Prisma Schema Reference
The Prisma database stores merchant settings, scan jobs, and threat results. This document describes the key models.
Core Models
Session
Shopify session storage (managed by @shopify/shopify-app-session-storage-prisma).
model Session {
id String @id
shop String
state String
isOnline Boolean @default(false)
scope String?
expires DateTime?
accessToken String
userId BigInt?
firstName String?
lastName String?
email String?
accountOwner Boolean @default(false)
locale String?
collaborator Boolean? @default(false)
emailVerified Boolean? @default(false)
}
MerchantSettings
Central settings and billing state per shop.
model MerchantSettings {
id String @id @default(cuid())
shop String @unique
// Billing
plan String @default("free")
billingStatus String @default("active")
subscriptionId String?
currentPeriodStart DateTime?
currentPeriodEnd DateTime?
trialStartedAt DateTime?
trialEndsAt DateTime?
// Protection settings
protectionRightClick Boolean @default(true)
protectionCopy Boolean @default(true)
protectionDevTools Boolean @default(false)
protectionViewSource Boolean @default(false)
protectionImages Boolean @default(true)
protectionTextSelection Boolean @default(false)
// Feature flags
botDetectionEnabled Boolean @default(false)
spyDetectionEnabled Boolean @default(false)
ipBlockingEnabled Boolean @default(false)
// Injection method
injectionMethod String @default("app_embed")
scriptTagId String?
// Dismissed UI elements
dismissedBanners String[] @default([])
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
IP Blocking
IPBlockingConfig
IP/country blocking rules.
model IPBlockingConfig {
id String @id @default(cuid())
shop String @unique
enabled Boolean @default(false)
blockedIPs String[] @default([])
blockedCIDRs String[] @default([])
blockedCountries String[] @default([])
allowedIPs String[] @default([])
blockVPN Boolean @default(false)
blockDatacenter Boolean @default(false)
blockTor Boolean @default(false)
updatedAt DateTime @updatedAt
}
Fraud Detection
FraudOrder
Fraud-flagged orders from Shopify webhooks.
model FraudOrder {
id String @id @default(cuid())
shop String
shopifyOrderId String
orderNumber String
// Risk assessment
riskLevel String // low, medium, high, critical
riskScore Int
riskSignals String[]
// Order details
email String?
customerName String?
totalPrice Decimal?
currency String?
// Visitor correlation
visitorId String?
sessionId String?
visitorSessionIds String[] @default([])
// Status
status String @default("pending") // pending, reviewed, confirmed_fraud, false_positive
reviewedAt DateTime?
reviewNote String?
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
@@unique([shop, shopifyOrderId])
}
Scanning Models
ProductScanJob
Background scan job for threat detection.
model ProductScanJob {
id String @id @default(cuid())
shop String
// Status
status String @default("pending") // pending, processing, completed, failed
claimedBy String?
claimedAt DateTime?
completedAt DateTime?
error String?
retryCount Int @default(0)
// Products scanned
products ScannedProduct[]
// Results
phishingDomains PhishingDomain[]
marketplaceThreats MarketplaceThreat[]
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
ScannedProduct
Individual product being scanned.
model ScannedProduct {
id String @id @default(cuid())
productScanJobId String
productScanJob ProductScanJob @relation(fields: [productScanJobId], references: [id])
shopifyProductId String
title String
handle String
imageUrl String?
price Decimal?
vendor String?
createdAt DateTime @default(now())
}
Phishing Detection
PhishingDomain
Detected phishing domains.
model PhishingDomain {
id String @id @default(cuid())
shop String
productScanJobId String?
productScanJob ProductScanJob? @relation(fields: [productScanJobId], references: [id])
domain String
status String @default("pending") // pending, active, taken_down, false_positive, safe
confidence Int
signals String[]
// WHOIS data
registrar String?
createdDate DateTime?
expiresDate DateTime?
privacyProtected Boolean?
// Analysis
contentSimilarity Float?
logoSimilarity Float?
firstSeen DateTime @default(now())
lastChecked DateTime @default(now())
@@unique([shop, domain])
}
PhishingWhitelist
Domains marked as safe.
model PhishingWhitelist {
id String @id @default(cuid())
shop String
domain String
reason String?
createdAt DateTime @default(now())
@@unique([shop, domain])
}
Marketplace Monitoring
MarketplaceThreat
Detected counterfeit listings.
model MarketplaceThreat {
id String @id @default(cuid())
shop String
productScanJobId String?
// Source
platform String // amazon, ebay, walmart, etsy, aliexpress
listingUrl String
listingTitle String
listingPrice Decimal?
sellerName String?
sellerRating Float?
// Match data
matchedProductId String?
matchScore Float
// Assessment
threatType String // counterfeit, gray_market, unauthorized
confidence Int
signals String[]
// Status
status String @default("pending") // pending, confirmed, taken_down, false_positive
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
Takedowns
Takedown
DMCA takedown requests.
model Takedown {
id String @id @default(cuid())
shop String
// Target
targetUrl String
targetPlatform String
targetType String // counterfeit, phishing, trademark
// Status
status String @default("draft") // draft, sent, pending, completed, rejected
sentAt DateTime?
responseAt DateTime?
responseNote String?
// Evidence
evidenceUrls String[]
originalProductUrl String?
// Notice details
noticeType String @default("dmca") // dmca, trademark, platform_specific
noticeContent String?
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
Alerts
AlertConfig
Alert configuration per shop.
model AlertConfig {
id String @id @default(cuid())
shop String @unique
// Email alerts
emailEnabled Boolean @default(true)
emailAddresses String[]
// Webhook alerts
webhookEnabled Boolean @default(false)
webhookUrl String?
// Alert types
alertOnBot Boolean @default(true)
alertOnSpy Boolean @default(true)
alertOnPhishing Boolean @default(true)
alertOnCounterfeit Boolean @default(true)
alertOnFraud Boolean @default(true)
// Frequency
digestFrequency String @default("realtime") // realtime, daily, weekly
updatedAt DateTime @updatedAt
}
AlertLog
Sent alert history.
model AlertLog {
id String @id @default(cuid())
shop String
alertType String
channel String // email, webhook
recipient String
content String?
status String // sent, failed
error String?
sentAt DateTime @default(now())
}
Feedback
Feedback
User feedback and bug reports.
model Feedback {
id String @id @default(cuid())
shop String
type String // bug, feature, nps, general
message String
rating Int? // 1-10 for NPS
email String?
status String @default("new")
createdAt DateTime @default(now())
}
Feature
Feature request tracking.
model Feature {
id String @id @default(cuid())
title String
description String?
status String @default("proposed") // proposed, planned, in_progress, released
votes Int @default(0)
createdAt DateTime @default(now())
}