tiennm99/bsk - bsk - Gitea: Git with a cup of tea

tiennm99/bsk

Fork 0

mirror of https://github.com/tiennm99/bsk.git synced 2026-06-17 02:47:53 +00:00

Commit Graph

Author	SHA1	Message	Date
tiennm99	0a08f80450	feat(phase-1): db schema init (bsk_init migration + roles) - supabase/migrations/20260525163300_bsk_init.sql: bsk schema, app_role enum, app_users enrollment table, current_role() SECURITY DEFINER STABLE helper, RLS enabled with two SELECT policies (own row + admin) - types/supabase-bsk.ts: hand-written placeholder mirroring canonical supabase gen output; regenerate via pnpm db:gen-types after migration applied - lib/db/roles.ts: appRoles tuple + AppRole union + satisfies guard against generated enum + isAppRole type guard - package.json: db:gen-types script - README: one-line note on regenerating types after db:push - plans/: include phase 02/04/06 detail files alongside the existing 01/03/05 (planner output that wasn't committed with the trim)	2026-05-25 17:23:08 +07:00
tiennm99	eeda68c34a	chore(ci): add NEXT_PUBLIC_=sb_secret_ leak guard Defense-in-depth check that fails the build (and the local pre-push workflow) if a server secret value is assigned to a NEXT_PUBLIC_* variable — those get bundled into the browser by Next.js. - scripts/check-no-secret-leak.mjs: git grep for the assignment shape, excluding lockfiles and the script itself - package.json: pnpm check:no-secret-leak - .github/workflows/ci.yml: run the guard right after install, before format/lint/typecheck/build - docs/threat-model.md: close the last Unresolved item	2026-05-25 16:19:43 +07:00
tiennm99	0393ddf6ec	docs(infra): add shared-supabase config, restore runbook, threat model, db preflight - docs/supabase-shared-config.md: registry of project-wide Supabase settings (auth, JWT, email, keys, storage, realtime) shared across sibling apps; change-coordination protocol - docs/runbooks/restore-from-bad-migration.md: per-schema recovery via pg_dump --schema=bsk that avoids project-wide PITR (which would also wipe sibling apps) - docs/threat-model.md: trust model, sibling-app invite-only policy (mitigates auth.users blast radius), R1-R8 residual risks, unresolved questions for Phase 1 - scripts/preflight-supabase.ts: refuses 'supabase db push' unless the linked project ref is in ALLOWED_PROJECT_REFS; wired via pnpm db:push - package.json: tsx devDep, db:preflight + db:push scripts - pnpm-workspace.yaml: allowBuilds esbuild=true (required for tsx)	2026-05-25 15:57:10 +07:00

Author

SHA1

Message

Date

tiennm99

0a08f80450

feat(phase-1): db schema init (bsk_init migration + roles)

- supabase/migrations/20260525163300_bsk_init.sql: bsk schema, app_role
  enum, app_users enrollment table, current_role() SECURITY DEFINER
  STABLE helper, RLS enabled with two SELECT policies (own row + admin)
- types/supabase-bsk.ts: hand-written placeholder mirroring canonical
  supabase gen output; regenerate via pnpm db:gen-types after migration
  applied
- lib/db/roles.ts: appRoles tuple + AppRole union + satisfies guard
  against generated enum + isAppRole type guard
- package.json: db:gen-types script
- README: one-line note on regenerating types after db:push
- plans/: include phase 02/04/06 detail files alongside the existing
  01/03/05 (planner output that wasn't committed with the trim)

2026-05-25 17:23:08 +07:00

tiennm99

eeda68c34a

chore(ci): add NEXT_PUBLIC_*=sb_secret_* leak guard

Defense-in-depth check that fails the build (and the local pre-push
workflow) if a server secret value is assigned to a NEXT_PUBLIC_*
variable — those get bundled into the browser by Next.js.

- scripts/check-no-secret-leak.mjs: git grep for the assignment shape,
  excluding lockfiles and the script itself
- package.json: pnpm check:no-secret-leak
- .github/workflows/ci.yml: run the guard right after install, before
  format/lint/typecheck/build
- docs/threat-model.md: close the last Unresolved item

2026-05-25 16:19:43 +07:00

tiennm99

0393ddf6ec

docs(infra): add shared-supabase config, restore runbook, threat model, db preflight

- docs/supabase-shared-config.md: registry of project-wide Supabase
  settings (auth, JWT, email, keys, storage, realtime) shared across
  sibling apps; change-coordination protocol
- docs/runbooks/restore-from-bad-migration.md: per-schema recovery via
  pg_dump --schema=bsk that avoids project-wide PITR (which would also
  wipe sibling apps)
- docs/threat-model.md: trust model, sibling-app invite-only policy
  (mitigates auth.users blast radius), R1-R8 residual risks, unresolved
  questions for Phase 1
- scripts/preflight-supabase.ts: refuses 'supabase db push' unless the
  linked project ref is in ALLOWED_PROJECT_REFS; wired via pnpm db:push
- package.json: tsx devDep, db:preflight + db:push scripts
- pnpm-workspace.yaml: allowBuilds esbuild=true (required for tsx)

2026-05-25 15:57:10 +07:00

3 Commits