@soulbatical/tetra-core 0.10.3 → 0.10.5

package/src/shared/email/migrations/003_create_gmail_accounts.sql

@@ -1,82 +0,0 @@
--- Migration: Create gmail_accounts table for OAuth2 Gmail integration
--- Used by: EmailService (gmail transport), Gmail read/search/attachment tools
--- Tokens are encrypted with AES-256-GCM (ENCRYPTION_MASTER_KEY env var)
-
-CREATE TABLE IF NOT EXISTS gmail_accounts (
-  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-
-  -- Organization scope
-  organization_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
-
-  -- User scope (supports multiple accounts per user)
-  user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE,
-
-  -- Gmail account email
-  email TEXT NOT NULL,
-
-  -- Encrypted OAuth2 tokens (AES-256-GCM)
-  access_token_encrypted TEXT NOT NULL,
-  refresh_token_encrypted TEXT NOT NULL,
-  token_expires_at TIMESTAMPTZ NOT NULL,
-
-  -- Granted scopes
-  scopes TEXT[] NOT NULL DEFAULT ARRAY[
-    'https://www.googleapis.com/auth/gmail.send',
-    'https://www.googleapis.com/auth/gmail.readonly'
-  ],
-
-  -- Status
-  is_active BOOLEAN NOT NULL DEFAULT true,
-
-  -- Timestamps
-  created_at TIMESTAMPTZ DEFAULT now(),
-  updated_at TIMESTAMPTZ DEFAULT now(),
-
-  -- One Gmail account per user+email combination
-  UNIQUE(user_id, email)
-);
-
--- Indexes
-CREATE INDEX IF NOT EXISTS gmail_accounts_org_idx ON gmail_accounts (organization_id);
-CREATE INDEX IF NOT EXISTS gmail_accounts_user_idx ON gmail_accounts (user_id);
-CREATE INDEX IF NOT EXISTS gmail_accounts_active_idx ON gmail_accounts (organization_id, is_active) WHERE is_active = true;
-
--- Updated_at trigger (uses existing function if available, creates if not)
-DO $$ BEGIN
-  CREATE OR REPLACE FUNCTION update_updated_at()
-  RETURNS TRIGGER AS $fn$
-  BEGIN
-    NEW.updated_at = now();
-    RETURN NEW;
-  END;
-  $fn$ LANGUAGE plpgsql;
-EXCEPTION WHEN duplicate_function THEN NULL;
-END $$;
-
-CREATE TRIGGER gmail_accounts_updated_at
-  BEFORE UPDATE ON gmail_accounts
-  FOR EACH ROW EXECUTE FUNCTION update_updated_at();
-
--- RLS
-ALTER TABLE gmail_accounts ENABLE ROW LEVEL SECURITY;
-
--- Read: users see their own accounts, org admins see all org accounts
-CREATE POLICY "gmail_accounts_select" ON gmail_accounts FOR SELECT USING (
-  user_id = auth.uid()
-  OR organization_id IN (
-    SELECT om.organization_id FROM organization_members om
-    WHERE om.user_id = auth.uid() AND om.role = 'admin'
-  )
-);
-
--- Write: service_role only (backend manages tokens)
-CREATE POLICY "gmail_accounts_insert_service_role" ON gmail_accounts FOR INSERT
-  WITH CHECK (auth.role() = 'service_role');
-
-CREATE POLICY "gmail_accounts_update_service_role" ON gmail_accounts FOR UPDATE
-  USING (auth.role() = 'service_role');
-
-CREATE POLICY "gmail_accounts_delete_service_role" ON gmail_accounts FOR DELETE
-  USING (auth.role() = 'service_role');
-
-COMMENT ON TABLE gmail_accounts IS 'Gmail OAuth2 accounts for email integration (send, read, search, attachments)';

package/src/shared/email/migrations/004_add_email_logs_tracking_columns.sql

@@ -1,15 +0,0 @@
--- ============================================
--- Email Logs — add tracking & categorization columns
--- Part of @soulbatical/tetra-core email module
--- ============================================
--- Adds: email_type, metadata, delivered_at, opened_at, clicked_at
--- These support Mailgun webhook tracking and email categorization.
-
-ALTER TABLE email_logs ADD COLUMN IF NOT EXISTS email_type VARCHAR(100);
-ALTER TABLE email_logs ADD COLUMN IF NOT EXISTS metadata JSONB DEFAULT '{}';
-ALTER TABLE email_logs ADD COLUMN IF NOT EXISTS delivered_at TIMESTAMPTZ;
-ALTER TABLE email_logs ADD COLUMN IF NOT EXISTS opened_at TIMESTAMPTZ;
-ALTER TABLE email_logs ADD COLUMN IF NOT EXISTS clicked_at TIMESTAMPTZ;
-
-CREATE INDEX IF NOT EXISTS idx_email_logs_email_type ON email_logs(email_type);
-CREATE INDEX IF NOT EXISTS idx_email_logs_to_email ON email_logs(to_email);

package/src/shared/mcp/migrations/001_mcp_api_tokens.sql

@@ -1,21 +0,0 @@
--- MCP API tokens for online MCP access
--- Each token is linked to an organization for multi-tenant isolation
--- Token is stored as SHA-256 hash, never plaintext
-
-CREATE TABLE IF NOT EXISTS public.mcp_api_tokens (
-  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-  organization_id UUID NOT NULL REFERENCES organizations(id),
-  token_hash TEXT NOT NULL UNIQUE,
-  name TEXT NOT NULL DEFAULT 'Default',
-  created_by UUID REFERENCES auth.users(id),
-  is_active BOOLEAN NOT NULL DEFAULT true,
-  last_used_at TIMESTAMPTZ,
-  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-  revoked_at TIMESTAMPTZ
-);
-
-ALTER TABLE public.mcp_api_tokens ENABLE ROW LEVEL SECURITY;
-CREATE POLICY "Service role full access" ON public.mcp_api_tokens
-  FOR ALL TO service_role USING (true) WITH CHECK (true);
-CREATE INDEX IF NOT EXISTS idx_mcp_api_tokens_hash ON public.mcp_api_tokens(token_hash);
-CREATE INDEX IF NOT EXISTS idx_mcp_api_tokens_org ON public.mcp_api_tokens(organization_id);

package/src/shared/mcp/migrations/002_mcp_audit_log.sql

@@ -1,16 +0,0 @@
--- MCP audit log for tracking tool usage per token/organization
-
-CREATE TABLE IF NOT EXISTS public.mcp_audit_log (
-  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-  token_id UUID REFERENCES mcp_api_tokens(id),
-  organization_id UUID NOT NULL REFERENCES organizations(id),
-  tool_name TEXT NOT NULL,
-  created_at TIMESTAMPTZ NOT NULL DEFAULT now()
-);
-
-ALTER TABLE public.mcp_audit_log ENABLE ROW LEVEL SECURITY;
-CREATE POLICY "Service role full access" ON public.mcp_audit_log
-  FOR ALL TO service_role USING (true) WITH CHECK (true);
-CREATE INDEX IF NOT EXISTS idx_mcp_audit_log_org ON public.mcp_audit_log(organization_id);
-CREATE INDEX IF NOT EXISTS idx_mcp_audit_log_token ON public.mcp_audit_log(token_id);
-CREATE INDEX IF NOT EXISTS idx_mcp_audit_log_created ON public.mcp_audit_log(created_at DESC);