mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 23:41:08 +02:00
698ffe797c
Groundwork for server-side Space extensions that must NOT live in Dexie:
- spaces.credentials — per-space OAuth tokens, API keys, SMTP
configs. Access tokens are stored
encrypted at rest with the service KEK.
- spaces.module_permissions — role × module read/write/admin overrides
on top of the SPACE_MODULE_ALLOWLIST
defaults.
Both tables FK to auth.organizations with ON DELETE CASCADE so deleting
a space drops its credentials and permission overrides automatically.
RLS is intentionally deferred — enabling it now would lock out services
that don't yet pass space context. A follow-up migration turns it on
after mana-api speaks the Spaces protocol end-to-end.
To apply locally: bun run db:push in services/mana-auth, or psql -f
sql/004_spaces.sql against the mana_platform DB.
No runtime code reads these tables yet — they're the scaffolding that
Task-8 (mana-sync) and the eventual social-relay/clubs modules will
consume.
Plan: docs/plans/spaces-foundation.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| mana-ai | ||
| mana-analytics | ||
| mana-api-gateway | ||
| mana-auth | ||
| mana-crawler | ||
| mana-credits | ||
| mana-events | ||
| mana-geocoding | ||
| mana-image-gen | ||
| mana-landing-builder | ||
| mana-llm | ||
| mana-mail | ||
| mana-media | ||
| mana-notify | ||
| mana-research | ||
| mana-search | ||
| mana-stt | ||
| mana-subscriptions | ||
| mana-sync | ||
| mana-tts | ||
| mana-user | ||
| mana-video-gen | ||
| mana-voice-bot | ||
| news-ingester | ||