC client identifier.
client_secretstringThe OIDC client secret for authentication.
scopesstringrepeatedThe scopes that the OIDC provider supports. Should be fetched from the well-known configuration file of the OIDC provider.
field_mappingFieldMappingMapping configuration for user attributes from OIDC claims.
skip_tls_verifyboolWhether to skip TLS certificate verification.
auth_styleOAuth2AuthStyleThe authentication style for client credentials.
auth_endpointstringThe authorization endpoint of the OIDC provider. Should be fetched from the well-known configuration file of the OIDC provider.

OIDCIdentityProviderTestRequestContext

FieldTypeLabelDescription
codestringAuthorize code from OIDC provider.

TestIdentityProviderRequest

FieldTypeLabelDescription
identity_providerIdentityProviderThe identity provider to test connection including uncreated.
oauth2_contextOAuth2IdentityProviderTestRequestContext
oidc_contextOIDCIdentityProviderTestRequestContextOIDC authentication context for test connection.

TestIdentityProviderResponse

FieldTypeLabelDescription
claimsTestIdentityProviderResponse.ClaimsEntryrepeatedThe map of claims returned by the identity provider.
user_infoTestIdentityProviderResponse.UserInfoEntryrepeatedThe matched user info from the claims.

TestIdentityProviderResponse.ClaimsEntry

FieldTypeLabelDescription
keystring
valuestring

TestIdentityProviderResponse.UserInfoEntry

FieldTypeLabelDescription
keystring
valuestring

UpdateIdentityProviderRequest

FieldTypeLabelDescription
identity_providerIdentityProviderThe identity provider to update.

The identity provider's name field is used to identify the identity provider to update. Format: idps/{identity_provider} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the identity provider is not found, a new identity provider will be created. In this situation, update_mask is ignored. |

IdentityProviderType

NameNumberDescription
IDENTITY_PROVIDER_TYPE_UNSPECIFIED0Unspecified identity provider type.
OAUTH21OAuth 2.0 authentication protocol.
OIDC2OpenID Connect authentication protocol.
LDAP3LDAP directory service authentication.

LDAPIdentityProviderConfig.SecurityProtocol

NameNumberDescription
SECURITY_PROTOCOL_UNSPECIFIED0
START_TLS1StartTLS is the security protocol that starts with an unencrypted connection and then upgrades to TLS.
LDAPS2LDAPS is the security protocol that uses TLS from the beginning.

OAuth2AuthStyle

NameNumberDescription
OAUTH2_AUTH_STYLE_UNSPECIFIED0
IN_PARAMS1IN_PARAMS sends the "client_id" and "client_secret" in the POST body as application/x-www-form-urlencoded parameters.
IN_HEADER2IN_HEADER sends the client_id and client_password using HTTP Basic Authorization. This is an optional style described in the OAuth2 RFC 6749 section 2.3.1.

IdentityProviderService

IdentityProviderService manages external identity providers for SSO authentication.

Method NameRequest TypeResponse TypeDescription
GetIdentityProviderGetIdentityProviderRequestIdentityProviderGets an identity provider by name. Permissions required: bb.identityProviders.get
ListIdentityProvidersListIdentityProvidersRequestListIdentityProvidersResponseLists all configured identity providers (public endpoint for login page). Permissions required: None
CreateIdentityProviderCreateIdentityProviderRequestIdentityProviderCreates a new identity provider. Permissions required: bb.identityProviders.create
UpdateIdentityProviderUpdateIdentityProviderRequestIdentityProviderUpdates an identity provider. Permissions required: bb.identityProviders.update When allow_missing=true, also requires: bb.identityProviders.create
DeleteIdentityProviderDeleteIdentityProviderRequest.google.protobuf.EmptyDeletes an identity provider. Permissions required: bb.identityProviders.delete
TestIdentityProviderTestIdentityProviderRequestTestIdentityProviderResponseTests the connection and configuration of an identity provider. Permissions required: bb.identityProviders.update

Top

v1/org_policy_service.proto

CreatePolicyRequest

FieldTypeLabelDescription
parentstringThe parent resource where this instance will be created. Workspace resource name: workspaces/{workspace-id}. Environment resource name: environments/environment-id. Instance resource name: instances/instance-id. Database resource name: instances/instance-id/databases/database-name.
policyPolicyThe policy to create.
typePolicyTypeThe type of policy to create.

DeletePolicyRequest

FieldTypeLabelDescription
namestringThe policy's name field is used to identify the instance to update. Format: {resource name}/policies/{policy type} Workspace resource name: workspaces/{workspace-id}. Environment resource name: environments/environment-id. Instance resource name: instances/instance-id. Database resource name: instances/instance-id/databases/database-name.

GetPolicyRequest

FieldTypeLabelDescription
namestringThe name of the policy to retrieve. Format: {resource type}/{resource id}/policies/

ListPoliciesRequest

FieldTypeLabelDescription
parentstringThe parent, which owns this collection of policies. Format: {resource type}/
policy_typePolicyTypeoptionalFilter by specific policy type.
show_deletedboolShow deleted policies if specified.

ListPoliciesResponse

FieldTypeLabelDescription
policiesPolicyrepeatedThe policies from the specified request.

MaskingExemptionPolicy

MaskingExemptionPolicy is the allowlist of users who can access sensitive data.

FieldTypeLabelDescription
exemptionsMaskingExemptionPolicy.Exemptionrepeated

MaskingExemptionPolicy.Exemption

FieldTypeLabelDescription
membersstringrepeatedSpecifies the principals who are exempt from masking. For users, the member should be: user:{email} For groups, the member should be: group:{email} For service accounts, the member should be: serviceAccount:{email} For workload identities, the member should be: workloadIdentity:
conditiongoogle.type.ExprThe condition that is associated with this exception policy instance. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec If the condition is empty, means the user can access all databases without expiration.

Support variables: resource.instance_id: the instance resource id. Only support "==" operation. resource.database_name: the database name. Only support "==" operation. resource.schema_name: the schema name. Only support "==" operation. resource.table_name: the table name. Only support "==" operation. resource.column_name: the column name. Only support "==" operation. request.time: the expiration. Only support "<" operation in request.time &lt; timestamp(&#34;{ISO datetime string format}&#34;) All variables should join with "&&" condition.

For example: resource.instance_id == "local" && resource.database_name == "employee" && request.time < timestamp("2025-04-30T11:10:39.000Z") resource.instance_id == "local" && resource.database_name == "employee" |

MaskingRulePolicy

Policy for configuring data masking rules.

FieldTypeLabelDescription
rulesMaskingRulePolicy.MaskingRulerepeatedThe list of masking rules.

MaskingRulePolicy.MaskingRule

A rule that defines when and how to mask data.

FieldTypeLabelDescription
idstringA unique identifier for the rule in UUID format.
conditiongoogle.type.ExprThe condition for the masking rule. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Support variables: resource.environment_id: the environment resource id. resource.project_id: the project resource id. resource.instance_id: the instance resource id. resource.database_name: the database name. resource.table_name: the table name. resource.column_name: the column name. resource.classification_level: the classification level (integer).

Each variable support following operations: ==: the value equals the target. !=: the value not equals the target. in: the value matches one of the targets. !(in): the value not matches any of the targets. <, <=, >, >=: numeric comparison (classification_level only).

For example: resource.environment_id == "test" && resource.project_id == "sample-project" resource.instance_id == "sample-instance" && resource.database_name == "employee" && resource.table_name in ["table1", "table2"] resource.environment_id != "test" || !(resource.project_id in ["poject1", "prject2"]) resource.instance_id == "sample-instance" && (resource.database_name == "db1" || resource.database_name == "db2") | | semantic_type | string | | The semantic type of data to mask (e.g., "SSN", "EMAIL"). |

Policy

FieldTypeLabelDescription
namestringThe name of the policy. Format: {resource name}/policies/{policy type} Workspace resource name: workspaces/{workspace-id}. Environment resource name: environments/environment-id. Instance resource name: instances/instance-id. Database resource name: instances/instance-id/databases/database-name.
inherit_from_parentboolWhether this policy inherits from its parent resource.
typePolicyTypeThe type of policy.
rollout_policyRolloutPolicy
masking_rule_policyMaskingRulePolicy
masking_exemption_policyMaskingExemptionPolicy
tag_policyTagPolicy
query_data_policyQueryDataPolicy
enforceboolWhether the policy is enforced.
resource_typePolicyResourceTypeThe resource type for the policy.

QueryDataPolicy

QueryDataPolicy is the policy configuration for querying data in the SQL Editor.

FieldTypeLabelDescription
maximum_result_rowsint32Support both project-level and workspace-level. The maximum number of rows to return in the SQL editor. The default value <= 0, means no limit.
disable_exportboolworkspace-level policy Disable data export in the SQL editor.
disable_copy_databoolworkspace-level policy Disable copying query results in the SQL editor.
allow_admin_data_sourceboolworkspace-level policy Allow using the admin data source to query in the SQL editor. If true, users can select the admin data source or read-only data source If false, 1. when read-only data source is configured, users're force to use the read-only data source 2. otherwise fallback to use the admin data source.

RolloutPolicy

Rollout policy configuration.

FieldTypeLabelDescription
automaticboolWhether rollout is automatic without manual approval.
rolesstringrepeatedThe roles that can approve rollout execution.

TagPolicy

Policy for tagging resources with metadata.

FieldTypeLabelDescription
tagsTagPolicy.TagsEntryrepeatedtags is the key - value map for resources. for example, the environment resource can have the sql review config tag, like "bb.tag.review_config": "reviewConfigs/{review config resource id}"

TagPolicy.TagsEntry

FieldTypeLabelDescription
keystring
valuestring

UpdatePolicyRequest

FieldTypeLabelDescription
policyPolicyThe policy to update.

The policy's name field is used to identify the instance to update. Format: {resource name}/policies/{policy type} Workspace resource name: workspaces/{workspace-id}. Environment resource name: environments/environment-id. Instance resource name: instances/instance-id. Database resource name: instances/instance-id/databases/database-name. | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the policy is not found, a new policy will be created. In this situation, update_mask is ignored. |

PolicyResourceType

The resource type that a policy can be attached to.

NameNumberDescription
RESOURCE_TYPE_UNSPECIFIED0Unspecified resource type.
WORKSPACE1Workspace-level policy.
ENVIRONMENT2Environment-level policy.
PROJECT3Project-level policy.

PolicyType

The type of organizational policy.

NameNumberDescription
POLICY_TYPE_UNSPECIFIED0Unspecified policy type.
MASKING_RULE1Data masking rule policy.
MASKING_EXEMPTION2Data masking exemption policy.
ROLLOUT_POLICY3Rollout deployment policy.
TAG4Resource tag policy.
DATA_QUERY6Query data access policy.

OrgPolicyService

OrgPolicyService manages organizational policies at various resource levels.

Method NameRequest TypeResponse TypeDescription
GetPolicyGetPolicyRequestPolicyRetrieves a policy by name. Permissions required: bb.policies.get
ListPoliciesListPoliciesRequestListPoliciesResponseLists policies at a specified resource level. Permissions required: bb.policies.list
CreatePolicyCreatePolicyRequestPolicyCreates a new organizational policy. Permissions required: bb.policies.create
UpdatePolicyUpdatePolicyRequestPolicyUpdates an existing organizational policy. Permissions required: bb.policies.update
DeletePolicyDeletePolicyRequest.google.protobuf.EmptyDeletes an organizational policy. Permissions required: bb.policies.delete

Top

v1/rollout_service.proto

BatchCancelTaskRunsRequest

FieldTypeLabelDescription
parentstringThe task name for the taskRuns. Format: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task} Use projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/- to cancel task runs under the same stage.
task_runsstringrepeatedThe taskRuns to cancel. Format: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/

BatchCancelTaskRunsResponse

BatchRunTasksRequest

FieldTypeLabelDescription
parentstringThe stage name for the tasks. Format: projects/{project}/plans/{plan}/rollout/stages/
tasksstringrepeatedThe tasks to run. Format: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/
run_timegoogle.protobuf.TimestampoptionalThe task run should run after run_time.
skip_prior_backupboolIf true, skip prior backup for this run even if the task has prior backup enabled.

BatchRunTasksResponse

BatchSkipTasksRequest

FieldTypeLabelDescription
parentstringThe stage name for the tasks. Format: projects/{project}/plans/{plan}/rollout/stages/
tasksstringrepeatedThe tasks to skip. Format: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/
reasonstringThe reason for skipping the tasks.

BatchSkipTasksResponse

CreateRolloutRequest

FieldTypeLabelDescription
parentstringThe parent plan for which this rollout will be created. Format: projects/{project}/plans/
targetstringoptionalCreate the rollout only for the specified target. Format: environments/{environment} If unspecified, all stages are created. If set to "", no stages are created.

GetRolloutRequest

FieldTypeLabelDescription
namestringThe name of the rollout to retrieve. This is the rollout resource name, which is the plan name plus /rollout suffix. Format: projects/{project}/plans/{plan}/rollout

GetTaskRunLogRequest

FieldTypeLabelDescription
parentstringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/

GetTaskRunRequest

FieldTypeLabelDescription
namestringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/

GetTaskRunSessionRequest

FieldTypeLabelDescription
parentstringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/

ListRolloutsRequest

FieldTypeLabelDescription
parentstringThe parent, which owns this collection of rollouts. Format: projects/{project} Use "projects/-" to list all rollouts from all projects.
page_sizeint32The maximum number of rollouts to return. The service may return fewer than this value. If unspecified, at most 10 rollouts will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListRollouts call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListRollouts must match the call that provided the page token. | | filter | string | | Filter is used to filter rollouts returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filters: - update_time: rollout update time in "2006-01-02T15:04:05Z07:00" format, support ">=" or "<=" operator. - task_type: the task type, support "in" operator, check the Task.Type enum for the values.

For example: update_time >= "2025-01-02T15:04:05Z07:00" task_type in ["DATABASE_MIGRATE", "DATABASE_EXPORT"] |

ListRolloutsResponse

FieldTypeLabelDescription
rolloutsRolloutrepeatedThe rollouts from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

ListTaskRunsRequest

FieldTypeLabelDescription
parentstringThe parent, which owns this collection of taskRuns. Format: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task} Use "projects/{project}/plans/{plan}/rollout/stages/-/tasks/-" to list all taskRuns from a rollout.

ListTaskRunsResponse

FieldTypeLabelDescription
task_runsTaskRunrepeatedThe taskRuns from the specified request.

PreviewTaskRunRollbackRequest

FieldTypeLabelDescription
namestringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/

PreviewTaskRunRollbackResponse

FieldTypeLabelDescription
statementstringThe rollback SQL statement that would undo the task run.

Rollout

FieldTypeLabelDescription
namestringThe resource name of the rollout. Format: projects/{project}/plans/{plan}/rollout
titlestringThe title of the rollout, inherited from the associated plan. This field is output only and cannot be directly set.
stagesStagerepeatedStages and thus tasks of the rollout.
create_timegoogle.protobuf.Timestamp
update_timegoogle.protobuf.Timestamp

Stage

FieldTypeLabelDescription
namestringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage} Use "-" for {stage} when the stage has no environment or deleted environment.
idstringid is the environment id of the stage. e.g., "prod". Use "-" when the stage has no environment or deleted environment.
environmentstringenvironment is the environment of the stage. Format: environments/{environment} for valid environments, or "environments/-" for stages without environment or with deleted environments.
tasksTaskrepeatedThe tasks within this stage.

Task

FieldTypeLabelDescription
namestringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/
spec_idstringA UUID4 string that uniquely identifies the Spec.
statusTask.StatusStatus is the status of the task.
skipped_reasonstringThe reason why the task was skipped.
typeTask.Type
targetstringFormat: instances/{instance} if the task is DatabaseCreate. Format: instances/{instance}/databases/
database_createTask.DatabaseCreate
database_updateTask.DatabaseUpdate
database_data_exportTask.DatabaseDataExport
update_timegoogle.protobuf.TimestampoptionalThe update_time is the update time of latest task run. If there are no task runs, it will be empty.
run_timegoogle.protobuf.TimestampoptionalThe run_time is the scheduled run time of latest task run. If there are no task runs or the task run is not scheduled, it will be empty.

Task.DatabaseCreate

Payload for creating a new database.

FieldTypeLabelDescription
sheetstringFormat: projects/{project}/sheets/

Task.DatabaseDataExport

Payload for exporting database data.

FieldTypeLabelDescription
sheetstringThe resource name of the sheet. Format: projects/{project}/sheets/

Task.DatabaseUpdate

Payload for updating a database schema.

FieldTypeLabelDescription
sheetstringFormat: projects/{project}/sheets/
releasestringFormat: projects/{project}/releases/

TaskRun

FieldTypeLabelDescription
namestringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/
creatorstringFormat: users/hello@world.com
create_timegoogle.protobuf.Timestamp
update_timegoogle.protobuf.Timestamp
statusTaskRun.StatusThe current execution status of the task run.
detailstringBelow are the results of a task run. Detailed information about the task run result.
start_timegoogle.protobuf.TimestampThe time when the task run started execution.
export_archive_statusTaskRun.ExportArchiveStatusThe export archive status for data export tasks.
has_prior_backupboolIndicates whether a prior backup was created for this task run. When true, rollback SQL can be generated via PreviewTaskRunRollback. Backup details are available in the task run logs.
scheduler_infoTaskRun.SchedulerInfoScheduling information about the task run.
run_timegoogle.protobuf.TimestampoptionalThe task run should run after run_time. This can only be set when creating the task run calling BatchRunTasks.

TaskRun.SchedulerInfo

Information about task run scheduling.

FieldTypeLabelDescription
report_timegoogle.protobuf.TimestampThe time when the scheduling info was reported.
waiting_causeTaskRun.SchedulerInfo.WaitingCauseThe cause for the task run waiting.

TaskRun.SchedulerInfo.WaitingCause

Information about why a task run is waiting.

FieldTypeLabelDescription
parallel_tasks_limitboolWaiting due to parallel tasks limit.
maintenance_windowTaskRun.SchedulerInfo.WaitingCause.MaintenanceWindow[Argus P0-5 G2] Waiting for the next maintenance window. The pending scheduler auto-promotes the task on the next window opening. See docs/modules/preflight-checklist.md §5.2.
emergency_pauseTaskRun.SchedulerInfo.WaitingCause.EmergencyPause[Argus P1-4 G4] Held by the workspace emergency kill-switch. No auto-resume — an admin must Clear the pause explicitly. See docs/modules/monitoring-bridge.md §5.

TaskRun.SchedulerInfo.WaitingCause.EmergencyPause

FieldTypeLabelDescription
reasonstringFree-form reason captured at pause time.
set_bystringlogin_id of the admin who set the kill-switch.

TaskRun.SchedulerInfo.WaitingCause.MaintenanceWindow

FieldTypeLabelDescription
rule_namestringRule whose window the task is waiting for.
next_window_start_unixint64Unix timestamp (seconds) when the next window opens.

TaskRunLog

FieldTypeLabelDescription
namestringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/{taskRun}/log
entriesTaskRunLogEntryrepeatedThe log entries for this task run.

TaskRunLogEntry

FieldTypeLabelDescription
typeTaskRunLogEntry.TypeThe type of this log entry.
log_timegoogle.protobuf.TimestampThe time when the log was recorded.
replica_idstringThe replica ID for this log entry.
schema_dumpTaskRunLogEntry.SchemaDumpSchema dump details (if type is SCHEMA_DUMP).
command_executeTaskRunLogEntry.CommandExecuteCommand execution details (if type is COMMAND_EXECUTE).
database_syncTaskRunLogEntry.DatabaseSyncDatabase sync details (if type is DATABASE_SYNC).
transaction_controlTaskRunLogEntry.TransactionControlTransaction control details (if type is TRANSACTION_CONTROL).
prior_backupTaskRunLogEntry.PriorBackupPrior backup details (if type is PRIOR_BACKUP).
retry_infoTaskRunLogEntry.RetryInfoRetry information details (if type is RETRY_INFO).
compute_diffTaskRunLogEntry.ComputeDiffCompute diff details (if type is COMPUTE_DIFF).
release_file_executeTaskRunLogEntry.ReleaseFileExecuteRelease file execution details (if type is RELEASE_FILE_EXECUTE).

TaskRunLogEntry.CommandExecute

Command execution details.

FieldTypeLabelDescription
log_timegoogle.protobuf.TimestampWhen the command was logged.
rangeRangeThe byte offset range of the executed command in the sheet. Uses byte offsets (not character indices) for efficient slicing of sheet content bytes. Example: For "SELECT 你好;" in a UTF-8 sheet, range [0, 13) represents all 13 bytes.
statementstringThe executed statement.
responseTaskRunLogEntry.CommandExecute.CommandResponseThe response from executing the command.

TaskRunLogEntry.CommandExecute.CommandResponse

Command execution response.

FieldTypeLabelDescription
log_timegoogle.protobuf.TimestampWhen the response was logged.
errorstringError message if command execution failed.
affected_rowsint64Total affected rows.
all_affected_rowsint64repeatedall_affected_rows is the affected rows of each command. all_affected_rows may be unavailable if the database driver doesn't support it. Caller should fallback to affected_rows in that case.

TaskRunLogEntry.ComputeDiff

Schema diff computation details.

FieldTypeLabelDescription
start_timegoogle.protobuf.TimestampWhen diff computation started.
end_timegoogle.protobuf.TimestampWhen diff computation ended.
errorstringError message if computation failed.

TaskRunLogEntry.DatabaseSync

Database synchronization details.

FieldTypeLabelDescription
start_timegoogle.protobuf.TimestampWhen the database sync started.
end_timegoogle.protobuf.TimestampWhen the database sync ended.
errorstringError message if sync failed.

TaskRunLogEntry.PriorBackup

Prior backup operation details.

FieldTypeLabelDescription
start_timegoogle.protobuf.TimestampWhen the backup started.
end_timegoogle.protobuf.TimestampWhen the backup ended.
prior_backup_detailTaskRunLogEntry.PriorBackup.PriorBackupDetailThe backup details.
errorstringError message if the backup failed.

TaskRunLogEntry.PriorBackup.PriorBackupDetail

Prior backup detail for rollback purposes.

FieldTypeLabelDescription
itemsTaskRunLogEntry.PriorBackup.PriorBackupDetail.ItemrepeatedThe list of backed up tables.

TaskRunLogEntry.PriorBackup.PriorBackupDetail.Item

A single backup table mapping.

FieldTypeLabelDescription
source_tableTaskRunLogEntry.PriorBackup.PriorBackupDetail.Item.TableThe original table information.
target_tableTaskRunLogEntry.PriorBackup.PriorBackupDetail.Item.TableThe target backup table information.
start_positionPositionThe start position in the SQL statement.
end_positionPositionThe end position in the SQL statement.

TaskRunLogEntry.PriorBackup.PriorBackupDetail.Item.Table

Table information.

FieldTypeLabelDescription
databasestringThe database information. Format: instances/{instance}/databases/
schemastringThe schema name.
tablestringThe table name.

TaskRunLogEntry.ReleaseFileExecute

Release file execution details.

FieldTypeLabelDescription
versionstringThe version of the file being executed (e.g., "0001").
file_pathstringThe file path within the release (e.g., "2.2/V0001_create_table.sql").

TaskRunLogEntry.RetryInfo

Retry information for failed operations.

FieldTypeLabelDescription
errorstringThe error that triggered the retry.
retry_countint32Current retry attempt number.
maximum_retriesint32Maximum number of retries allowed.

TaskRunLogEntry.SchemaDump

Schema dump operation details.

FieldTypeLabelDescription
start_timegoogle.protobuf.TimestampWhen the schema dump started.
end_timegoogle.protobuf.TimestampWhen the schema dump ended.
errorstringError message if the schema dump failed.

TaskRunLogEntry.TransactionControl

Transaction control operation details.

FieldTypeLabelDescription
typeTaskRunLogEntry.TransactionControl.TypeThe type of transaction control.
errorstringError message if the operation failed.

TaskRunSession

FieldTypeLabelDescription
namestringFormat: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/{taskRun}/session
postgresTaskRunSession.PostgresPostgreSQL session information.

TaskRunSession.Postgres

PostgreSQL session information.

FieldTypeLabelDescription
sessionTaskRunSession.Postgres.Sessionsession is the session of the task run executing commands.
blocking_sessionsTaskRunSession.Postgres.Sessionrepeatedblocking_sessions block session.
blocked_sessionsTaskRunSession.Postgres.Sessionrepeatedblocked_sessions are blocked by session.

TaskRunSession.Postgres.Session

PostgreSQL session information read from pg_stat_activity.

FieldTypeLabelDescription
pidstringProcess ID of the session.
blocked_by_pidsstringrepeatedPIDs of sessions blocking this session.
querystringCurrent query being executed.
statestringoptionalSession state (active, idle, etc.).
wait_event_typestringoptionalWait event type if session is waiting.
wait_eventstringoptionalSpecific wait event if session is waiting.
datnamestringoptionalDatabase name.
usenamestringoptionalUser name.
application_namestringApplication name.
client_addrstringoptionalClient IP address.
client_portstringoptionalClient port number.
backend_startgoogle.protobuf.TimestampWhen the backend process started.
xact_startgoogle.protobuf.TimestampoptionalWhen the current transaction started.
query_startgoogle.protobuf.TimestampoptionalWhen the current query started.

Task.Status

NameNumberDescription
STATUS_UNSPECIFIED0Unspecified status.
NOT_STARTED1Task has not started and is awaiting its turn in the deployment sequence.
PENDING2Task is ready to run and waiting for approval or scheduled time.
RUNNING3Task is currently executing.
DONE4Task completed successfully.
FAILED5Task execution failed with errors.
CANCELED6Task execution was canceled by a user.
SKIPPED7Task was skipped and will not be executed.

Task.Type

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified task type.
GENERAL1General task for miscellaneous operations.
DATABASE_CREATE2Database creation task that creates a new database. Use payload DatabaseCreate.
DATABASE_MIGRATE3Database migration task that applies versioned schema changes. Use payload DatabaseUpdate.
DATABASE_EXPORT4Database export task that exports query results or table data. Use payload DatabaseDataExport.

TaskRun.ExportArchiveStatus

NameNumberDescription
EXPORT_ARCHIVE_STATUS_UNSPECIFIED0Unspecified export archive status.
READY1Export archive is ready for download.
EXPORTED2Export archive has been downloaded by the user.

TaskRun.Status

NameNumberDescription
STATUS_UNSPECIFIED0Unspecified status.
PENDING1Task run is queued and waiting to start execution.
RUNNING2Task run is currently executing.
DONE3Task run completed successfully.
FAILED4Task run execution failed with errors.
CANCELED5Task run execution was canceled by a user.
AVAILABLE6Task run is ready for immediate execution.

TaskRunLogEntry.TransactionControl.Type

Transaction control type.

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified type.
BEGIN1Begin transaction.
COMMIT2Commit transaction.
ROLLBACK3Rollback transaction.

TaskRunLogEntry.Type

The type of log entry.

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified type.
SCHEMA_DUMP1Schema dump operation.
COMMAND_EXECUTE2Command execution.
DATABASE_SYNC3Database synchronization.
TRANSACTION_CONTROL5Transaction control (BEGIN, COMMIT, ROLLBACK).
PRIOR_BACKUP6Prior backup operation.
RETRY_INFO7Retry information.
COMPUTE_DIFF8Schema diff computation.
RELEASE_FILE_EXECUTE9Release file execution.

RolloutService

RolloutService manages the execution of deployment plans.

Method NameRequest TypeResponse TypeDescription
GetRolloutGetRolloutRequestRolloutRetrieves a rollout by its plan name. Permissions required: bb.rollouts.get
ListRolloutsListRolloutsRequestListRolloutsResponseLists rollouts in a project. Permissions required: bb.rollouts.list
CreateRolloutCreateRolloutRequestRolloutCreates a new rollout for a plan. Permissions required: bb.rollouts.create (or issue creator for data export issues)
ListTaskRunsListTaskRunsRequestListTaskRunsResponseLists task run executions for a task. Permissions required: bb.taskRuns.list
GetTaskRunGetTaskRunRequestTaskRunRetrieves a task run by name. Permissions required: bb.taskRuns.list
GetTaskRunLogGetTaskRunLogRequestTaskRunLogRetrieves execution logs for a task run. Permissions required: bb.taskRuns.list
GetTaskRunSessionGetTaskRunSessionRequestTaskRunSessionRetrieves database session information for a running task. Permissions required: bb.taskRuns.list
BatchRunTasksBatchRunTasksRequestBatchRunTasksResponseExecutes multiple tasks in a rollout stage. Permissions required: bb.taskRuns.create (or issue creator for data export issues, or user with rollout policy role for the environment)
BatchSkipTasksBatchSkipTasksRequestBatchSkipTasksResponseSkips multiple tasks in a rollout stage. Permissions required: bb.taskRuns.create (or issue creator for data export issues, or user with rollout policy role for the environment)
BatchCancelTaskRunsBatchCancelTaskRunsRequestBatchCancelTaskRunsResponseCancels multiple running task executions. Permissions required: bb.taskRuns.create (or issue creator for data export issues, or user with rollout policy role for the environment)
PreviewTaskRunRollbackPreviewTaskRunRollbackRequestPreviewTaskRunRollbackResponseGenerates rollback SQL for a completed task run. Permissions required: bb.taskRuns.list

Top

v1/sql_service.proto

AICompletionRequest

FieldTypeLabelDescription
messagesAICompletionRequest.Messagerepeated

AICompletionRequest.Message

FieldTypeLabelDescription
rolestring
contentstring

AICompletionResponse

FieldTypeLabelDescription
candidatesAICompletionResponse.Candidaterepeatedcandidates is used for results with multiple choices and candidates. Used for OpenAI and Gemini.

AICompletionResponse.Candidate

FieldTypeLabelDescription
contentAICompletionResponse.Candidate.Content

AICompletionResponse.Candidate.Content

FieldTypeLabelDescription
partsAICompletionResponse.Candidate.Content.Partrepeatedparts is used for a result content with multiple parts.

AICompletionResponse.Candidate.Content.Part

FieldTypeLabelDescription
textstring

AdminExecuteRequest

FieldTypeLabelDescription
namestringThe name is the instance name to execute the query against. Format: instances/{instance}/databases/
statementstringThe SQL statement to execute.
limitint32The maximum number of rows to return.
schemastringoptionalThe default schema to execute the statement. Equals to the current schema in Oracle and search path in Postgres.
containerstringoptionalContainer is the container name to execute the query against, used for CosmosDB only.

AdminExecuteResponse

FieldTypeLabelDescription
resultsQueryResultrepeatedThe query results.

Advice

FieldTypeLabelDescription
statusAdvice.LevelThe advice level.
codeint32The advice code.
titlestringThe advice title.
contentstringThe advice content.
start_positionPositionThe start_position is inclusive and the end_position is exclusive. TODO: use range instead
end_positionPosition
rule_typeAdvice.RuleTypeThe type of linting rule that generated this advice.

DiffMetadataRequest

FieldTypeLabelDescription
source_metadataDatabaseMetadataThe metadata of the source schema.
target_metadataDatabaseMetadataThe metadata of the target schema.
engineEngineThe database engine of the schema.

DiffMetadataResponse

FieldTypeLabelDescription
diffstringThe diff of the metadata.

ExportRequest

FieldTypeLabelDescription
namestringThe name is the resource name to execute the export against. Format: instances/{instance}/databases/{database} Format: instances/{instance} Format: projects/{project}/plans/{plan}/rollout Format: projects/{project}/plans/{plan}/rollout/stages/
statementstringThe SQL statement to execute.
limitint32The maximum number of rows to return.
formatExportFormatThe export format.
adminboolThe admin is used for workspace owner and DBA for exporting data from SQL Editor Admin mode. The exported data is not masked.
passwordstringThe zip password provide by users.
data_source_idstringThe id of data source. If omitted, Export resolves the data source server-side by using the single read-only data source when exactly one exists, or the admin data source otherwise. It can also be set explicitly to export from the admin data source or a specific read-only data source.
schemastringoptionalThe default schema to search objects. Equals to the current schema in Oracle and search path in Postgres.

ExportResponse

FieldTypeLabelDescription
contentbytesThe export file content.

MaskingReason

FieldTypeLabelDescription
semantic_type_idstringThe semantic type that triggered masking (e.g., "SSN", "email", "phone").
semantic_type_titlestringHuman-readable semantic type title.
masking_rule_idstringThe masking rule ID that matched (if applicable).
algorithmstringThe masking algorithm used.
contextstringAdditional context (e.g., "Matched global rule: PII Protection").
classification_levelint32The classification level that triggered masking.
semantic_type_iconstringIcon associated with the semantic type (if any).

QueryHistory

FieldTypeLabelDescription
namestringThe name for the query history. Format: projects/{project}/queryHistories/
databasestringThe database name to execute the query. Format: instances/{instance}/databases/
creatorstring
create_timegoogle.protobuf.Timestamp
statementstring
errorstringoptional
durationgoogle.protobuf.Duration
typeQueryHistory.Type

QueryOption

FieldTypeLabelDescription
redis_run_commands_onQueryOption.RedisRunCommandsOn
mssql_explain_formatQueryOption.MSSQLExplainFormat

QueryRequest

FieldTypeLabelDescription
namestringThe name is the instance name to execute the query against. Format: instances/{instance}/databases/
statementstringThe SQL statement to execute.
limitint32The maximum number of rows to return.
data_source_idstringThe id of data source. If omitted, Query resolves the data source server-side by using the single read-only data source when exactly one exists, or the admin data source otherwise. It can also be set explicitly to query the admin data source or a specific read-only data source.
explainboolExplain the statement.
schemastringoptionalThe default schema to search objects. Equals to the current schema in Oracle and search path in Postgres.
query_optionQueryOption
containerstringoptionalContainer is the container name to execute the query against, used for CosmosDB only.

QueryResponse

FieldTypeLabelDescription
resultsQueryResultrepeatedThe query results.

QueryResult

FieldTypeLabelDescription
column_namesstringrepeatedColumn names of the query result.
column_type_namesstringrepeatedColumn types of the query result. The types come from the Golang SQL driver.
rowsQueryRowrepeatedRows of the query result.
rows_countint64
errorstringThe error message if the query failed.
latencygoogle.protobuf.DurationThe time it takes to execute the query.
statementstringThe query statement for the result.
postgres_errorQueryResult.PostgresError
syntax_errorQueryResult.SyntaxError
permission_deniedPermissionDeniedDetail
command_errorQueryResult.CommandError
messagesQueryResult.MessagerepeatedInformational or debug messages returned by the database engine during query execution. Examples include PostgreSQL's RAISE NOTICE, MSSQL's PRINT, or Oracle's DBMS_OUTPUT.PUT_LINE.
maskedMaskingReasonrepeatedMasking reasons for each column (empty for non-masked columns).

QueryResult.CommandError

Permission denied with resource information or disallowed command_type. Either resources or command_type is available.

FieldTypeLabelDescription
command_typeQueryResult.CommandError.TypeDisallowed command_type.

QueryResult.Message

FieldTypeLabelDescription
levelQueryResult.Message.Level
contentstring

QueryResult.PostgresError

refer https://www.postgresql.org/docs/11/protocol-error-fields.html for field description.

FieldTypeLabelDescription
severitystring
codestring
messagestring
detailstring
hintstring
positionint32
internal_positionint32
internal_querystring
wherestring
schema_namestring
table_namestring
column_namestring
data_type_namestring
constraint_namestring
filestring
lineint32
routinestring

QueryResult.SyntaxError

Syntax error with position information for editor highlighting

FieldTypeLabelDescription
start_positionPositionPosition information for highlighting in editor

QueryRow

FieldTypeLabelDescription
valuesRowValuerepeatedRow values of the query result.

RowValue

FieldTypeLabelDescription
null_valuegoogle.protobuf.NullValue
bool_valuebool
bytes_valuebytes
double_valuedouble
float_valuefloat
int32_valueint32
int64_valueint64
string_valuestring
uint32_valueuint32
uint64_valueuint64
value_valuegoogle.protobuf.Valuevalue_value is used for Spanner and TUPLE ARRAY MAP in Clickhouse only.
timestamp_valueRowValue.Timestamptimestamp_value is used for the timestamp without time zone data type, meaning it only includes the timestamp without any time zone or location info. Although it may be expressed as a UTC value, it should be seen as a timestamp missing location context.
timestamp_tz_valueRowValue.TimestampTZtimestamp_tz_value is used for the timestamptz data type, which accurately represents the timestamp with location information.

RowValue.Timestamp

FieldTypeLabelDescription
google_timestampgoogle.protobuf.Timestamp
accuracyint32The accuracy is the number of digits after the decimal point.

RowValue.TimestampTZ

FieldTypeLabelDescription
google_timestampgoogle.protobuf.Timestamp
zonestringZone is the time zone abbreviations in timezone database such as "PDT", "PST". https://en.wikipedia.org/wiki/List_of_tz_database_time_zones We retrieve the time zone information from the timestamptz field in the database. A timestamp is in UTC or epoch time, and with zone info, we can convert it to a local time string. Zone and offset are returned by time.Time.Zone()
offsetint32The offset is in seconds east of UTC
accuracyint32

SearchQueryHistoriesRequest

FieldTypeLabelDescription
page_sizeint32The maximum number of histories to return. The service may return fewer than this value. If unspecified, at most 10 history entries will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListQueryHistory call. Provide this to retrieve the subsequent page.
filterstringFilter is the filter to apply on the search query history The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - project: the project full name in "projects/{id}" format, support "==" operator. - database: the database full name in "instances/{id}/databases/{name}" format, support "==" operator. - instance: the instance full name in "instances/{id}" format, support "==" operator. - type: the type, should be "QUERY" or "EXPORT", support "==" operator. - statement: the SQL statement, support ".contains()" operator.

For example: project == "projects/{project}" database == "instances/{instance}/databases/{database}" instance == "instances/{instance}" type == "QUERY" type == "EXPORT" statement.contains("select") type == "QUERY" && statement.contains("select") |

SearchQueryHistoriesResponse

FieldTypeLabelDescription
query_historiesQueryHistoryrepeatedThe list of history.
next_page_tokenstringA token to retrieve next page of history. Pass this value in the page_token field in the subsequent call to ListQueryHistory method to retrieve the next page of history.

Advice.Level

Level represents the severity level of the advice.

NameNumberDescription
ADVICE_LEVEL_UNSPECIFIED0Unspecified advice level.
SUCCESS1Success status indicating the check passed without issues.
WARNING2Warning status indicating potential issues that should be reviewed.
ERROR3Error status indicating critical issues that must be addressed.

Advice.RuleType

RuleType indicates the source of the linting rule.

NameNumberDescription
RULE_TYPE_UNSPECIFIED0Unspecified rule type.
PARSER_BASED1Parser-based rule enforced by the built-in SQL parser. These are non-configurable, mandatory checks for schema health.
AI_POWERED2AI-powered rule defined by user in natural language. These are custom, flexible checks powered by AI models.

QueryHistory.Type

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified query history type.
QUERY1Query execution for data retrieval.
EXPORT2Data export operation to file.

QueryOption.MSSQLExplainFormat

NameNumberDescription
MSSQL_EXPLAIN_FORMAT_UNSPECIFIED0defaults to SHOWPLAN_ALL
MSSQL_EXPLAIN_FORMAT_ALL1SHOWPLAN_ALL
MSSQL_EXPLAIN_FORMAT_XML2SHOWPLAN_XML

QueryOption.RedisRunCommandsOn

NameNumberDescription
REDIS_RUN_COMMANDS_ON_UNSPECIFIED0UNSPECIFIED defaults to SINGLE_NODE.
SINGLE_NODE1Execute Redis commands on a single node in the cluster.
ALL_NODES2Execute Redis commands on all nodes in the cluster for cluster-wide operations.

QueryResult.CommandError.Type

NameNumberDescription
TYPE_UNSPECIFIED0
DDL1
DML2
NON_READ_ONLY3

QueryResult.Message.Level

NameNumberDescription
LEVEL_UNSPECIFIED0Unspecified message level.
INFO1Informational message.
WARNING2Warning message indicating potential issues.
DEBUG3Debug message for development and troubleshooting.
LOG4General log message.
NOTICE5Notice message for important information.
EXCEPTION6Exception message indicating error conditions.

SQLService

SQLService executes SQL queries and manages query operations.

Method NameRequest TypeResponse TypeDescription
QueryQueryRequestQueryResponseExecutes a read-only SQL query against a database. Permissions required: bb.databases.get
AdminExecuteAdminExecuteRequest streamAdminExecuteResponse streamExecutes SQL with admin privileges via streaming connection. Permissions required: bb.sql.admin
SearchQueryHistoriesSearchQueryHistoriesRequestSearchQueryHistoriesResponseSearchQueryHistories searches query histories for the caller. Permissions required: None (only returns caller's own query histories)
ExportExportRequestExportResponseExports query results to a file format. Permissions required: bb.databases.get
DiffMetadataDiffMetadataRequestDiffMetadataResponseComputes schema differences between two database metadata. Permissions required: None
AICompletionAICompletionRequestAICompletionResponseProvides AI-powered SQL completion and generation. Permissions required: None (authenticated users only, requires AI to be enabled)

Top

v1/plan_service.proto

CancelPlanCheckRunRequest

FieldTypeLabelDescription
namestringThe name of the plan check run to cancel. Format: projects/{project}/plans/{plan}/planCheckRun

CancelPlanCheckRunResponse

CreatePlanRequest

FieldTypeLabelDescription
parentstringThe parent project where this plan will be created. Format: projects/
planPlanThe plan to create.

GetPlanCheckRunRequest

FieldTypeLabelDescription
namestringThe name of the plan check run to retrieve. Format: projects/{project}/plans/{plan}/planCheckRun

GetPlanRequest

FieldTypeLabelDescription
namestringThe name of the plan to retrieve. Format: projects/{project}/plans/

ListPlansRequest

FieldTypeLabelDescription
parentstringThe parent, which owns this collection of plans. Format: projects/{project} Use "projects/-" to list all plans from all projects.
page_sizeint32The maximum number of plans to return. The service may return fewer than this value. If unspecified, at most 10 plans will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListPlans call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListPlans must match the call that provided the page token. | | filter | string | | Filter is used to filter plans returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filters: - creator: the plan creator full name in "users/{email or id}" format, support "==" operator. - create_time: the plan create time in "2006-01-02T15:04:05Z07:00" format, support ">=" or "<=" operator. - has_rollout: whether the plan has rollout, support "==" operator, the value should be "true" or "false". - has_issue: the plan has issue or not, support "==" operator, the value should be "true" or "false". - title: the plan title, support "==" operator for exact match and ".contains()" operator for case-insensitive substring match. - spec_type: the plan spec config type, support "==" operator, the value should be "create_database_config", "change_database_config", or "export_data_config". - state: the plan state, support "==" operator, the value should be "ACTIVE" or "DELETED".

For example: creator == "users/ed@bytebase.com" && create_time >= "2025-01-02T15:04:05Z07:00" has_rollout == false && has_issue == true title == "My Plan" title.contains("database migration") spec_type == "change_database_config" state == "ACTIVE" |

ListPlansResponse

FieldTypeLabelDescription
plansPlanrepeatedThe plans from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Plan

FieldTypeLabelDescription
namestringThe name of the plan. plan is a system generated ID. Format: projects/{project}/plans/
stateStateThe state of the plan.
issuestringThe issue associated with the plan. Can be empty. Format: projects/{project}/issues/
titlestringThe title of the plan.
descriptionstringThe description of the plan.
specsPlan.SpecrepeatedThe deployment specs for the plan.
creatorstringFormat: users/hello@world.com
create_timegoogle.protobuf.Timestamp
update_timegoogle.protobuf.Timestamp
plan_check_run_status_countPlan.PlanCheckRunStatusCountEntryrepeatedThe status count of the latest plan check runs. Keys are: - SUCCESS - WARNING - ERROR - RUNNING
has_rolloutboolWhether the plan has started the rollout.
approval_statusIssue.ApprovalStatusThe approval status of the linked issue. Unspecified when no linked issue exists.
rollout_stage_summariesPlan.RolloutStageSummaryrepeatedPer-stage rollout status summary. Ordered by environment deployment order. Empty when no rollout exists.

Plan.ChangeDatabaseConfig

FieldTypeLabelDescription
targetsstringrepeatedThe list of targets. Multi-database format: [instances/{instance-id}/databases/{database-name}]. Single database group format: [projects/{project}/databaseGroups/{databaseGroup}].
sheetstringThe resource name of the sheet. Format: projects/{project}/sheets/
releasestringThe resource name of the release. Format: projects/{project}/releases/
enable_prior_backupboolIf set, a backup of the modified data will be created automatically before any changes are applied.
rollback_sheetstringoptional[Argus P0-5 G1] The resource name of the rollback SQL sheet. Format: projects/{project}/sheets/{sheet} Optional. The PRE_FLIGHT plan check requires this for DDL and DML changes; missing rollback sheet on such changes produces an ERROR result that blocks issue approval. See docs/modules/preflight-checklist.md §4.

Plan.CreateDatabaseConfig

FieldTypeLabelDescription
targetstringThe resource name of the instance on which the database is created. Format: instances/
databasestringThe name of the database to create.
tablestringtable is the name of the table, if it is not empty, Argus should create a table after creating the database. For example, in MongoDB, it only creates the database when we first store data in that database.
character_setstringcharacter_set is the character set of the database.
collationstringcollation is the collation of the database.
clusterstringcluster is the cluster of the database. This is only applicable to ClickHouse for "ON CLUSTER <<cluster>>".
ownerstringowner is the owner of the database. This is only applicable to Postgres for "WITH OWNER <<owner>>".
environmentstringThe environment resource. Format: environments/prod where prod is the environment resource ID.

Plan.ExportDataConfig

FieldTypeLabelDescription
targetsstringrepeatedThe list of targets. Multi-database format: [instances/{instance-id}/databases/{database-name}]. Single database group format: [projects/{project}/databaseGroups/{databaseGroup}].
sheetstringThe resource name of the sheet. Format: projects/{project}/sheets/
formatExportFormatThe format of the exported file.
passwordstringoptionalThe zip password provide by users. Leave it empty if no needs to encrypt the zip file.

Plan.PlanCheckRunStatusCountEntry

FieldTypeLabelDescription
keystring
valueint32

Plan.RolloutStageSummary

FieldTypeLabelDescription
stagestringThe stage resource name. Format: projects/{project}/plans/{plan}/rollout/stages/
task_status_countsPlan.TaskStatusCountrepeatedTask status counts for this stage.

Plan.Spec

FieldTypeLabelDescription
idstringA UUID4 string that uniquely identifies the Spec.
create_database_configPlan.CreateDatabaseConfig
change_database_configPlan.ChangeDatabaseConfig
export_data_configPlan.ExportDataConfig

Plan.TaskStatusCount

FieldTypeLabelDescription
statusTask.StatusThe task status.
countint32The number of tasks in the status.

PlanCheckRun

FieldTypeLabelDescription
namestringFormat: projects/{project}/plans/{plan}/planCheckRun
statusPlanCheckRun.Status
resultsPlanCheckRun.Resultrepeated
errorstringerror is set if the Status is FAILED.
create_timegoogle.protobuf.Timestamp

PlanCheckRun.Result

FieldTypeLabelDescription
statusAdvice.Level
titlestring
contentstring
codeint32
targetstringTarget identification for consolidated results. Format: instances/{instance}/databases/
typePlanCheckRun.Result.Type
sql_summary_reportPlanCheckRun.Result.SqlSummaryReport
sql_review_reportPlanCheckRun.Result.SqlReviewReport

PlanCheckRun.Result.SqlReviewReport

FieldTypeLabelDescription
start_positionPositionPosition of the SQL statement.
end_positionPosition

PlanCheckRun.Result.SqlSummaryReport

FieldTypeLabelDescription
statement_typesStatementTyperepeatedstatement_types are the types of statements that are found in the sql.
affected_rowsint64

RunPlanChecksRequest

FieldTypeLabelDescription
namestringThe plan to run plan checks. Format: projects/{project}/plans/
spec_idstringoptionalThe UUID of the specific spec to run plan checks for. This should match the spec.id field in Plan.Spec. If not set, all specs in the plan will be used.

RunPlanChecksResponse

UpdatePlanRequest

FieldTypeLabelDescription
planPlanThe plan to update.

The plan's name field is used to identify the plan to update. Format: projects/{project}/plans/{plan} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the plan is not found, a new plan will be created. In this situation, update_mask is ignored. |

PlanCheckRun.Result.Type

NameNumberDescription
TYPE_UNSPECIFIED0
STATEMENT_ADVISE1
STATEMENT_SUMMARY_REPORT2
GHOST_SYNC3
PRE_FLIGHT4[Argus P0-5] Pre-flight checklist result. Mirrors store.PlanCheckType.PLAN_CHECK_TYPE_PRE_FLIGHT — kept in sync by backend/api/v1 convertPlanCheckRunResultType (see docs/modules/preflight-checklist.md §7).

PlanCheckRun.Status

NameNumberDescription
STATUS_UNSPECIFIED0
RUNNING1
DONE2
FAILED3
CANCELED4

PlanService

PlanService manages deployment plans for database changes.

Method NameRequest TypeResponse TypeDescription
GetPlanGetPlanRequestPlanRetrieves a deployment plan by name. Permissions required: bb.plans.get
ListPlansListPlansRequestListPlansResponseLists deployment plans in a project. Permissions required: bb.plans.list
CreatePlanCreatePlanRequestPlanCreates a new deployment plan. Permissions required: bb.plans.create
UpdatePlanUpdatePlanRequestPlanUpdatePlan updates the plan. The plan creator and the user with bb.plans.update permission on the project can update the plan. Permissions required: bb.plans.update (or creator)
GetPlanCheckRunGetPlanCheckRunRequestPlanCheckRunGets the plan check run for a deployment plan. Permissions required: bb.planCheckRuns.get
RunPlanChecksRunPlanChecksRequestRunPlanChecksResponseExecutes validation checks on a deployment plan. Permissions required: bb.planCheckRuns.run
CancelPlanCheckRunCancelPlanCheckRunRequestCancelPlanCheckRunResponseCancels the plan check run for a deployment plan. Permissions required: bb.planCheckRuns.run

Top

v1/project_service.proto

Activity

Activity types for webhook notifications.

AddWebhookRequest

FieldTypeLabelDescription
projectstringThe name of the project to add the webhook to. Format: projects/
webhookWebhookThe webhook to add.

BatchDeleteProjectsRequest

FieldTypeLabelDescription
namesstringrepeatedThe names of the projects to delete. Format: projects/
purgeboolIf set to true, permanently purge the soft-deleted projects and all related resources. This operation is irreversible. Following AIP-165, this should only be used for administrative cleanup of old soft-deleted projects. All projects must already be soft-deleted for this to work. When purge=true, all databases will be moved to the default project before deletion. When purge=false (soft delete/archive), the projects and their databases/issues remain unchanged.

BatchGetProjectsRequest

FieldTypeLabelDescription
namesstringrepeatedThe names of projects to retrieve. Format: projects/

BatchGetProjectsResponse

FieldTypeLabelDescription
projectsProjectrepeatedThe projects from the specified request.

CreateProjectRequest

FieldTypeLabelDescription
projectProjectThe project to create.
project_idstringThe ID to use for the project, which will become the final component of the project's resource name.

This value should be 4-63 characters, and valid characters are /[a-z][0-9]-/. |

DeleteProjectRequest

FieldTypeLabelDescription
namestringThe name of the project to delete. Format: projects/
purgeboolIf set to true, permanently purge the soft-deleted project and all related resources. This operation is irreversible. Following AIP-165, this should only be used for administrative cleanup of old soft-deleted projects. The project must already be soft-deleted for this to work. When purge=true, all databases will be moved to the default project before deletion. When purge=false (soft delete/archive), the project and its databases/issues remain unchanged.

GetProjectRequest

FieldTypeLabelDescription
namestringThe name of the project to retrieve. Format: projects/

Label

A label for categorizing and organizing issues.

FieldTypeLabelDescription
valuestringThe label value/name.
colorstringThe color code for the label (e.g., hex color).
groupstringThe group this label belongs to.

ListProjectsRequest

FieldTypeLabelDescription
page_sizeint32The maximum number of projects to return. The service may return fewer than this value. If unspecified, at most 10 projects will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListProjects call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListProjects must match the call that provided the page token. | | show_deleted | bool | | Show deleted projects if specified. | | filter | string | | Filter the project. Check filter for SearchProjectsRequest for details. Supports filtering by name, resource_id, state, and labels (e.g., labels.environment == "production"). | | order_by | string | | The order by of projects. Support title. The default sorting order is ascending. For example: - order_by = "title" - order_by = "title desc" - order_by = "title asc" |

ListProjectsResponse

FieldTypeLabelDescription
projectsProjectrepeatedThe projects from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Project

FieldTypeLabelDescription
namestringThe name of the project. Format: projects/
stateStateThe lifecycle state of the project.
titlestringThe title or name of a project. It's not unique within the workspace.
webhooksWebhookrepeatedThe list of webhooks configured for the project.
data_classification_config_idstringThe data classification configuration ID for the project.
issue_labelsLabelrepeatedLabels available for tagging issues in this project.
force_issue_labelsboolForce issue labels to be used when creating an issue.
enforce_issue_titleboolEnforce issue title to be created by user instead of generated by Argus.
postgres_database_tenant_modeboolWhether to enable database tenant mode for PostgreSQL. If enabled, issues will include "set role <db_owner>" statement.
allow_self_approvalboolWhether to allow issue creators to self-approve their own issues.
execution_retry_policyProject.ExecutionRetryPolicyExecution retry policy for task runs.
ci_sampling_sizeint32The maximum number of database rows to sample during CI data validation. Without specification, sampling is disabled, resulting in full validation.
parallel_tasks_per_rolloutint32The maximum number of parallel tasks allowed during rollout execution.
labelsProject.LabelsEntryrepeatedLabels are key-value pairs that can be attached to the project. For example, { "environment": "production", "team": "backend" }
enforce_sql_reviewboolWhether to enforce SQL review checks to pass before issue creation. If enabled, issues cannot be created when SQL review finds errors.
require_issue_approvalboolWhether to require issue approval before rollout.
require_plan_check_no_errorboolWhether to require plan check to have no error before rollout.
allow_request_rolebool
allow_just_in_time_accessboolOnce enabled, users can request and use the just-in-time access in the SQL Editor.

Project.ExecutionRetryPolicy

Execution retry policy configuration.

FieldTypeLabelDescription
maximum_retriesint32The maximum number of retries for lock timeout errors.

Project.LabelsEntry

FieldTypeLabelDescription
keystring
valuestring

RemoveWebhookRequest

FieldTypeLabelDescription
webhookWebhookThe webhook to remove. Identified by its url.

SearchProjectsRequest

FieldTypeLabelDescription
show_deletedboolShow deleted projects if specified.
filterstringFilter the project. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filters: - name: the project name, support "==" and ".contains()" operator. - resource_id: the project id, support "==" and ".contains()" operator. - exclude_default: if not include the default project, should be "true" or "false", support "==" operator. - state: check the State enum for the values, support "==" operator. - labels.{key}: the project label, support "==" and "in" operators.

For example: name == "project name" name.contains("project name") resource_id == "project id" resource_id.contains("project id") exclude_default == true state == "DELETED" labels.environment == "production" labels.tier == "critical" labels.environment in ["staging", "prod"] You can combine filter conditions like: name == "project name" && resource_id.contains("project id") name.contains("project name") || resource_id == "project id" labels.environment == "production" && labels.tier == "critical" | | page_size | int32 | | The maximum number of projects to return. The service may return fewer than this value. If unspecified, at most 10 projects will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. | | page_token | string | | A page token, received from a previous SearchProjects call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to SearchProjects must match the call that provided the page token. | | order_by | string | | The order by of projects. Support title. The default sorting order is ascending. For example: - order_by = "title" - order_by = "title desc" - order_by = "title asc" |

SearchProjectsResponse

FieldTypeLabelDescription
projectsProjectrepeatedThe projects from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

TestWebhookRequest

FieldTypeLabelDescription
projectstringThe name of the project which owns the webhook to test. Format: projects/
webhookWebhookThe webhook to test. Identified by its url.

TestWebhookResponse

FieldTypeLabelDescription
errorstringThe result of the test, empty if the test is successful.

UndeleteProjectRequest

FieldTypeLabelDescription
namestringThe name of the deleted project. Format: projects/

UpdateProjectRequest

FieldTypeLabelDescription
projectProjectThe project to update.

The project's name field is used to identify the project to update. Format: projects/{project} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the project is not found, a new project will be created. In this situation, update_mask is ignored. |

UpdateWebhookRequest

FieldTypeLabelDescription
webhookWebhookThe webhook to modify.
update_maskgoogle.protobuf.FieldMaskThe list of fields to update.
allow_missingboolIf set to true, and the webhook is not found, a new webhook will be created. In this situation, update_mask is ignored.

Webhook

FieldTypeLabelDescription
namestringname is the name of the webhook, generated by the server. format: projects/{project}/webhooks/
typeWebhookTypeWebhook integration type. type is the type of the webhook.
titlestringtitle is the title of the webhook.
urlstringurl is the url of the webhook, should be unique within the project.
direct_messageboolif direct_message is set, the notification is sent directly to the persons and url will be ignored. IM integration setting should be set for this function to work.
notification_typesActivity.Typerepeatednotification_types is the list of activities types that the webhook is interested in. Argus will only send notifications to the webhook if the activity type is in the list. It should not be empty, and should be a subset of the following: - ISSUE_CREATED - ISSUE_APPROVAL_REQUESTED - ISSUE_SENT_BACK - ISSUE_APPROVED - PIPELINE_FAILED - PIPELINE_COMPLETED

Activity.Type

Activity type enumeration.

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified type.
ISSUE_CREATED10ISSUE_CREATED represents a new issue creation event.
ISSUE_APPROVAL_REQUESTED11ISSUE_APPROVAL_REQUESTED represents an approval request event.
ISSUE_SENT_BACK12ISSUE_SENT_BACK represents an issue being sent back by an approver.
PIPELINE_FAILED13PIPELINE_FAILED represents a pipeline failure event.
PIPELINE_COMPLETED14PIPELINE_COMPLETED represents a pipeline completion event.
ISSUE_APPROVED15ISSUE_APPROVED represents an issue being fully approved.
ISSUE_REJECTED16[Argus P0-1 M3] ISSUE_REJECTED represents an approver rejecting the issue. Surfaces on the standard webhook fan-out so second- line on-call sees red decisions in IM.

ProjectService

ProjectService manages projects that group databases and changes.

Method NameRequest TypeResponse TypeDescription
GetProjectGetProjectRequestProjectGetProject retrieves a project by name. Users with "bb.projects.get" permission on the workspace or the project owner can access this method. Permissions required: bb.projects.get
BatchGetProjectsBatchGetProjectsRequestBatchGetProjectsResponseBatchGetProjects retrieves multiple projects by their names. Permissions required: bb.projects.get
ListProjectsListProjectsRequestListProjectsResponseLists all projects in the workspace with optional filtering. Permissions required: bb.projects.list
SearchProjectsSearchProjectsRequestSearchProjectsResponseSearches for projects with advanced filtering capabilities. Permissions required: bb.projects.get (or project-level bb.projects.get for specific projects)
CreateProjectCreateProjectRequestProjectCreates a new project in the workspace. Permissions required: bb.projects.create
UpdateProjectUpdateProjectRequestProjectUpdates an existing project's properties. Permissions required: bb.projects.update
DeleteProjectDeleteProjectRequest.google.protobuf.EmptyDeletes (soft-delete or purge) a project. Permissions required: bb.projects.delete
UndeleteProjectUndeleteProjectRequestProjectRestores a soft-deleted project. Permissions required: bb.projects.undelete
BatchDeleteProjectsBatchDeleteProjectsRequest.google.protobuf.EmptyDeletes multiple projects in a single operation. Permissions required: bb.projects.delete
GetIamPolicyGetIamPolicyRequestIamPolicyRetrieves the IAM policy for a project. Permissions required: bb.projects.getIamPolicy
SetIamPolicySetIamPolicyRequestIamPolicySets the IAM policy for a project. Permissions required: bb.projects.setIamPolicy
AddWebhookAddWebhookRequestProjectAdds a webhook to a project for notifications. Permissions required: bb.projects.update
UpdateWebhookUpdateWebhookRequestProjectUpdates an existing webhook configuration. Permissions required: bb.projects.update
RemoveWebhookRemoveWebhookRequestProjectRemoves a webhook from a project. Permissions required: bb.projects.update
TestWebhookTestWebhookRequestTestWebhookResponseTests a webhook by sending a test notification. Permissions required: bb.projects.update

Top

v1/release_service.proto

CheckReleaseRequest

FieldTypeLabelDescription
parentstringFormat: projects/
releaseReleaseThe release to check.
targetsstringrepeatedThe targets to dry-run the release. Can be database or databaseGroup. Format: projects/{project}/databaseGroups/{databaseGroup} instances/{instance}/databases/
custom_rulesstringCustom linting rules in natural language for AI-powered validation. Each rule should be a clear statement describing the desired schema constraint. Example: "All tables must have a primary key" Example: "VARCHAR columns should specify a maximum length"

CheckReleaseResponse

FieldTypeLabelDescription
resultsCheckReleaseResponse.CheckResultrepeatedThe check results for each file and target combination.
affected_rowsint64The total affected rows across all checks.
risk_levelRiskLevelThe aggregated risk level of the check.

CheckReleaseResponse.CheckResult

Check result for a single release file on a target database.

FieldTypeLabelDescription
filestringThe file path that is being checked.
targetstringThe target that the check is performed on. Should be a database. Format: instances/{instance}/databases/
advicesAdvicerepeatedThe list of advice for the file and the target.
affected_rowsint64The count of affected rows of the statement on the target.
risk_levelRiskLevelThe risk level of the statement on the target.

CreateReleaseRequest

FieldTypeLabelDescription
parentstringFormat: projects/
releaseReleaseThe release to create.
release_id_templatestringTemplate for release ID generation. Available variables: {date}, {time}, {timestamp}, {iteration}. Example: "release_{date}-RC{iteration}" generates "release_20260119-RC00". Default: "release_{date}-RC{iteration}".
release_id_timezonestringTimezone for {date} and {time} variables in the template. Must be a valid IANA timezone (e.g., "UTC", "America/Los_Angeles"). Default: "UTC".

DeleteReleaseRequest

FieldTypeLabelDescription
namestringThe name of the release to delete. Format: projects/{project}/releases/

GetReleaseRequest

FieldTypeLabelDescription
namestringFormat: projects/{project}/releases/

ListReleaseCategoriesRequest

FieldTypeLabelDescription
parentstringFormat: projects/

ListReleaseCategoriesResponse

FieldTypeLabelDescription
categoriesstringrepeatedThe unique category values in the project.

ListReleasesRequest

FieldTypeLabelDescription
parentstringFormat: projects/
page_sizeint32The maximum number of releases to return. The service may return fewer than this value. If unspecified, at most 10 releases will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListReleases call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListReleases must match the call that provided the page token. | | show_deleted | bool | | Show deleted releases if specified. | | filter | string | | Filter is used to filter releases returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filters: - category: release category, support "==" operator.

For example: category == "webapp" |

ListReleasesResponse

FieldTypeLabelDescription
releasesReleaserepeatedThe releases from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Release

FieldTypeLabelDescription
namestringFormat: projects/{project}/releases/
categorystringCategory extracted from release name (e.g., "webapp", "analytics"). Set by Argus action during release creation.
filesRelease.FilerepeatedThe SQL files included in the release.
vcs_sourceRelease.VCSSourceThe version control source of the release.
creatorstringFormat: users/hello@world.com
create_timegoogle.protobuf.Timestamp
stateStateThe lifecycle state of the release.
typeRelease.TypeThe type of schema change for all files in this release.

Release.File

A SQL file in a release.

FieldTypeLabelDescription
pathstringThe path of the file. e.g., 2.2/V0001_create_table.sql.
versionstringThe version identifier for the file.
sheetstringFor inputs, we must either use sheet or statement. For outputs, we always use sheet. statement is the preview of the sheet content.

The sheet that holds the content. Format: projects/{project}/sheets/{sheet} | | statement | bytes | | The raw SQL statement content. | | sheet_sha256 | string | | The SHA256 hash value of the sheet content or the statement. |

Release.VCSSource

Version control system source information.

FieldTypeLabelDescription
vcs_typeVCSTypeThe type of VCS.
urlstringThe url link to the e.g., GitHub commit or pull request.

UndeleteReleaseRequest

FieldTypeLabelDescription
namestringThe name of the deleted release. Format: projects/{project}/releases/

UpdateReleaseRequest

FieldTypeLabelDescription
releaseReleaseThe release to update.
update_maskgoogle.protobuf.FieldMaskThe list of fields to be updated.

Release.Type

The type of schema change.

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified type.
VERSIONED1Versioned schema migration.
DECLARATIVE2Declarative schema definition.

ReleaseService

ReleaseService manages releases for coordinating deployments.

Method NameRequest TypeResponse TypeDescription
GetReleaseGetReleaseRequestReleaseRetrieves a release by name. Permissions required: bb.releases.get
ListReleasesListReleasesRequestListReleasesResponseLists releases in a project. Permissions required: bb.releases.list
CreateReleaseCreateReleaseRequestReleaseCreates a new release with SQL files. Permissions required: bb.releases.create
UpdateReleaseUpdateReleaseRequestReleaseUpdates an existing release. Permissions required: bb.releases.update When allow_missing=true, also requires: bb.releases.create
DeleteReleaseDeleteReleaseRequest.google.protobuf.EmptyDeletes a release. Permissions required: bb.releases.delete
UndeleteReleaseUndeleteReleaseRequestReleaseRestores a deleted release. Permissions required: bb.releases.undelete
CheckReleaseCheckReleaseRequestCheckReleaseResponseValidates a release by dry-running checks on target databases. Permissions required: bb.releases.check
ListReleaseCategoriesListReleaseCategoriesRequestListReleaseCategoriesResponseLists all unique categories in a project. Permissions required: bb.releases.list

Top

v1/review_config_service.proto

CreateReviewConfigRequest

FieldTypeLabelDescription
review_configReviewConfigThe SQL review config to create.

DeleteReviewConfigRequest

FieldTypeLabelDescription
namestringThe name of the SQL review config to delete. Format: reviewConfigs/

GetReviewConfigRequest

FieldTypeLabelDescription
namestringThe name of the SQL review config to retrieve. Format: reviewConfigs/

ListReviewConfigsRequest

ListReviewConfigsResponse

FieldTypeLabelDescription
review_configsReviewConfigrepeatedThe SQL review configs from the specified request.

ReviewConfig

FieldTypeLabelDescription
namestringThe name of the SQL review config. Format: reviewConfigs/
titlestringThe title of the review configuration.
enabledboolWhether the review configuration is enabled.
rulesSQLReviewRulerepeatedThe SQL review rules to enforce.
resourcesstringrepeatedResources using the config. Format: {resource}/{resource id}, e.g., environments/test.

SQLReviewRule

SQL review rule configuration. Check the SQL_REVIEW_RULES_DOCUMENTATION.md for details.

FieldTypeLabelDescription
typeSQLReviewRule.TypeThe type of SQL review rule.
levelSQLReviewRule.LevelThe severity level of the rule.
naming_payloadSQLReviewRule.NamingRulePayload
number_payloadSQLReviewRule.NumberRulePayload
string_array_payloadSQLReviewRule.StringArrayRulePayload
comment_convention_payloadSQLReviewRule.CommentConventionRulePayload
string_payloadSQLReviewRule.StringRulePayload
naming_case_payloadSQLReviewRule.NamingCaseRulePayload
engineEngineThe database engine this rule applies to.

SQLReviewRule.CommentConventionRulePayload

FieldTypeLabelDescription
requiredbool
max_lengthint32

SQLReviewRule.NamingCaseRulePayload

FieldTypeLabelDescription
upperbool

SQLReviewRule.NamingRulePayload

Payload message types for SQL review rules

FieldTypeLabelDescription
max_lengthint32
formatstring

SQLReviewRule.NumberRulePayload

FieldTypeLabelDescription
numberint32

SQLReviewRule.StringArrayRulePayload

FieldTypeLabelDescription
liststringrepeated

SQLReviewRule.StringRulePayload

FieldTypeLabelDescription
valuestring

UpdateReviewConfigRequest

FieldTypeLabelDescription
review_configReviewConfigThe SQL review config to update.

The name field is used to identify the SQL review config to update. | | update_mask | google.protobuf.FieldMask | | The list of fields to update. | | allow_missing | bool | | If set to true, and the config is not found, a new config will be created. In this situation, update_mask is ignored. |

SQLReviewRule.Level

The severity level for SQL review rules.

NameNumberDescription
LEVEL_UNSPECIFIED0Unspecified level.
ERROR1Rule violation is an error.
WARNING2Rule violation is a warning.

SQLReviewRule.Type

NameNumberDescription
TYPE_UNSPECIFIED0
ENGINE_MYSQL_USE_INNODB1
NAMING_FULLY_QUALIFIED2
NAMING_TABLE3
NAMING_COLUMN4
NAMING_INDEX_PK5
NAMING_INDEX_UK6
NAMING_INDEX_FK7
NAMING_INDEX_IDX8
NAMING_COLUMN_AUTO_INCREMENT9
NAMING_TABLE_NO_KEYWORD10
NAMING_IDENTIFIER_NO_KEYWORD11
NAMING_IDENTIFIER_CASE12
STATEMENT_SELECT_NO_SELECT_ALL13
STATEMENT_WHERE_REQUIRE_SELECT14
STATEMENT_WHERE_REQUIRE_UPDATE_DELETE15
STATEMENT_WHERE_NO_LEADING_WILDCARD_LIKE16
STATEMENT_DISALLOW_ON_DEL_CASCADE17
STATEMENT_DISALLOW_RM_TBL_CASCADE18
STATEMENT_DISALLOW_COMMIT19
STATEMENT_DISALLOW_LIMIT20
STATEMENT_DISALLOW_ORDER_BY21
STATEMENT_MERGE_ALTER_TABLE22
STATEMENT_INSERT_ROW_LIMIT23
STATEMENT_INSERT_MUST_SPECIFY_COLUMN24
STATEMENT_INSERT_DISALLOW_ORDER_BY_RAND25
STATEMENT_AFFECTED_ROW_LIMIT26
STATEMENT_DML_DRY_RUN27
STATEMENT_DISALLOW_ADD_COLUMN_WITH_DEFAULT28
STATEMENT_ADD_CHECK_NOT_VALID29
STATEMENT_ADD_FOREIGN_KEY_NOT_VALID30
STATEMENT_DISALLOW_ADD_NOT_NULL31
STATEMENT_SELECT_FULL_TABLE_SCAN32
STATEMENT_CREATE_SPECIFY_SCHEMA33
STATEMENT_CHECK_SET_ROLE_VARIABLE34
STATEMENT_DISALLOW_USING_FILESORT35
STATEMENT_DISALLOW_USING_TEMPORARY36
STATEMENT_WHERE_NO_EQUAL_NULL37
STATEMENT_WHERE_DISALLOW_FUNCTIONS_AND_CALCULATIONS38
STATEMENT_QUERY_MINIMUM_PLAN_LEVEL39
STATEMENT_WHERE_MAXIMUM_LOGICAL_OPERATOR_COUNT40
STATEMENT_MAXIMUM_LIMIT_VALUE41
STATEMENT_MAXIMUM_JOIN_TABLE_COUNT42
STATEMENT_MAXIMUM_STATEMENTS_IN_TRANSACTION43
STATEMENT_JOIN_STRICT_COLUMN_ATTRS44
STATEMENT_NON_TRANSACTIONAL45
STATEMENT_ADD_COLUMN_WITHOUT_POSITION46
STATEMENT_DISALLOW_OFFLINE_DDL47
STATEMENT_DISALLOW_CROSS_DB_QUERIES48
STATEMENT_MAX_EXECUTION_TIME49
STATEMENT_REQUIRE_ALGORITHM_OPTION50
STATEMENT_REQUIRE_LOCK_OPTION51
STATEMENT_OBJECT_OWNER_CHECK52
TABLE_REQUIRE_PK53
TABLE_NO_FOREIGN_KEY54
TABLE_DROP_NAMING_CONVENTION55
TABLE_COMMENT56
TABLE_DISALLOW_PARTITION57
TABLE_DISALLOW_TRIGGER58
TABLE_NO_DUPLICATE_INDEX59
TABLE_TEXT_FIELDS_TOTAL_LENGTH60
TABLE_DISALLOW_SET_CHARSET61
TABLE_DISALLOW_DDL62
TABLE_DISALLOW_DML63
TABLE_LIMIT_SIZE64
TABLE_REQUIRE_CHARSET65
TABLE_REQUIRE_COLLATION66
COLUMN_REQUIRED67
COLUMN_NO_NULL68
COLUMN_DISALLOW_CHANGE_TYPE69
COLUMN_SET_DEFAULT_FOR_NOT_NULL70
COLUMN_DISALLOW_CHANGE71
COLUMN_DISALLOW_CHANGING_ORDER72
COLUMN_DISALLOW_DROP73
COLUMN_DISALLOW_DROP_IN_INDEX74
COLUMN_COMMENT75
COLUMN_AUTO_INCREMENT_MUST_INTEGER76
COLUMN_TYPE_DISALLOW_LIST77
COLUMN_DISALLOW_SET_CHARSET78
COLUMN_MAXIMUM_CHARACTER_LENGTH79
COLUMN_MAXIMUM_VARCHAR_LENGTH80
COLUMN_AUTO_INCREMENT_INITIAL_VALUE81
COLUMN_AUTO_INCREMENT_MUST_UNSIGNED82
COLUMN_CURRENT_TIME_COUNT_LIMIT83
COLUMN_REQUIRE_DEFAULT84
COLUMN_DEFAULT_DISALLOW_VOLATILE85
COLUMN_ADD_NOT_NULL_REQUIRE_DEFAULT86
COLUMN_REQUIRE_CHARSET87
COLUMN_REQUIRE_COLLATION88
SCHEMA_BACKWARD_COMPATIBILITY89
DATABASE_DROP_EMPTY_DATABASE90
INDEX_NO_DUPLICATE_COLUMN91
INDEX_KEY_NUMBER_LIMIT92
INDEX_PK_TYPE_LIMIT93
INDEX_TYPE_NO_BLOB94
INDEX_TOTAL_NUMBER_LIMIT95
INDEX_PRIMARY_KEY_TYPE_ALLOWLIST96
INDEX_CREATE_CONCURRENTLY97
INDEX_TYPE_ALLOW_LIST98
INDEX_NOT_REDUNDANT99
SYSTEM_CHARSET_ALLOWLIST100
SYSTEM_COLLATION_ALLOWLIST101
SYSTEM_COMMENT_LENGTH102
SYSTEM_PROCEDURE_DISALLOW_CREATE103
SYSTEM_EVENT_DISALLOW_CREATE104
SYSTEM_VIEW_DISALLOW_CREATE105
SYSTEM_FUNCTION_DISALLOW_CREATE106
SYSTEM_FUNCTION_DISALLOWED_LIST107
ADVICE_ONLINE_MIGRATION108
BUILTIN_PRIOR_BACKUP_CHECK109
BUILTIN_WALK_THROUGH_CHECK110
STATEMENT_DISALLOW_TRUNCATE111

ReviewConfigService

ReviewConfigService manages approval flow configurations.

Method NameRequest TypeResponse TypeDescription
CreateReviewConfigCreateReviewConfigRequestReviewConfigCreates a new SQL review configuration. Permissions required: bb.reviewConfigs.create
ListReviewConfigsListReviewConfigsRequestListReviewConfigsResponseLists all SQL review configurations. Permissions required: bb.reviewConfigs.list
GetReviewConfigGetReviewConfigRequestReviewConfigRetrieves a SQL review configuration by name. Permissions required: bb.reviewConfigs.get
UpdateReviewConfigUpdateReviewConfigRequestReviewConfigUpdates a SQL review configuration. Permissions required: bb.reviewConfigs.update When allow_missing=true, also requires: bb.reviewConfigs.create
DeleteReviewConfigDeleteReviewConfigRequest.google.protobuf.EmptyDeletes a SQL review configuration. Permissions required: bb.reviewConfigs.delete

Top

v1/revision_service.proto

BatchCreateRevisionsRequest

FieldTypeLabelDescription
parentstringThe parent resource shared by all revisions being created. Format: instances/{instance}/databases/
requestsCreateRevisionRequestrepeatedThe request message specifying the revisions to create. A maximum of 100 revisions can be created in a batch.

BatchCreateRevisionsResponse

FieldTypeLabelDescription
revisionsRevisionrepeatedThe created revisions.

CreateRevisionRequest

FieldTypeLabelDescription
parentstringFormat: instances/{instance}/databases/
revisionRevisionThe revision to create.

DeleteRevisionRequest

FieldTypeLabelDescription
namestringThe name of the revision to delete. Format: instances/{instance}/databases/{database}/revisions/

GetRevisionRequest

FieldTypeLabelDescription
namestringThe name of the revision. Format: instances/{instance}/databases/{database}/revisions/

ListRevisionsRequest

FieldTypeLabelDescription
parentstringThe parent of the revisions. Format: instances/{instance}/databases/
page_sizeint32The maximum number of revisions to return. The service may return fewer than this value. If unspecified, at most 10 revisions will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListRevisions call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListRevisions must match the call that provided the page token. | | show_deleted | bool | | Whether to include deleted revisions in the results. |

ListRevisionsResponse

FieldTypeLabelDescription
revisionsRevisionrepeatedThe revisions from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Revision

FieldTypeLabelDescription
namestringFormat: instances/{instance}/databases/{database}/revisions/
releasestringFormat: projects/{project}/releases/{release} Can be empty.
create_timegoogle.protobuf.Timestamp
deleterstringFormat: users/hello@world.com Can be empty.
delete_timegoogle.protobuf.TimestampCan be empty.
filestringFormat: projects/{project}/releases/{release}/files/{file_path} The file_path segment is URL-encoded since file paths may contain "/". Can be empty.
versionstringThe schema version string for this revision.
sheetstringThe sheet that holds the content. Format: projects/{project}/sheets/
sheet_sha256stringThe SHA256 hash value of the sheet.
task_runstringThe task run associated with the revision. Can be empty. Format: projects/{project}/plans/{plan}/rollout/stages/{stage}/tasks/{task}/taskRuns/
typeRevision.TypeThe type of the revision.

Revision.Type

The type of schema revision.

NameNumberDescription
TYPE_UNSPECIFIED0Unspecified type.
VERSIONED1Versioned schema migration.
DECLARATIVE2Declarative schema definition.

RevisionService

RevisionService manages schema revision history.

Method NameRequest TypeResponse TypeDescription
ListRevisionsListRevisionsRequestListRevisionsResponseLists schema revisions for a database. Permissions required: bb.revisions.list
GetRevisionGetRevisionRequestRevisionRetrieves a schema revision by name. Permissions required: bb.revisions.get
BatchCreateRevisionsBatchCreateRevisionsRequestBatchCreateRevisionsResponseCreates multiple schema revisions in a single operation. Permissions required: bb.revisions.create
DeleteRevisionDeleteRevisionRequest.google.protobuf.EmptyDeletes a schema revision. Permissions required: bb.revisions.delete

Top

v1/role_service.proto

CreateRoleRequest

FieldTypeLabelDescription
roleRoleThe role to create.
role_idstringThe ID to use for the role, which will become the final component of the role's resource name.

This value should be 4-63 characters, and valid characters are /[a-z][A-Z][0-9]/. |

DeleteRoleRequest

FieldTypeLabelDescription
namestringThe name of the role to delete. Format: roles/

GetRoleRequest

FieldTypeLabelDescription
namestringThe name of the role to retrieve. Format: roles/

ListRolesRequest

ListRolesResponse

FieldTypeLabelDescription
rolesRolerepeatedThe roles from the specified request.

Role

Role defines a set of permissions that can be assigned to users.

FieldTypeLabelDescription
namestringResource name. Format: roles/
titlestringHuman-readable title.
descriptionstringOptional description of the role.
permissionsstringrepeatedList of permission identifiers granted by this role.
typeRole.TypeRole type indicating if it's built-in or custom.

UpdateRoleRequest

FieldTypeLabelDescription
roleRoleThe role to update.
update_maskgoogle.protobuf.FieldMaskThe list of fields to update.
allow_missingboolIf set to true, and the role is not found, a new role will be created. In this situation, update_mask is ignored.

Role.Type

NameNumberDescription
TYPE_UNSPECIFIED0
BUILT_IN1System-defined role that cannot be modified.
CUSTOM2User-defined role that can be modified.

RoleService

RoleService manages workspace roles and permissions.

Method NameRequest TypeResponse TypeDescription
ListRolesListRolesRequestListRolesResponseLists roles in the workspace. Permissions required: bb.roles.list
GetRoleGetRoleRequestRoleRetrieves a role by name. Permissions required: bb.roles.get
CreateRoleCreateRoleRequestRoleCreates a new custom role. Permissions required: bb.roles.create
UpdateRoleUpdateRoleRequestRoleUpdates a role's properties. Permissions required: bb.roles.update When allow_missing=true, also requires: bb.roles.create
DeleteRoleDeleteRoleRequest.google.protobuf.EmptyDeletes a custom role. Permissions required: bb.roles.delete

Top

v1/service_account_service.proto

CreateServiceAccountRequest

Request message for creating a service account.

FieldTypeLabelDescription
parentstringThe parent resource where this service account will be created. Format: projects/{project} for project-level, workspaces/{id} for workspace-level.
service_account_idstringThe ID to use for the service account, which will become the final component of the service account's email in the format: {service_account_id}@service.bytebase.com or {service_account_id}@{project-id}.service.bytebase.com
service_accountServiceAccountThe service account to create.

DeleteServiceAccountRequest

Request message for deleting a service account.

FieldTypeLabelDescription
namestringThe name of the service account to delete. Format: serviceAccounts/

GetServiceAccountRequest

Request message for getting a service account.

FieldTypeLabelDescription
namestringThe name of the service account to retrieve. Format: serviceAccounts/

ListServiceAccountsRequest

Request message for listing service accounts.

FieldTypeLabelDescription
parentstringThe parent resource. Format: projects/{project} for project-level, workspaces/{id} for workspace-level.
page_sizeint32The maximum number of service accounts to return. The service may return fewer than this value. If unspecified, at most 10 service accounts will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListServiceAccounts call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListServiceAccounts must match the call that provided the page token. | | show_deleted | bool | | Show deleted service accounts if specified. | | filter | string | | Filter is used to filter service accounts returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - name: the service account name, support "==" and ".contains()" operator. - email: the service account email, support "==" and ".contains()" operator. - state: check State enum for values, support "==" operator.

For example: name == "ed" name.contains("ed") state == "DELETED" email == "ed@service.bytebase.com" email.contains("ed") |

ListServiceAccountsResponse

Response message for listing service accounts.

FieldTypeLabelDescription
service_accountsServiceAccountrepeatedThe service accounts from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

ServiceAccount

ServiceAccount represents an API integration account.

FieldTypeLabelDescription
namestringThe name of the service account. Format: serviceAccounts/
stateStateThe state of the service account.
emailstringThe email of the service account. For workspace-level: {name}@service.bytebase.com For project-level: {name}@{project-id}.service.bytebase.com
titlestringThe display title of the service account.
service_keystringThe service key for authentication. Only returned on creation or key rotation.
create_timegoogle.protobuf.TimestampThe timestamp when the service account was created.

UndeleteServiceAccountRequest

Request message for restoring a deleted service account.

FieldTypeLabelDescription
namestringThe name of the deleted service account. Format: serviceAccounts/

UpdateServiceAccountRequest

Request message for updating a service account.

FieldTypeLabelDescription
service_accountServiceAccountThe service account to update.

The service account's name field is used to identify the service account to update. Format: serviceAccounts/{email} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. Supported fields: title, service_key (triggers key rotation) |

ServiceAccountService

ServiceAccountService manages service accounts for API integrations.

Method NameRequest TypeResponse TypeDescription
CreateServiceAccountCreateServiceAccountRequestServiceAccountCreates a new service account. For workspace-level: parent is workspaces/{id}, permission bb.serviceAccounts.create on workspace. For project-level: parent is projects/{project}, permission bb.serviceAccounts.create on project.
GetServiceAccountGetServiceAccountRequestServiceAccountGets a service account by name. Permissions required: bb.serviceAccounts.get
ListServiceAccountsListServiceAccountsRequestListServiceAccountsResponseLists service accounts. For workspace-level: parent is workspaces/{id}, permission bb.serviceAccounts.list on workspace. For project-level: parent is projects/{project}, permission bb.serviceAccounts.list on project.
UpdateServiceAccountUpdateServiceAccountRequestServiceAccountUpdates a service account. Permissions required: bb.serviceAccounts.update
DeleteServiceAccountDeleteServiceAccountRequest.google.protobuf.EmptyDeletes a service account. Permissions required: bb.serviceAccounts.delete
UndeleteServiceAccountUndeleteServiceAccountRequestServiceAccountRestores a deleted service account. Permissions required: bb.serviceAccounts.undelete

Top

v1/sheet_service.proto

BatchCreateSheetsRequest

FieldTypeLabelDescription
parentstringThe parent resource where all sheets will be created. Format: projects/
requestsCreateSheetRequestrepeated

BatchCreateSheetsResponse

FieldTypeLabelDescription
sheetsSheetrepeated

CreateSheetRequest

FieldTypeLabelDescription
parentstringThe parent resource where this sheet will be created. Format: projects/
sheetSheetThe sheet to create.

GetSheetRequest

FieldTypeLabelDescription
namestringThe name of the sheet to retrieve. Format: projects/{project}/sheets/
rawboolBy default, the content of the sheet is cut off, set the raw to true to retrieve the full content.

Sheet

FieldTypeLabelDescription
namestringThe name of the sheet resource. Format: projects/{project}/sheets/{sheet} The sheet ID is generated by the server on creation and cannot be changed.
contentbytesThe content of the sheet. By default, it will be cut off, if it doesn't match the content_size, you can set the raw to true in GetSheet request to retrieve the full content.
content_sizeint64content_size is the full size of the content, may not match the size of the content field.

SheetService

SheetService manages SQL scripts and saved queries.

Method NameRequest TypeResponse TypeDescription
CreateSheetCreateSheetRequestSheetCreates a new SQL sheet. Permissions required: bb.sheets.create
BatchCreateSheetsBatchCreateSheetsRequestBatchCreateSheetsResponseCreates multiple SQL sheets in a single operation. Permissions required: bb.sheets.create
GetSheetGetSheetRequestSheetRetrieves a SQL sheet by name. Permissions required: bb.sheets.get

Top

v1/subscription_service.proto

CancelPurchaseRequest

CreatePurchaseRequest

FieldTypeLabelDescription
planPlanType
intervalBillingInterval
seatsint32

GetPaymentInfoRequest

GetSubscriptionRequest

ListPurchasePlansRequest

ListPurchasePlansResponse

FieldTypeLabelDescription
plansPurchasePlanrepeated

PaymentInfo

FieldTypeLabelDescription
total_pricestring
currencystring
period_startstring
period_endstring
invoice_urlstringStripe Billing Portal URL for invoice management.
cancel_at_period_endboolWhether the subscription is scheduled to cancel at the end of the current billing period.

PlanConfig

PlanConfig represents the configuration for all plans loaded from plan.yaml

FieldTypeLabelDescription
plansPlanLimitConfigrepeated
instance_featuresPlanFeaturerepeated

PlanLimitConfig

PlanLimitConfig represents a single plan's configuration

FieldTypeLabelDescription
typePlanType
maximum_instance_countint32
maximum_seat_countint32
featuresPlanFeaturerepeated

PurchaseBillingMethod

FieldTypeLabelDescription
intervalBillingInterval
discountPurchaseDiscount

PurchaseDiscount

FieldTypeLabelDescription
typePurchaseDiscount.Type
valueint32

PurchasePlan

FieldTypeLabelDescription
typePlanType
self_service_purchasebool
additionalsPurchasePlanAdditionalrepeated
billing_methodsPurchaseBillingMethodrepeated

PurchasePlanAdditional

FieldTypeLabelDescription
typePurchasePlanAdditional.Type
unit_priceint32Price in USD cents per month.
free_countint32
minimum_countint32
maximum_countint32-1 means unlimited.

PurchaseResponse

FieldTypeLabelDescription
payment_urlstringIf set, redirect to this Stripe Checkout URL. If empty, the update was applied directly using the existing payment method.
session_idstringStripe Checkout Session ID. Used to verify the session after redirect.

Subscription

FieldTypeLabelDescription
planPlanType
seatsint32
instancesint32
active_instancesint32
expires_timegoogle.protobuf.Timestamp
trialingbool
org_namestring
haboolWhether high availability (multiple replicas) is enabled.
etagstringEtag for optimistic concurrency on purchase updates. Only set in SaaS mode.

UpdatePurchaseRequest

FieldTypeLabelDescription
planPlanType
intervalBillingInterval
seatsint32
etagstring

UploadLicenseRequest

FieldTypeLabelDescription
licensestring

VerifyCheckoutSessionRequest

FieldTypeLabelDescription
session_idstring

VerifyCheckoutSessionResponse

FieldTypeLabelDescription
statusstringStripe Checkout Session status: "complete", "expired", or "open".

BillingInterval

NameNumberDescription
BILLING_INTERVAL_UNSPECIFIED0
MONTH1
YEAR2

PlanFeature

PlanFeature represents the available features in Argus

NameNumberDescription
FEATURE_UNSPECIFIED0
FEATURE_DATABASE_CHANGE1Database Change Management
FEATURE_GIT_BASED_SCHEMA_VERSION_CONTROL2
FEATURE_DECLARATIVE_SCHEMA_MIGRATION3
FEATURE_COMPARE_AND_SYNC_SCHEMA4
FEATURE_ONLINE_SCHEMA_CHANGE5
FEATURE_PRE_DEPLOYMENT_SQL_REVIEW6
FEATURE_AUTOMATIC_BACKUP_BEFORE_DATA_CHANGES7
FEATURE_ONE_CLICK_DATA_ROLLBACK8
FEATURE_MULTI_DATABASE_BATCH_CHANGES9
FEATURE_PROGRESSIVE_ENVIRONMENT_DEPLOYMENT10
FEATURE_SCHEDULED_ROLLOUT_TIME11
FEATURE_DATABASE_CHANGELOG12
FEATURE_SCHEMA_DRIFT_DETECTION13
FEATURE_ROLLOUT_POLICY14
FEATURE_WEB_BASED_SQL_EDITOR15SQL Editor & Development
FEATURE_SQL_EDITOR_ADMIN_MODE16
FEATURE_NATURAL_LANGUAGE_TO_SQL17
FEATURE_AI_QUERY_EXPLANATION18
FEATURE_AI_QUERY_SUGGESTIONS19
FEATURE_AUTO_COMPLETE20
FEATURE_SCHEMA_DIAGRAM21
FEATURE_SCHEMA_EDITOR22
FEATURE_DATA_EXPORT23
FEATURE_DATA_OFFLINE_EXPORT24
FEATURE_QUERY_HISTORY25
FEATURE_SAVED_AND_SHARED_SQL_SCRIPTS26
FEATURE_BATCH_QUERY27
FEATURE_INSTANCE_READ_ONLY_CONNECTION28
FEATURE_QUERY_POLICY29
FEATURE_RESTRICT_COPYING_DATA30
FEATURE_IAM31Security & Compliance
FEATURE_INSTANCE_SSL_CONNECTION32
FEATURE_INSTANCE_CONNECTION_OVER_SSH_TUNNEL33
FEATURE_INSTANCE_CONNECTION_IAM_AUTHENTICATION34
FEATURE_GOOGLE_AND_GITHUB_SSO35
FEATURE_USER_GROUPS36
FEATURE_DISALLOW_SELF_SERVICE_SIGNUP37
FEATURE_CUSTOM_INSTANCE_SYNC_TIME38
FEATURE_CUSTOM_INSTANCE_CONNECTION_LIMIT39
FEATURE_RISK_ASSESSMENT40
FEATURE_APPROVAL_WORKFLOW41
FEATURE_AUDIT_LOG42
FEATURE_ENTERPRISE_SSO43
FEATURE_TWO_FA44
FEATURE_PASSWORD_RESTRICTIONS45
FEATURE_DISALLOW_PASSWORD_SIGNIN46
FEATURE_CUSTOM_ROLES47
FEATURE_REQUEST_ROLE_WORKFLOW48
FEATURE_JIT49
FEATURE_DATA_MASKING50
FEATURE_DATA_CLASSIFICATION51
FEATURE_SCIM52
FEATURE_DIRECTORY_SYNC53
FEATURE_TOKEN_DURATION_CONTROL54
FEATURE_EXTERNAL_SECRET_MANAGER55
FEATURE_USER_EMAIL_DOMAIN_RESTRICTION56
FEATURE_PROJECT_MANAGEMENT57Administration & Support
FEATURE_ENVIRONMENT_MANAGEMENT58
FEATURE_IM_NOTIFICATIONS59
FEATURE_TERRAFORM_PROVIDER60
FEATURE_DATABASE_GROUPS61
FEATURE_ENVIRONMENT_TIERS62
FEATURE_DASHBOARD_ANNOUNCEMENT63
FEATURE_API_INTEGRATION_GUIDANCE64
FEATURE_CUSTOM_LOGO65
FEATURE_WATERMARK66
FEATURE_ROADMAP_PRIORITIZATION67
FEATURE_CUSTOM_MSA68
FEATURE_COMMUNITY_SUPPORT69
FEATURE_EMAIL_SUPPORT70
FEATURE_DEDICATED_SUPPORT_WITH_SLA71

PlanType

NameNumberDescription
PLAN_TYPE_UNSPECIFIED0Unspecified plan type.
FREE1Free plan with basic features and no cost.
TEAM2Team plan with collaboration features for small to medium teams.
ENTERPRISE3Enterprise plan with advanced features and dedicated support.

PurchaseDiscount.Type

NameNumberDescription
TYPE_UNSPECIFIED0
PERCENTAGE_OFF1
FIXED_MONTH_OFF2
FIXED_PRICE_OFF3

PurchasePlanAdditional.Type

NameNumberDescription
TYPE_UNSPECIFIED0
USER1

SubscriptionService

SubscriptionService manages enterprise subscriptions and licensing.

Method NameRequest TypeResponse TypeDescription
GetSubscriptionGetSubscriptionRequestSubscriptionGetSubscription returns the current subscription. If there is no license, we will return a free plan subscription without expiration time. If there is expired license, we will return a free plan subscription with the expiration time of the expired license.
UploadLicenseUploadLicenseRequestSubscriptionUploads an enterprise license (self-hosted only).
CreatePurchaseCreatePurchaseRequestPurchaseResponseCreatePurchase creates a new subscription purchase (SaaS only). Returns a Stripe Checkout URL for the user to complete payment.
UpdatePurchaseUpdatePurchaseRequestPurchaseResponseUpdatePurchase updates an existing subscription (SaaS only). May return a Stripe Checkout URL if payment method change is needed.
CancelPurchaseCancelPurchaseRequestPurchaseResponseCancelPurchase cancels an active subscription (SaaS only).
GetPaymentInfoGetPaymentInfoRequestPaymentInfoGetPaymentInfo returns payment details for the current subscription (SaaS only).
VerifyCheckoutSessionVerifyCheckoutSessionRequestVerifyCheckoutSessionResponseVerifyCheckoutSession verifies a Stripe Checkout Session status (SaaS only).
ListPurchasePlansListPurchasePlansRequestListPurchasePlansResponseListPurchasePlans returns available plans for self-service purchase.

Top

v1/workload_identity_service.proto

CreateWorkloadIdentityRequest

Request message for creating a workload identity.

FieldTypeLabelDescription
parentstringThe parent resource where this workload identity will be created. Format: projects/{project} for project-level, workspaces/{id} for workspace-level.
workload_identity_idstringThe ID to use for the workload identity, which will become the final component of the workload identity's email in the format: {workload_identity_id}@workload.bytebase.com or {workload_identity_id}@{project-id}.workload.bytebase.com
workload_identityWorkloadIdentityThe workload identity to create.

DeleteWorkloadIdentityRequest

Request message for deleting a workload identity.

FieldTypeLabelDescription
namestringThe name of the workload identity to delete. Format: workloadIdentities/

GetWorkloadIdentityRequest

Request message for getting a workload identity.

FieldTypeLabelDescription
namestringThe name of the workload identity to retrieve. Format: workloadIdentities/

ListWorkloadIdentitiesRequest

Request message for listing workload identities.

FieldTypeLabelDescription
parentstringThe parent resource. Format: projects/{project} for project-level, workspaces/{id} for workspace-level.
page_sizeint32The maximum number of workload identities to return. The service may return fewer than this value. If unspecified, at most 10 workload identities will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
page_tokenstringA page token, received from a previous ListWorkloadIdentities call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListWorkloadIdentities must match the call that provided the page token. | | show_deleted | bool | | Show deleted workload identities if specified. | | filter | string | | Filter is used to filter workload identities returned in the list. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - name: the workload identity name, support "==" and ".contains()" operator. - email: the workload identity email, support "==" and ".contains()" operator. - state: check State enum for values, support "==" operator.

For example: name == "ed" name.contains("ed") state == "DELETED" email == "ed@workload.bytebase.com" email.contains("ed") |

ListWorkloadIdentitiesResponse

Response message for listing workload identities.

FieldTypeLabelDescription
workload_identitiesWorkloadIdentityrepeatedThe workload identities from the specified request.
next_page_tokenstringA token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

UndeleteWorkloadIdentityRequest

Request message for restoring a deleted workload identity.

FieldTypeLabelDescription
namestringThe name of the deleted workload identity. Format: workloadIdentities/

UpdateWorkloadIdentityRequest

Request message for updating a workload identity.

FieldTypeLabelDescription
workload_identityWorkloadIdentityThe workload identity to update.

The workload identity's name field is used to identify the workload identity to update. Format: workloadIdentities/{email} | | update_mask | google.protobuf.FieldMask | | The list of fields to update. Supported fields: title, workload_identity_config |

WorkloadIdentity

WorkloadIdentity represents an external CI/CD workload identity.

FieldTypeLabelDescription
namestringThe name of the workload identity. Format: workloadIdentities/
stateStateThe state of the workload identity.
emailstringThe email of the workload identity. For workspace-level: {name}@workload.bytebase.com For project-level: {name}@{project-id}.workload.bytebase.com
titlestringThe display title of the workload identity.
create_timegoogle.protobuf.TimestampThe timestamp when the workload identity was created.
workload_identity_configWorkloadIdentityConfigThe workload identity configuration for OIDC token validation.

WorkloadIdentityConfig

WorkloadIdentityConfig for API layer

FieldTypeLabelDescription
provider_typeWorkloadIdentityConfig.ProviderTypePlatform type (currently only GITHUB is supported)
issuer_urlstringOIDC Issuer URL (auto-filled based on provider_type, can be overridden)
allowed_audiencesstringrepeatedAllowed audiences for token validation
subject_patternstringSubject pattern to match (e.g., "repo:owner/repo:ref:refs/heads/main")

WorkloadIdentityConfig.ProviderType

ProviderType identifies the CI/CD platform.

NameNumberDescription
PROVIDER_TYPE_UNSPECIFIED0
GITHUB1
GITLAB2

WorkloadIdentityService

WorkloadIdentityService manages workload identities for external CI/CD integrations.

Method NameRequest TypeResponse TypeDescription
CreateWorkloadIdentityCreateWorkloadIdentityRequestWorkloadIdentityCreates a new workload identity. For workspace-level: parent is workspaces/{id}, permission bb.workloadIdentities.create on workspace. For project-level: parent is projects/{project}, permission bb.workloadIdentities.create on project.
GetWorkloadIdentityGetWorkloadIdentityRequestWorkloadIdentityGets a workload identity by name. Permissions required: bb.workloadIdentities.get
ListWorkloadIdentitiesListWorkloadIdentitiesRequestListWorkloadIdentitiesResponseLists workload identities. For workspace-level: parent is workspaces/{id}, permission bb.workloadIdentities.list on workspace. For project-level: parent is projects/{project}, permission bb.workloadIdentities.list on project.
UpdateWorkloadIdentityUpdateWorkloadIdentityRequestWorkloadIdentityUpdates a workload identity. Permissions required: bb.workloadIdentities.update
DeleteWorkloadIdentityDeleteWorkloadIdentityRequest.google.protobuf.EmptyDeletes a workload identity. Permissions required: bb.workloadIdentities.delete
UndeleteWorkloadIdentityUndeleteWorkloadIdentityRequestWorkloadIdentityRestores a deleted workload identity. Permissions required: bb.workloadIdentities.undelete

Top

v1/worksheet_service.proto

BatchUpdateWorksheetOrganizerRequest

FieldTypeLabelDescription
requestsUpdateWorksheetOrganizerRequestrepeated

BatchUpdateWorksheetOrganizerResponse

FieldTypeLabelDescription
worksheet_organizersWorksheetOrganizerrepeated

CreateWorksheetRequest

FieldTypeLabelDescription
parentstringThe parent resource where this worksheet will be created. Format: projects/
worksheetWorksheetThe worksheet to create.

DeleteWorksheetRequest

FieldTypeLabelDescription
namestringThe name of the worksheet to delete. Format: projects/{project}/worksheets/

GetWorksheetRequest

FieldTypeLabelDescription
namestringThe name of the worksheet to retrieve. Format: projects/{project}/worksheets/

SearchWorksheetsRequest

FieldTypeLabelDescription
parentstringThe parent resource of the worksheets. Format: projects/
filterstringTo filter the search result. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec

Supported filter: - creator: the worksheet creator in "users/{email}" format, support "==" and "!=" operator. - starred: should be "true" or "false", filter starred/unstarred sheets, support "==" operator. - visibility: check Visibility enum in the Worksheet message for values, support "==" and "in [xx]" operator.

For example: creator == "users/{email}" creator != "users/{email}" starred == true starred == false visibility in ["PRIVATE", "PROJECT_READ", "PROJECT_WRITE"] visibility == "PRIVATE" |

SearchWorksheetsResponse

FieldTypeLabelDescription
worksheetsWorksheetrepeatedThe worksheets that matched the search criteria.

UpdateWorksheetOrganizerRequest

FieldTypeLabelDescription
organizerWorksheetOrganizerThe organizer to update.

The organizer's worksheet field is used to identify the worksheet. Format: projects/{project}/worksheets/{worksheet} | | update_mask | google.protobuf.FieldMask | | The list of fields to be updated. Fields are specified relative to the worksheet organizer. Only support update the following fields for now: - starred | | allow_missing | bool | | If set to true, and the worksheet organizer is not found, a new worksheet organizer will be created. In this situation, update_mask is ignored. |

UpdateWorksheetRequest

FieldTypeLabelDescription
worksheetWorksheetThe worksheet to update.

The worksheet's name field is used to identify the worksheet to update. Format: projects/{project}/worksheets/{worksheet} | | update_mask | google.protobuf.FieldMask | | The list of fields to be updated. Fields are specified relative to the worksheet. (e.g., title, statement; not worksheet.title or worksheet.statement) Only support update the following fields for now: - title - statement - starred - visibility |

Worksheet

FieldTypeLabelDescription
namestringThe name of the worksheet resource, generated by the server. Canonical parent is project. Format: projects/{project}/worksheets/
projectstringThe project resource name. Format: projects/
databasestringThe database resource name. Format: instances/{instance}/databases/{database} If the database parent doesn't exist, the database field is empty.
titlestringThe title of the worksheet.
creatorstringThe creator of the Worksheet. Format: users/
create_timegoogle.protobuf.TimestampThe create time of the worksheet.
update_timegoogle.protobuf.TimestampThe last update time of the worksheet.
contentbytesThe content of the worksheet. By default, it will be cut off in SearchWorksheet() method. If it doesn't match the content_size, you can use GetWorksheet() request to retrieve the full content.
content_sizeint64content_size is the full size of the content, may not match the size of the content field.
visibilityWorksheet.Visibility
starredboolstarred indicates whether the worksheet is starred by the current authenticated user.
foldersstringrepeated

WorksheetOrganizer

FieldTypeLabelDescription
worksheetstringThe name of the worksheet. Format: projects/{project}/worksheets/
starredboolstarred means if the worksheet is starred.
foldersstringrepeated

Worksheet.Visibility

NameNumberDescription
VISIBILITY_UNSPECIFIED0
PROJECT_READ1Read access in project scope, worksheet OWNER/DBA and project OWNER can read/write, other project members can read.
PROJECT_WRITE2Write access in project scope, worksheet OWNER/DBA and all members in the project can write the worksheet.
PRIVATE3Private, only worksheet OWNER can read/write.

WorksheetService

WorksheetService manages SQL worksheets for query development.

Method NameRequest TypeResponse TypeDescription
CreateWorksheetCreateWorksheetRequestWorksheetCreates a personal worksheet used in SQL Editor. Any authenticated user can create their own worksheets. Permissions required: None (authenticated users only)
GetWorksheetGetWorksheetRequestWorksheetGet a worksheet by name. The users can access this method if, - they are the creator of the worksheet; - they have bb.worksheets.get permission on the workspace; - the sheet is shared with them with PROJECT_READ and PROJECT_WRITE visibility, and they have bb.projects.get permission on the project. Permissions required: bb.worksheets.get (or creator, or project member for shared worksheets)
SearchWorksheetsSearchWorksheetsRequestSearchWorksheetsResponseSearch for worksheets. This is used for finding my worksheets or worksheets shared by other people. The sheet accessibility is the same as GetWorksheet(). Permissions required: bb.worksheets.get (or creator, or project member for shared worksheets)
UpdateWorksheetUpdateWorksheetRequestWorksheetUpdate a worksheet. The users can access this method if, - they are the creator of the worksheet; - they have bb.worksheets.manage permission on the workspace; - the sheet is shared with them with PROJECT_WRITE visibility, and they have bb.projects.get permission on the project. Permissions required: bb.worksheets.manage (or creator, or project member for PROJECT_WRITE worksheets)
UpdateWorksheetOrganizerUpdateWorksheetOrganizerRequestWorksheetOrganizerUpdate the organizer of a worksheet. The access is the same as UpdateWorksheet method. Permissions required: bb.worksheets.get (or creator, or project member for shared worksheets)
BatchUpdateWorksheetOrganizerBatchUpdateWorksheetOrganizerRequestBatchUpdateWorksheetOrganizerResponseBatch update the organizers of worksheets. The access is the same as UpdateWorksheet method. Permissions required: bb.worksheets.get (or creator, or project member for shared worksheets)
DeleteWorksheetDeleteWorksheetRequest.google.protobuf.EmptyDelete a worksheet. The access is the same as UpdateWorksheet method. Permissions required: bb.worksheets.manage (or creator, or project member for PROJECT_WRITE worksheets)

Top

v1/workspace_service.proto

GetWorkspaceRequest

FieldTypeLabelDescription
namestringThe workspace name, format: workspaces/{workspace}. Use "workspaces/-" to get the current/default workspace.

ListWorkspacesRequest

ListWorkspacesResponse

FieldTypeLabelDescription
workspacesWorkspacerepeated

UpdateWorkspaceRequest

FieldTypeLabelDescription
workspaceWorkspace
update_maskgoogle.protobuf.FieldMask

Workspace

FieldTypeLabelDescription
namestringFormat: workspaces/
titlestring
logostringThe branding logo.

WorkspaceService

WorkspaceService manages workspace-level operations and profile.

Method NameRequest TypeResponse TypeDescription
GetWorkspaceGetWorkspaceRequestWorkspaceGets a workspace by name. Supports "workspaces/-" to resolve the current workspace: - Authenticated: uses the workspace from JWT context - Self-hosted unauthenticated: returns the single workspace - SaaS unauthenticated: returns minimal response
ListWorkspacesListWorkspacesRequestListWorkspacesResponseLists all workspaces the current user is a member of.
UpdateWorkspaceUpdateWorkspaceRequestWorkspaceUpdates a workspace. Currently only title can be updated.
GetIamPolicyGetIamPolicyRequestIamPolicyRetrieves IAM policy for the workspace. Permissions required: bb.workspaces.getIamPolicy
SetIamPolicySetIamPolicyRequestIamPolicySets IAM policy for the workspace. Permissions required: bb.workspaces.setIamPolicy

Scalar Value Types

.proto TypeNotesC++JavaPythonGoC#PHPRuby
doubledoubledoublefloatfloat64doublefloatFloat
floatfloatfloatfloatfloat32floatfloatFloat
int32Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead.int32intintint32intintegerBignum or Fixnum (as required)
int64Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead.int64longint/longint64longinteger/stringBignum
uint32Uses variable-length encoding.uint32intint/longuint32uintintegerBignum or Fixnum (as required)
uint64Uses variable-length encoding.uint64longint/longuint64ulonginteger/stringBignum or Fixnum (as required)
sint32Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s.int32intintint32intintegerBignum or Fixnum (as required)
sint64Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s.int64longint/longint64longinteger/stringBignum
fixed32Always four bytes. More efficient than uint32 if values are often greater than 2^28.uint32intintuint32uintintegerBignum or Fixnum (as required)
fixed64Always eight bytes. More efficient than uint64 if values are often greater than 2^56.uint64longint/longuint64ulonginteger/stringBignum
sfixed32Always four bytes.int32intintint32intintegerBignum or Fixnum (as required)
sfixed64Always eight bytes.int64longint/longint64longinteger/stringBignum
boolboolbooleanbooleanboolboolbooleanTrueClass/FalseClass
stringA string must always contain UTF-8 encoded or 7-bit ASCII text.stringStringstr/unicodestringstringstringString (UTF-8)
bytesMay contain any arbitrary sequence of bytes.stringByteStringstr[]byteByteStringstringString (ASCII-8BIT)

Argus — 公司內部資料庫變更審計平台