@soulbatical/tetra-core 0.10.4 → 0.11.0

package/src/shared/affiliate/migrations/002_create_affiliate_commissions.sql

@@ -1,31 +0,0 @@
--- ============================================================================
--- Affiliate Module: affiliate_commissions table
--- Template from @soulbatical/tetra-core
--- ============================================================================
-
-CREATE TABLE IF NOT EXISTS public.affiliate_commissions (
-  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  organization_id uuid NOT NULL REFERENCES public.organizations(id),
-  affiliate_id uuid NOT NULL REFERENCES public.affiliates(id) ON DELETE CASCADE,
-  order_id uuid NOT NULL,
-  affiliate_source text NOT NULL DEFAULT 'internal',
-  external_click_ref text,
-  product_name text NOT NULL DEFAULT 'Order',
-  order_amount_excl_vat numeric NOT NULL,
-  commission_percentage numeric NOT NULL,
-  commission_amount numeric NOT NULL,
-  status text NOT NULL DEFAULT 'pending',
-  approved_at timestamptz,
-  approved_by uuid REFERENCES public.users_public(id),
-  paid_at timestamptz,
-  payment_id uuid,
-  notes text,
-  created_at timestamptz DEFAULT now(),
-  updated_at timestamptz DEFAULT now()
-);
-
--- Indexes
-CREATE INDEX IF NOT EXISTS idx_affiliate_commissions_org_id ON public.affiliate_commissions(organization_id);
-CREATE INDEX IF NOT EXISTS idx_affiliate_commissions_affiliate ON public.affiliate_commissions(affiliate_id);
-CREATE INDEX IF NOT EXISTS idx_affiliate_commissions_order ON public.affiliate_commissions(order_id);
-CREATE INDEX IF NOT EXISTS idx_affiliate_commissions_status ON public.affiliate_commissions(status);

package/src/shared/affiliate/migrations/003_create_affiliate_clicks.sql

@@ -1,26 +0,0 @@
--- ============================================================================
--- Affiliate Module: affiliate_clicks table
--- Template from @soulbatical/tetra-core
--- ============================================================================
-
-CREATE TABLE IF NOT EXISTS public.affiliate_clicks (
-  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  organization_id uuid REFERENCES public.organizations(id),
-  affiliate_id uuid REFERENCES public.affiliates(id) ON DELETE SET NULL,
-  visitor_ip text,
-  visitor_country text,
-  user_agent text,
-  referrer_url text,
-  landing_page text,
-  affiliate_source text NOT NULL DEFAULT 'internal',
-  external_click_ref text,
-  converted boolean DEFAULT false,
-  order_id uuid,
-  conversion_time_hours integer,
-  clicked_at timestamptz DEFAULT now()
-);
-
--- Indexes
-CREATE INDEX IF NOT EXISTS idx_affiliate_clicks_org_id ON public.affiliate_clicks(organization_id);
-CREATE INDEX IF NOT EXISTS idx_affiliate_clicks_affiliate ON public.affiliate_clicks(affiliate_id);
-CREATE INDEX IF NOT EXISTS idx_affiliate_clicks_converted ON public.affiliate_clicks(converted);

package/src/shared/affiliate/migrations/004_create_affiliate_payments.sql

@@ -1,34 +0,0 @@
--- ============================================================================
--- Affiliate Module: affiliate_payments table
--- Template from @soulbatical/tetra-core
--- ============================================================================
-
-CREATE TABLE IF NOT EXISTS public.affiliate_payments (
-  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  organization_id uuid NOT NULL REFERENCES public.organizations(id),
-  affiliate_id uuid NOT NULL REFERENCES public.affiliates(id) ON DELETE CASCADE,
-  payment_amount numeric NOT NULL,
-  payment_date date NOT NULL,
-  payment_method text,
-  payment_reference text,
-  commission_ids uuid[] NOT NULL,
-  notes text,
-  created_at timestamptz DEFAULT now()
-);
-
--- Add FK from commissions to payments (after payments table exists)
-DO $$
-BEGIN
-  IF NOT EXISTS (
-    SELECT 1 FROM information_schema.table_constraints
-    WHERE constraint_name = 'affiliate_commissions_payment_id_fkey'
-  ) THEN
-    ALTER TABLE public.affiliate_commissions
-      ADD CONSTRAINT affiliate_commissions_payment_id_fkey
-      FOREIGN KEY (payment_id) REFERENCES public.affiliate_payments(id);
-  END IF;
-END $$;
-
--- Indexes
-CREATE INDEX IF NOT EXISTS idx_affiliate_payments_org_id ON public.affiliate_payments(organization_id);
-CREATE INDEX IF NOT EXISTS idx_affiliate_payments_affiliate ON public.affiliate_payments(affiliate_id);

package/src/shared/affiliate/migrations/005_create_affiliate_tier_history.sql

@@ -1,19 +0,0 @@
--- ============================================================================
--- Affiliate Module: affiliate_tier_history table
--- Template from @soulbatical/tetra-core
--- ============================================================================
-
-CREATE TABLE IF NOT EXISTS public.affiliate_tier_history (
-  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  affiliate_id uuid NOT NULL REFERENCES public.affiliates(id) ON DELETE CASCADE,
-  old_tier text NOT NULL,
-  new_tier text NOT NULL,
-  old_commission_percentage numeric NOT NULL,
-  new_commission_percentage numeric NOT NULL,
-  reason text,
-  triggered_by_sale_count integer,
-  changed_at timestamptz DEFAULT now()
-);
-
--- Indexes
-CREATE INDEX IF NOT EXISTS idx_affiliate_tier_history_affiliate ON public.affiliate_tier_history(affiliate_id);

package/src/shared/affiliate/migrations/006_create_affiliate_rpc_functions.sql

@@ -1,209 +0,0 @@
--- ============================================================================
--- Affiliate Module: RPC functions
--- Template from @soulbatical/tetra-core
---
--- NOTE: These are template functions. Projects should generate their own
--- using `npm run generate:rpc affiliates` from the featureConfig, which
--- produces optimized SQL matching the project's exact filter/count setup.
---
--- These templates provide a working baseline.
--- ============================================================================
-
--- ─── Results Function ─────────────────────────────────────────
-
-DROP FUNCTION IF EXISTS public.get_affiliates_results;
-
-CREATE OR REPLACE FUNCTION public.get_affiliates_results(
-  p_org_id uuid DEFAULT NULL,
-  p_ids uuid[] DEFAULT NULL,
-  p_status text DEFAULT NULL,
-  p_tier text DEFAULT NULL,
-  p_search text DEFAULT NULL,
-  p_has_user text DEFAULT NULL,
-  p_time_period text DEFAULT NULL,
-  p_limit int DEFAULT 20,
-  p_offset int DEFAULT 0,
-  p_sort_by text DEFAULT 'date-desc'
-)
-RETURNS TABLE (
-  data jsonb,
-  total_count bigint
-)
-LANGUAGE plpgsql
-STABLE
-SECURITY DEFINER
-SET search_path = ''
-AS $$
-DECLARE
-  v_is_service_role boolean := (
-    auth.role() = 'service_role'
-    OR session_user = 'postgres'
-  );
-BEGIN
-  IF NOT v_is_service_role THEN
-    IF NOT EXISTS (SELECT 1 FROM public.auth_admin_organizations()) THEN
-      RAISE EXCEPTION 'Access denied: authentication required'
-        USING ERRCODE = '42501';
-    END IF;
-    IF p_org_id IS NOT NULL AND p_org_id NOT IN (SELECT public.auth_admin_organizations()) THEN
-      RAISE EXCEPTION 'Access denied: not authorized for organization %', p_org_id
-        USING ERRCODE = '42501';
-    END IF;
-  END IF;
-
-  RETURN QUERY
-  WITH results AS (
-    SELECT
-      a.*,
-      COUNT(*) OVER() as total_count
-    FROM public.affiliates a
-    WHERE (p_org_id IS NULL OR a.organization_id = p_org_id OR a.organization_id IS NULL)
-      AND (p_ids IS NULL OR a.id = ANY(p_ids))
-      AND (p_status IS NULL OR p_status = 'all' OR a.status::text = p_status)
-      AND (p_tier IS NULL OR p_tier = 'all' OR a.tier::text = p_tier)
-      AND (
-        p_search IS NULL OR p_search = '' OR p_search = 'all'
-        OR a.contact_name ILIKE '%' || p_search || '%'
-        OR a.email ILIKE '%' || p_search || '%'
-        OR a.company_name ILIKE '%' || p_search || '%'
-        OR a.referral_code ILIKE '%' || p_search || '%'
-      )
-      AND (
-        p_has_user IS NULL OR p_has_user = 'all'
-        OR (p_has_user = 'with' AND a.user_id IS NOT NULL)
-        OR (p_has_user = 'without' AND a.user_id IS NULL)
-      )
-      AND (
-        p_time_period IS NULL OR p_time_period = 'all'
-        OR (p_time_period = 'today' AND a.created_at >= CURRENT_DATE)
-        OR (p_time_period = 'this_week' AND a.created_at >= CURRENT_DATE - INTERVAL '7 days')
-        OR (p_time_period = 'this_month' AND a.created_at >= CURRENT_DATE - INTERVAL '30 days')
-        OR (p_time_period = 'older' AND a.created_at >= CURRENT_DATE - INTERVAL '90 days')
-      )
-      AND (
-        v_is_service_role
-        OR a.organization_id IN (SELECT public.auth_admin_organizations())
-        OR a.organization_id IS NULL
-      )
-    ORDER BY
-      CASE WHEN p_sort_by = 'date-desc' THEN a.created_at END DESC NULLS LAST,
-      CASE WHEN p_sort_by = 'date-asc' THEN a.created_at END ASC NULLS LAST,
-      CASE WHEN p_sort_by = 'name-asc' THEN LOWER(a.contact_name) END ASC NULLS LAST,
-      CASE WHEN p_sort_by = 'name-desc' THEN LOWER(a.contact_name) END DESC NULLS LAST,
-      CASE WHEN p_sort_by = 'sales-desc' THEN a.total_sales END DESC NULLS LAST,
-      CASE WHEN p_sort_by = 'sales-asc' THEN a.total_sales END ASC NULLS LAST,
-      CASE WHEN p_sort_by = 'revenue-desc' THEN a.total_revenue END DESC NULLS LAST,
-      CASE WHEN p_sort_by = 'revenue-asc' THEN a.total_revenue END ASC NULLS LAST,
-      CASE WHEN p_sort_by = 'commission-desc' THEN a.total_commission_earned END DESC NULLS LAST,
-      CASE WHEN p_sort_by = 'commission-asc' THEN a.total_commission_earned END ASC NULLS LAST,
-      a.created_at DESC
-    LIMIT p_limit
-    OFFSET p_offset
-  )
-  SELECT
-    to_jsonb(results.*) - 'total_count' as data,
-    results.total_count
-  FROM results;
-END;
-$$;
-
--- ─── Counts Function ──────────────────────────────────────────
-
-DROP FUNCTION IF EXISTS public.get_affiliates_counts;
-
-CREATE OR REPLACE FUNCTION public.get_affiliates_counts(
-  p_org_id uuid DEFAULT NULL,
-  p_ids uuid[] DEFAULT NULL,
-  p_status text DEFAULT NULL,
-  p_tier text DEFAULT NULL,
-  p_search text DEFAULT NULL,
-  p_has_user text DEFAULT NULL,
-  p_time_period text DEFAULT NULL
-)
-RETURNS jsonb
-LANGUAGE plpgsql
-STABLE
-SECURITY DEFINER
-SET search_path = ''
-AS $$
-DECLARE
-  result jsonb;
-  v_is_service_role boolean := (
-    auth.role() = 'service_role'
-    OR session_user = 'postgres'
-  );
-BEGIN
-  IF NOT v_is_service_role THEN
-    IF NOT EXISTS (SELECT 1 FROM public.auth_admin_organizations()) THEN
-      RAISE EXCEPTION 'Access denied: authentication required'
-        USING ERRCODE = '42501';
-    END IF;
-    IF p_org_id IS NOT NULL AND p_org_id NOT IN (SELECT public.auth_admin_organizations()) THEN
-      RAISE EXCEPTION 'Access denied: not authorized for organization %', p_org_id
-        USING ERRCODE = '42501';
-    END IF;
-  END IF;
-
-  WITH filtered_items AS (
-    SELECT a.*
-    FROM public.affiliates a
-    WHERE (p_org_id IS NULL OR a.organization_id = p_org_id OR a.organization_id IS NULL)
-      AND (p_ids IS NULL OR a.id = ANY(p_ids))
-      AND (p_status IS NULL OR p_status = 'all' OR a.status::text = p_status)
-      AND (p_tier IS NULL OR p_tier = 'all' OR a.tier::text = p_tier)
-      AND (
-        p_search IS NULL OR p_search = '' OR p_search = 'all'
-        OR a.contact_name ILIKE '%' || p_search || '%'
-        OR a.email ILIKE '%' || p_search || '%'
-        OR a.company_name ILIKE '%' || p_search || '%'
-        OR a.referral_code ILIKE '%' || p_search || '%'
-      )
-      AND (
-        p_has_user IS NULL OR p_has_user = 'all'
-        OR (p_has_user = 'with' AND a.user_id IS NOT NULL)
-        OR (p_has_user = 'without' AND a.user_id IS NULL)
-      )
-      AND (
-        p_time_period IS NULL OR p_time_period = 'all'
-        OR (p_time_period = 'today' AND a.created_at >= CURRENT_DATE)
-        OR (p_time_period = 'this_week' AND a.created_at >= CURRENT_DATE - INTERVAL '7 days')
-        OR (p_time_period = 'this_month' AND a.created_at >= CURRENT_DATE - INTERVAL '30 days')
-        OR (p_time_period = 'older' AND a.created_at >= CURRENT_DATE - INTERVAL '90 days')
-      )
-      AND (
-        v_is_service_role
-        OR a.organization_id IN (SELECT public.auth_admin_organizations())
-        OR a.organization_id IS NULL
-      )
-  )
-  SELECT jsonb_build_object(
-    'total', (SELECT COUNT(*)::int FROM filtered_items),
-    'byStatus', (
-      SELECT jsonb_object_agg(status_value, cnt) FROM (
-        SELECT 'pending' as status_value, COUNT(*)::int as cnt FROM filtered_items WHERE status::text = 'pending'
-        UNION ALL SELECT 'active', COUNT(*)::int FROM filtered_items WHERE status::text = 'active'
-        UNION ALL SELECT 'inactive', COUNT(*)::int FROM filtered_items WHERE status::text = 'inactive'
-        UNION ALL SELECT 'rejected', COUNT(*)::int FROM filtered_items WHERE status::text = 'rejected'
-      ) subquery
-    ),
-    'byTier', (
-      SELECT jsonb_object_agg(tier_value, cnt) FROM (
-        SELECT 'starter' as tier_value, COUNT(*)::int as cnt FROM filtered_items WHERE tier::text = 'starter'
-        UNION ALL SELECT 'active', COUNT(*)::int FROM filtered_items WHERE tier::text = 'active'
-      ) subquery
-    ),
-    'byUserAccount', jsonb_build_object(
-      'with', (SELECT COUNT(*)::int FROM filtered_items WHERE user_id IS NOT NULL),
-      'without', (SELECT COUNT(*)::int FROM filtered_items WHERE user_id IS NULL)
-    ),
-    'byTimePeriod', jsonb_build_object(
-      'today', (SELECT COUNT(*)::int FROM filtered_items WHERE created_at >= CURRENT_DATE),
-      'this_week', (SELECT COUNT(*)::int FROM filtered_items WHERE created_at >= CURRENT_DATE - INTERVAL '7 days'),
-      'this_month', (SELECT COUNT(*)::int FROM filtered_items WHERE created_at >= CURRENT_DATE - INTERVAL '30 days'),
-      'older', (SELECT COUNT(*)::int FROM filtered_items WHERE created_at >= CURRENT_DATE - INTERVAL '90 days')
-    )
-  ) INTO result;
-
-  RETURN result;
-END;
-$$;

package/src/shared/affiliate/migrations/007_create_affiliate_rls_policies.sql

@@ -1,123 +0,0 @@
--- ============================================================================
--- Affiliate Module: RLS Policies
--- Template from @soulbatical/tetra-core
--- Multi-tenant: all policies filter by organization_id
--- ============================================================================
-
--- Enable RLS on all affiliate tables
-ALTER TABLE public.affiliates ENABLE ROW LEVEL SECURITY;
-ALTER TABLE public.affiliate_commissions ENABLE ROW LEVEL SECURITY;
-ALTER TABLE public.affiliate_clicks ENABLE ROW LEVEL SECURITY;
-ALTER TABLE public.affiliate_payments ENABLE ROW LEVEL SECURITY;
-ALTER TABLE public.affiliate_tier_history ENABLE ROW LEVEL SECURITY;
-
--- ─── affiliates ───────────────────────────────────────────────
-
--- Admin: full access within organization
-CREATE POLICY "Admin: full access to affiliates"
-  ON public.affiliates
-  FOR ALL
-  TO authenticated
-  USING (organization_id IN (SELECT public.auth_admin_organizations()))
-  WITH CHECK (organization_id IN (SELECT public.auth_admin_organizations()));
-
--- User: read own affiliate record
-CREATE POLICY "User: read own affiliate"
-  ON public.affiliates
-  FOR SELECT
-  TO authenticated
-  USING (user_id = auth.uid());
-
--- Service role: bypass RLS
-CREATE POLICY "Service role: full access to affiliates"
-  ON public.affiliates
-  FOR ALL
-  TO service_role
-  USING (true)
-  WITH CHECK (true);
-
--- ─── affiliate_commissions ────────────────────────────────────
-
-CREATE POLICY "Admin: full access to affiliate_commissions"
-  ON public.affiliate_commissions
-  FOR ALL
-  TO authenticated
-  USING (organization_id IN (SELECT public.auth_admin_organizations()))
-  WITH CHECK (organization_id IN (SELECT public.auth_admin_organizations()));
-
--- User: read own commissions (via affiliate)
-CREATE POLICY "User: read own commissions"
-  ON public.affiliate_commissions
-  FOR SELECT
-  TO authenticated
-  USING (
-    affiliate_id IN (
-      SELECT id FROM public.affiliates WHERE user_id = auth.uid()
-    )
-  );
-
-CREATE POLICY "Service role: full access to affiliate_commissions"
-  ON public.affiliate_commissions
-  FOR ALL
-  TO service_role
-  USING (true)
-  WITH CHECK (true);
-
--- ─── affiliate_clicks ─────────────────────────────────────────
-
-CREATE POLICY "Admin: full access to affiliate_clicks"
-  ON public.affiliate_clicks
-  FOR ALL
-  TO authenticated
-  USING (organization_id IN (SELECT public.auth_admin_organizations()))
-  WITH CHECK (organization_id IN (SELECT public.auth_admin_organizations()));
-
--- Public: insert clicks (anonymous tracking)
-CREATE POLICY "Public: insert affiliate clicks"
-  ON public.affiliate_clicks
-  FOR INSERT
-  TO anon
-  WITH CHECK (true);
-
-CREATE POLICY "Service role: full access to affiliate_clicks"
-  ON public.affiliate_clicks
-  FOR ALL
-  TO service_role
-  USING (true)
-  WITH CHECK (true);
-
--- ─── affiliate_payments ───────────────────────────────────────
-
-CREATE POLICY "Admin: full access to affiliate_payments"
-  ON public.affiliate_payments
-  FOR ALL
-  TO authenticated
-  USING (organization_id IN (SELECT public.auth_admin_organizations()))
-  WITH CHECK (organization_id IN (SELECT public.auth_admin_organizations()));
-
-CREATE POLICY "Service role: full access to affiliate_payments"
-  ON public.affiliate_payments
-  FOR ALL
-  TO service_role
-  USING (true)
-  WITH CHECK (true);
-
--- ─── affiliate_tier_history ───────────────────────────────────
-
-CREATE POLICY "Admin: read affiliate tier history"
-  ON public.affiliate_tier_history
-  FOR SELECT
-  TO authenticated
-  USING (
-    affiliate_id IN (
-      SELECT id FROM public.affiliates
-      WHERE organization_id IN (SELECT public.auth_admin_organizations())
-    )
-  );
-
-CREATE POLICY "Service role: full access to affiliate_tier_history"
-  ON public.affiliate_tier_history
-  FOR ALL
-  TO service_role
-  USING (true)
-  WITH CHECK (true);

package/src/shared/billing/migrations/00000000000001_billing.sql

@@ -1,114 +0,0 @@
--- Tetra Billing Module — Subscriptions + Events
--- Copy this migration into your project's supabase/migrations/ directory.
---
--- Prerequisites:
--- - organizations table with: id (uuid PK), plan (text), stripe_customer_id (text)
--- - update_updated_at() trigger function
-
--- ─── Add billing columns to organizations (if not present) ──
-DO $$ BEGIN
-  ALTER TABLE organizations ADD COLUMN IF NOT EXISTS plan text NOT NULL DEFAULT 'free';
-  ALTER TABLE organizations ADD COLUMN IF NOT EXISTS stripe_customer_id text UNIQUE;
-  ALTER TABLE organizations ADD COLUMN IF NOT EXISTS mollie_customer_id text UNIQUE;
-EXCEPTION WHEN OTHERS THEN NULL;
-END $$;
-
--- ─── Subscriptions ──────────────────────────────────────────
-CREATE TABLE IF NOT EXISTS subscriptions (
-  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  organization_id uuid NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
-  provider text NOT NULL CHECK (provider IN ('stripe', 'mollie')),
-  external_subscription_id text,
-  external_customer_id text,
-  plan text NOT NULL,
-  billing_cycle text NOT NULL DEFAULT 'monthly' CHECK (billing_cycle IN ('monthly', 'yearly')),
-  price_amount_cents integer NOT NULL DEFAULT 0,
-  status text NOT NULL DEFAULT 'active'
-    CHECK (status IN ('trialing', 'active', 'past_due', 'canceled', 'unpaid')),
-  trial_end timestamptz,
-  current_period_start timestamptz NOT NULL DEFAULT now(),
-  current_period_end timestamptz NOT NULL DEFAULT now() + interval '30 days',
-  cancel_at timestamptz,
-  canceled_at timestamptz,
-  ended_at timestamptz,
-  created_at timestamptz NOT NULL DEFAULT now(),
-  updated_at timestamptz NOT NULL DEFAULT now()
-);
-
--- Unique constraint: max 1 active subscription per org
-CREATE UNIQUE INDEX IF NOT EXISTS subscriptions_org_active_idx
-  ON subscriptions (organization_id)
-  WHERE status NOT IN ('canceled');
-
-CREATE INDEX IF NOT EXISTS subscriptions_org_id_idx ON subscriptions(organization_id);
-CREATE INDEX IF NOT EXISTS subscriptions_external_id_idx ON subscriptions(external_subscription_id);
-
--- ─── Subscription Events (audit log) ────────────────────────
-CREATE TABLE IF NOT EXISTS subscription_events (
-  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  organization_id uuid NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
-  subscription_id uuid REFERENCES subscriptions(id) ON DELETE SET NULL,
-  event_type text NOT NULL,
-  stripe_event_id text,
-  provider text NOT NULL CHECK (provider IN ('stripe', 'mollie')),
-  data jsonb NOT NULL DEFAULT '{}',
-  source text NOT NULL DEFAULT 'webhook',
-  created_at timestamptz NOT NULL DEFAULT now()
-);
-
--- Idempotency: Stripe events are unique
-CREATE UNIQUE INDEX IF NOT EXISTS subscription_events_stripe_event_idx
-  ON subscription_events (stripe_event_id)
-  WHERE stripe_event_id IS NOT NULL;
-
-CREATE INDEX IF NOT EXISTS subscription_events_org_idx ON subscription_events(organization_id);
-
--- ─── RLS ────────────────────────────────────────────────────
-ALTER TABLE subscriptions ENABLE ROW LEVEL SECURITY;
-ALTER TABLE subscription_events ENABLE ROW LEVEL SECURITY;
-
--- FORCE RLS for service role too (webhook handlers use webhookDB which bypasses differently)
-ALTER TABLE subscriptions FORCE ROW LEVEL SECURITY;
-ALTER TABLE subscription_events FORCE ROW LEVEL SECURITY;
-
--- Admin read access (org members)
-DO $$ BEGIN
-  CREATE POLICY subscriptions_org_read ON subscriptions
-    FOR SELECT TO authenticated
-    USING (organization_id IN (
-      SELECT organization_id FROM organization_members
-      WHERE user_id = auth.uid() AND status = 'active'
-    ));
-EXCEPTION WHEN duplicate_object THEN NULL;
-END $$;
-
-DO $$ BEGIN
-  CREATE POLICY subscription_events_org_read ON subscription_events
-    FOR SELECT TO authenticated
-    USING (organization_id IN (
-      SELECT organization_id FROM organization_members
-      WHERE user_id = auth.uid() AND status = 'active'
-    ));
-EXCEPTION WHEN duplicate_object THEN NULL;
-END $$;
-
--- Service role bypass for webhook handlers
-DO $$ BEGIN
-  CREATE POLICY subscriptions_service ON subscriptions
-    FOR ALL TO service_role USING (true) WITH CHECK (true);
-EXCEPTION WHEN duplicate_object THEN NULL;
-END $$;
-
-DO $$ BEGIN
-  CREATE POLICY subscription_events_service ON subscription_events
-    FOR ALL TO service_role USING (true) WITH CHECK (true);
-EXCEPTION WHEN duplicate_object THEN NULL;
-END $$;
-
--- ─── Updated_at trigger ─────────────────────────────────────
-DO $$ BEGIN
-  CREATE TRIGGER subscriptions_updated_at
-    BEFORE UPDATE ON subscriptions
-    FOR EACH ROW EXECUTE FUNCTION update_updated_at();
-EXCEPTION WHEN OTHERS THEN NULL;
-END $$;

package/src/shared/email/migrations/000_create_email_logs.sql

@@ -1,27 +0,0 @@
--- ============================================
--- Email Logs — track all outgoing emails
--- Part of @soulbatical/tetra-core email module
--- ============================================
--- No FK constraints — consuming project adds its own
--- (e.g. organization_id → organizations, feedback_id → feedback)
-
-CREATE TABLE IF NOT EXISTS email_logs (
-  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
-  organization_id UUID,
-  template_id UUID,
-  to_email VARCHAR(320) NOT NULL,
-  subject VARCHAR(500) NOT NULL,
-  template_slug VARCHAR(100),
-  variables_used JSONB DEFAULT '{}',
-  status VARCHAR(50) DEFAULT 'pending',
-  error_message TEXT,
-  mailgun_message_id VARCHAR(255),
-  sent_at TIMESTAMPTZ,
-  created_at TIMESTAMPTZ DEFAULT now()
-);
-
-CREATE INDEX IF NOT EXISTS idx_email_logs_org ON email_logs(organization_id);
-CREATE INDEX IF NOT EXISTS idx_email_logs_status ON email_logs(status);
-CREATE INDEX IF NOT EXISTS idx_email_logs_created_at ON email_logs(created_at);
-
-ALTER TABLE email_logs ENABLE ROW LEVEL SECURITY;

package/src/shared/email/migrations/001_create_email_templates.sql

@@ -1,27 +0,0 @@
--- ============================================
--- Email Templates — DB-driven email templates
--- Part of @soulbatical/tetra-core email module
--- ============================================
--- No FK constraints — consuming project adds its own
-
-CREATE TABLE IF NOT EXISTS email_templates (
-  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
-  slug VARCHAR(100) NOT NULL,
-  name VARCHAR(255) NOT NULL,
-  subject VARCHAR(500) NOT NULL,
-  body_html TEXT NOT NULL,
-  body_text TEXT,
-  variables JSONB DEFAULT '[]',
-  language VARCHAR(10) DEFAULT 'nl' NOT NULL,
-  category VARCHAR(100) DEFAULT 'transactional',
-  is_active BOOLEAN DEFAULT true,
-  organization_id UUID,
-  created_at TIMESTAMPTZ DEFAULT now(),
-  updated_at TIMESTAMPTZ DEFAULT now()
-);
-
--- Unique per slug + language + org (NULL org uses sentinel UUID)
-CREATE UNIQUE INDEX IF NOT EXISTS idx_email_templates_slug_lang_org
-  ON email_templates(slug, language, COALESCE(organization_id, '00000000-0000-0000-0000-000000000000'));
-
-ALTER TABLE email_templates ENABLE ROW LEVEL SECURITY;

package/src/shared/email/migrations/002_add_rls_baseline_policies.sql

@@ -1,37 +0,0 @@
--- ============================================
--- RLS Baseline Policies — deny-all defaults
--- Part of @soulbatical/tetra-core email module
--- ============================================
--- These deny all access for anon and authenticated roles.
--- Service role bypasses RLS automatically.
--- Consuming projects should add their own grant policies as needed.
-
--- email_logs: no direct access for any non-service role
-CREATE POLICY "email_logs_deny_anon"
-  ON email_logs FOR ALL TO anon
-  USING (false) WITH CHECK (false);
-
-CREATE POLICY "email_logs_deny_authenticated"
-  ON email_logs FOR ALL TO authenticated
-  USING (false) WITH CHECK (false);
-
--- email_templates: read-only for authenticated (active templates only), no write
-CREATE POLICY "email_templates_deny_anon"
-  ON email_templates FOR ALL TO anon
-  USING (false) WITH CHECK (false);
-
-CREATE POLICY "email_templates_read_active_authenticated"
-  ON email_templates FOR SELECT TO authenticated
-  USING (is_active = true);
-
-CREATE POLICY "email_templates_deny_write_authenticated"
-  ON email_templates FOR INSERT TO authenticated
-  WITH CHECK (false);
-
-CREATE POLICY "email_templates_deny_update_authenticated"
-  ON email_templates FOR UPDATE TO authenticated
-  USING (false) WITH CHECK (false);
-
-CREATE POLICY "email_templates_deny_delete_authenticated"
-  ON email_templates FOR DELETE TO authenticated
-  USING (false);