people-truth 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Momolibrary
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,93 @@
+# people-truth
+
+`people-truth` is a Supabase/Postgres-backed source of truth for stable person identities, names, mentions, affiliations, identifiers, and sourced facts.
+
+Supabase is treated as a replaceable Postgres runtime. The durable contract is the SQL migration plus the CLI behavior.
+
+## Install
+
+```bash
+npm install -g people-truth
+ptruth --help
+```
+
+For local development:
+
+```bash
+npm install
+npm run build
+npm run dev -- --help
+```
+
+## Configure
+
+Create a local `.env` file:
+
+```bash
+ptruth init --url "https://your-project-ref.supabase.co" --key "your-service-role-or-secret-key"
+ptruth status
+```
+
+The CLI reads `SUPABASE_URL` and `SUPABASE_KEY` from `.env`, or from `~/.codex/.env` when present.
+
+## Database
+
+Apply migrations to a linked Supabase project:
+
+```bash
+npx supabase link --project-ref your-project-ref
+npm run db:push
+```
+
+The main files are:
+
+- `supabase/migrations/20260611000000_initial_people_truth.sql`
+- `supabase/schema.sql`
+
+The schema centers on:
+
+- `people`: stable UUID identity.
+- `person_names`: canonical names, aliases, pen names, former names, foreign names.
+- `person_identifiers`: external IDs and URLs.
+- `person_affiliations`: organization and role history.
+- `person_facts`: sourced predicate/value facts.
+- `sources`: provenance.
+
+## CLI
+
+```bash
+ptruth people add "梁启超" --alias "梁任公" --alias "饮冰室主人"
+ptruth people search "梁任公"
+ptruth people show "梁启超"
+ptruth people mention "梁启超"
+ptruth facts add "梁启超" wrote "饮冰室合集" --source manual --confidence likely
+ptruth facts list "梁启超"
+```
+
+All commands support JSON output:
+
+```bash
+ptruth people show "梁启超" -o json
+```
+
+## Mentions
+
+Use Markdown-compatible person mentions:
+
+```md
+[梁启超](person:2f7f0f2c-3d58-4d85-8e36-8d1e5fd2d7c9)
+```
+
+The label preserves the text as written. The `person:uuid` target preserves the stable identity.
+
+## Releases
+
+This repository uses GitHub Actions and semantic-release. Push conventional commits to `main`:
+
+```text
+feat: add identifier commands
+fix: handle duplicate person names
+feat!: change mention format
+```
+
+CI runs typecheck/build/pack. Release publishes to npm when `NPM_TOKEN` is configured in GitHub repository secrets.

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,151 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { existsSync, writeFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { addFact, listFacts } from "./facts.js";
+import { getConfig } from "./config.js";
+import { addPerson, formatPersonMention, getPerson, searchPeople } from "./people.js";
+import { printResult } from "./output.js";
+const program = new Command();
+program
+    .name("people-truth")
+    .description("Supabase-backed personal source of truth for people.")
+    .option("-o, --output <mode>", "Output mode: table or json", "table");
+program
+    .command("init")
+    .description("Create a local .env file for Supabase credentials")
+    .requiredOption("--url <url>", "Supabase project URL")
+    .requiredOption("--key <key>", "Supabase service-role or secret key")
+    .option("--path <path>", "Env file path", ".env")
+    .option("--force", "Overwrite an existing env file", false)
+    .action(async (options) => {
+    await run(async () => {
+        const envPath = resolve(options.path);
+        if (existsSync(envPath) && !options.force) {
+            throw new Error(`${envPath} already exists. Re-run with --force to overwrite it.`);
+        }
+        writeFileSync(envPath, `SUPABASE_URL="${options.url}"\nSUPABASE_KEY="${options.key}"\n`, {
+            mode: 0o600
+        });
+        printResult({ ok: true, path: envPath }, outputMode());
+    });
+});
+program
+    .command("status")
+    .description("Check local CLI configuration")
+    .action(async () => {
+    await run(async () => {
+        const config = getConfig();
+        printResult({
+            ok: true,
+            supabaseUrl: config.SUPABASE_URL,
+            hasSupabaseKey: Boolean(config.SUPABASE_KEY)
+        }, outputMode());
+    });
+});
+const people = program.command("people").description("Manage people");
+people
+    .command("add")
+    .argument("<name>", "Canonical name")
+    .option("--alias <alias...>", "Alias or nickname")
+    .option("--organization <organization>", "Organization")
+    .option("--role <role>", "Role or title")
+    .option("--location <location>", "Location")
+    .option("--relationship <relationship>", "Relationship context")
+    .option("--bio <bio>", "Short biography")
+    .option("--note <note>", "Private note")
+    .action(async (name, options) => {
+    await run(async () => {
+        const result = await addPerson({
+            name,
+            aliases: options.alias ?? [],
+            organization: options.organization,
+            role: options.role,
+            location: options.location,
+            relationship: options.relationship,
+            bio: options.bio,
+            note: options.note
+        });
+        printResult(result, outputMode());
+    });
+});
+people
+    .command("search")
+    .argument("<query>", "Search query")
+    .action(async (query) => {
+    await run(async () => {
+        printResult(await searchPeople(query), outputMode());
+    });
+});
+people
+    .command("show")
+    .argument("<identifier>", "Person ID or alias")
+    .action(async (identifier) => {
+    await run(async () => {
+        const result = await getPerson(identifier);
+        if (!result)
+            throw new Error(`Person not found: ${identifier}`);
+        printResult(result, outputMode());
+    });
+});
+people
+    .command("mention")
+    .argument("<identifier>", "Person ID or name")
+    .option("--label <label>", "Display label to preserve in text")
+    .action(async (identifier, options) => {
+    await run(async () => {
+        printResult(await formatPersonMention(identifier, options.label), outputMode());
+    });
+});
+const facts = program.command("facts").description("Manage person facts");
+facts
+    .command("add")
+    .argument("<person>", "Person ID or alias")
+    .argument("<predicate>", "Fact predicate, e.g. works_at")
+    .argument("<value>", "Fact value")
+    .option("--confidence <confidence>", "confirmed, likely, or unverified", "unverified")
+    .option("--source <sourceType>", "Source type, e.g. manual, getnote, meeting")
+    .option("--source-ref <sourceRef>", "Source reference, e.g. note ID")
+    .option("--source-title <sourceTitle>", "Source title")
+    .option("--source-url <sourceUrl>", "Source URL")
+    .action(async (person, predicate, value, options) => {
+    await run(async () => {
+        const confidence = options.confidence;
+        if (!["confirmed", "likely", "unverified"].includes(confidence)) {
+            throw new Error("Confidence must be confirmed, likely, or unverified.");
+        }
+        printResult(await addFact({
+            person,
+            predicate,
+            value,
+            confidence,
+            sourceType: options.source,
+            sourceRef: options.sourceRef,
+            sourceTitle: options.sourceTitle,
+            sourceUrl: options.sourceUrl
+        }), outputMode());
+    });
+});
+facts
+    .command("list")
+    .argument("<person>", "Person ID or alias")
+    .action(async (person) => {
+    await run(async () => {
+        printResult(await listFacts(person), outputMode());
+    });
+});
+function outputMode() {
+    const mode = program.opts().output;
+    return mode === "json" ? "json" : "table";
+}
+async function run(fn) {
+    try {
+        await fn();
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        console.error(message);
+        process.exitCode = 1;
+    }
+}
+program.parseAsync();

package/dist/config.d.ts

@@ -0,0 +1,4 @@
+export declare function getConfig(): {
+    SUPABASE_URL: string;
+    SUPABASE_KEY: string;
+};

package/dist/config.js

@@ -0,0 +1,21 @@
+import { config as loadDotenv } from "dotenv";
+import { existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { z } from "zod";
+loadDotenv();
+const codexEnvPath = join(homedir(), ".codex", ".env");
+if (existsSync(codexEnvPath)) {
+    loadDotenv({ path: codexEnvPath, override: false });
+}
+const envSchema = z.object({
+    SUPABASE_URL: z.string().url(),
+    SUPABASE_KEY: z.string().min(1)
+});
+export function getConfig() {
+    const parsed = envSchema.safeParse(process.env);
+    if (!parsed.success) {
+        throw new Error("Missing Supabase config. Set SUPABASE_URL and SUPABASE_KEY in .env or ~/.codex/.env.");
+    }
+    return parsed.data;
+}

package/dist/facts.d.ts

@@ -0,0 +1,11 @@
+export declare function addFact(input: {
+    person: string;
+    predicate: string;
+    value: string;
+    confidence: "confirmed" | "likely" | "unverified";
+    sourceType?: string;
+    sourceRef?: string;
+    sourceTitle?: string;
+    sourceUrl?: string;
+}): Promise<any>;
+export declare function listFacts(identifier: string): Promise<any>;

package/dist/facts.js

@@ -0,0 +1,44 @@
+import { getPerson } from "./people.js";
+import { getSupabase } from "./supabase.js";
+export async function addFact(input) {
+    const supabase = getSupabase();
+    const person = await getPerson(input.person);
+    if (!person)
+        throw new Error(`Person not found: ${input.person}`);
+    let sourceId = null;
+    if (input.sourceType || input.sourceRef || input.sourceTitle || input.sourceUrl) {
+        const { data: source, error: sourceError } = await supabase
+            .from("sources")
+            .insert({
+            source_type: input.sourceType ?? "manual",
+            source_ref: input.sourceRef,
+            title: input.sourceTitle,
+            url: input.sourceUrl
+        })
+            .select()
+            .single();
+        if (sourceError)
+            throw new Error(sourceError.message);
+        sourceId = source.id;
+    }
+    const { data, error } = await supabase
+        .from("person_facts")
+        .insert({
+        person_id: person.id,
+        predicate: input.predicate,
+        value: input.value,
+        confidence: input.confidence,
+        source_id: sourceId
+    })
+        .select("*, sources(source_type, source_ref, title, url)")
+        .single();
+    if (error)
+        throw new Error(error.message);
+    return data;
+}
+export async function listFacts(identifier) {
+    const person = await getPerson(identifier);
+    if (!person)
+        throw new Error(`Person not found: ${identifier}`);
+    return person.person_facts ?? [];
+}

package/dist/output.d.ts

@@ -0,0 +1,2 @@
+export type OutputMode = "table" | "json";
+export declare function printResult(value: unknown, mode: OutputMode): void;

package/dist/output.js

@@ -0,0 +1,15 @@
+export function printResult(value, mode) {
+    if (mode === "json") {
+        console.log(JSON.stringify(value, null, 2));
+        return;
+    }
+    if (Array.isArray(value)) {
+        console.table(value);
+        return;
+    }
+    if (typeof value === "string") {
+        console.log(value);
+        return;
+    }
+    console.dir(value, { depth: null, colors: true });
+}

package/dist/people.d.ts

@@ -0,0 +1,13 @@
+export declare function addPerson(input: {
+    name: string;
+    aliases: string[];
+    organization?: string;
+    role?: string;
+    location?: string;
+    relationship?: string;
+    bio?: string;
+    note?: string;
+}): Promise<any>;
+export declare function searchPeople(query: string): Promise<unknown[]>;
+export declare function getPerson(identifier: string): Promise<any>;
+export declare function formatPersonMention(identifier: string, label?: string): Promise<string>;

package/dist/people.js

@@ -0,0 +1,106 @@
+import { getSupabase } from "./supabase.js";
+const PERSON_SELECT = "*, person_names(name, name_type, locale, is_primary), person_identifiers(identifier_type, value, url, is_primary), person_affiliations(organization_name, role_title, start_date, end_date, note), person_facts(id, predicate, value, confidence, valid_from, valid_to, created_at, sources(source_type, source_ref, title, url))";
+export async function addPerson(input) {
+    const supabase = getSupabase();
+    const { data: person, error } = await supabase
+        .from("people")
+        .insert({
+        canonical_name: input.name,
+        display_name: input.name,
+        bio: input.bio,
+        note: input.note ?? ([input.location, input.relationship].filter(Boolean).join("; ") || undefined)
+    })
+        .select()
+        .single();
+    if (error)
+        throw new Error(error.message);
+    const names = Array.from(new Set([input.name, ...input.aliases].filter(Boolean)));
+    if (names.length > 0) {
+        const { error: nameError } = await supabase.from("person_names").insert(names.map((alias) => ({
+            person_id: person.id,
+            name: alias,
+            name_type: alias === input.name ? "canonical" : "alias",
+            is_primary: alias === input.name
+        })));
+        if (nameError)
+            throw new Error(nameError.message);
+    }
+    if (input.organization) {
+        const { error: affiliationError } = await supabase.from("person_affiliations").insert({
+            person_id: person.id,
+            organization_name: input.organization,
+            role_title: input.role
+        });
+        if (affiliationError)
+            throw new Error(affiliationError.message);
+    }
+    return getPerson(person.id);
+}
+export async function searchPeople(query) {
+    const supabase = getSupabase();
+    const pattern = `%${query}%`;
+    const select = "id, canonical_name, display_name, bio, note, person_names(name, name_type), person_affiliations(organization_name, role_title)";
+    const { data: directMatches, error } = await supabase
+        .from("people")
+        .select(select)
+        .or(`canonical_name.ilike.${pattern},display_name.ilike.${pattern},bio.ilike.${pattern},note.ilike.${pattern}`)
+        .limit(20);
+    if (error)
+        throw new Error(error.message);
+    const { data: nameMatches, error: nameError } = await supabase
+        .from("person_names")
+        .select(`people(${select})`)
+        .ilike("name", pattern)
+        .limit(20);
+    if (nameError)
+        throw new Error(nameError.message);
+    const byId = new Map();
+    for (const person of directMatches ?? []) {
+        byId.set(person.id, person);
+    }
+    for (const row of nameMatches ?? []) {
+        const person = Array.isArray(row.people) ? row.people[0] : row.people;
+        if (person?.id)
+            byId.set(person.id, person);
+    }
+    return Array.from(byId.values()).slice(0, 20);
+}
+export async function getPerson(identifier) {
+    const supabase = getSupabase();
+    const { data: personById, error: idError } = await supabase
+        .from("people")
+        .select(PERSON_SELECT)
+        .eq("id", identifier)
+        .maybeSingle();
+    if (idError)
+        throw new Error(idError.message);
+    if (personById)
+        return personById;
+    const { data: nameMatches, error: aliasError } = await supabase
+        .from("person_names")
+        .select("person_id")
+        .ilike("name", identifier)
+        .limit(2);
+    if (aliasError)
+        throw new Error(aliasError.message);
+    if (!nameMatches || nameMatches.length === 0)
+        return null;
+    if (nameMatches.length > 1) {
+        throw new Error(`Multiple people match "${identifier}". Use a UUID instead.`);
+    }
+    const { data, error } = await supabase
+        .from("people")
+        .select(PERSON_SELECT)
+        .eq("id", nameMatches[0].person_id)
+        .single();
+    if (error)
+        throw new Error(error.message);
+    return data;
+}
+export async function formatPersonMention(identifier, label) {
+    const person = await getPerson(identifier);
+    if (!person)
+        throw new Error(`Person not found: ${identifier}`);
+    const display = label ?? person.display_name ?? person.canonical_name;
+    return `[${display}](person:${person.id})`;
+}

package/dist/supabase.d.ts

@@ -0,0 +1 @@
+export declare function getSupabase(): import("@supabase/supabase-js").SupabaseClient<any, "public", "public", any, any>;

package/dist/supabase.js

@@ -0,0 +1,11 @@
+import { createClient } from "@supabase/supabase-js";
+import { getConfig } from "./config.js";
+export function getSupabase() {
+    const { SUPABASE_URL, SUPABASE_KEY } = getConfig();
+    return createClient(SUPABASE_URL, SUPABASE_KEY, {
+        auth: {
+            persistSession: false,
+            autoRefreshToken: false
+        }
+    });
+}

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "people-truth",
+  "version": "1.0.0",
+  "description": "A Supabase-backed personal source of truth for people and relationship facts.",
+  "type": "module",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/momolibrary/people-truth.git"
+  },
+  "bugs": {
+    "url": "https://github.com/momolibrary/people-truth/issues"
+  },
+  "homepage": "https://github.com/momolibrary/people-truth#readme",
+  "bin": {
+    "people-truth": "dist/cli.js",
+    "ptruth": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "supabase",
+    "skills",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/cli.ts",
+    "db:push": "supabase db push",
+    "db:reset": "supabase db reset",
+    "pack:dry": "npm pack --dry-run",
+    "prepack": "npm run build",
+    "release": "semantic-release",
+    "start": "node dist/cli.js",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@supabase/supabase-js": "^2.108.1",
+    "commander": "^12.1.0",
+    "dotenv": "^16.6.1",
+    "zod": "^3.25.76"
+  },
+  "devDependencies": {
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/commit-analyzer": "^13.0.1",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^12.0.8",
+    "@semantic-release/npm": "^13.1.5",
+    "@semantic-release/release-notes-generator": "^14.1.1",
+    "@types/node": "^22.10.2",
+    "conventional-changelog-conventionalcommits": "^9.3.1",
+    "semantic-release": "^25.0.5",
+    "supabase": "^2.105.0",
+    "tsx": "^4.19.2",
+    "typescript": "^5.7.2"
+  },
+  "engines": {
+    "node": ">=20"
+  }
+}

package/skills/people-truth/SKILL.md

@@ -0,0 +1,70 @@
+---
+name: people-truth
+description: Use the people-truth CLI and Supabase/Postgres schema when Codex needs to create, query, migrate, or reason about stable person identities, names, markdown person mentions, affiliations, identifiers, and sourced person facts in this repository or an installed people-truth CLI.
+---
+
+# People Truth
+
+## Core Model
+
+Treat Supabase as a replaceable Postgres runtime. The durable contract is the migration SQL and CLI behavior in this repository.
+
+- `people.id` is the stable UUID identity.
+- `person_names` stores canonical names, display names, aliases, pen names, former names, foreign names, and other human labels.
+- `person_identifiers` stores external IDs such as email, website, Wikidata, GitHub, X/Twitter, or custom IDs.
+- `person_affiliations` stores organization and role history without making organizations a first-class ontology yet.
+- `person_facts` stores sourced predicate/value facts with `confirmed`, `likely`, or `unverified` confidence.
+- `sources` stores provenance for facts.
+
+Use this mention format in prose and notes:
+
+```md
+[Display Name](person:uuid)
+```
+
+Preserve the display label as written. Resolve the `person:uuid` target when current canonical data is needed.
+
+## CLI Workflow
+
+Use `ptruth` when installed globally, or `npm run dev --` inside the repository.
+
+```bash
+ptruth init --url "$SUPABASE_URL" --key "$SUPABASE_KEY"
+ptruth status
+ptruth people add "梁启超" --alias "梁任公" --alias "饮冰室主人"
+ptruth people search "梁任公"
+ptruth people show "梁启超" -o json
+ptruth people mention "梁启超"
+ptruth facts add "梁启超" wrote "饮冰室合集" --source manual --confidence likely
+ptruth facts list "梁启超" -o json
+```
+
+When writing automation or agent integrations, prefer `-o json` and parse stdout as JSON.
+
+## Migration Workflow
+
+Use `supabase/migrations/*.sql` as the source of truth. Keep `supabase/schema.sql` as a readable flattened snapshot of the current schema.
+
+For local or linked Supabase projects:
+
+```bash
+npm run db:push
+```
+
+For other Postgres hosts, run the SQL files in migration order with any standard Postgres migration runner.
+
+## Release Workflow
+
+Use conventional commits so GitHub Actions and semantic-release can publish npm automatically:
+
+- `feat: add person identifiers` creates a minor release.
+- `fix: handle duplicate names` creates a patch release.
+- `feat!: change mention syntax` creates a major release.
+- `chore:` normally does not release.
+
+The CLI package is intended to work with:
+
+```bash
+npm install -g people-truth
+ptruth --help
+```

package/skills/people-truth/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "People Truth"
+  short_description: "Manage stable person identities with CLI."
+  default_prompt: "Use people-truth to manage stable person identities, mentions, and sourced facts."

package/supabase/config.toml

@@ -0,0 +1,413 @@
+# For detailed configuration reference documentation, visit:
+# https://supabase.com/docs/guides/local-development/cli/config
+# A string used to distinguish different Supabase projects on the same host. Defaults to the
+# working directory name when running `supabase init`.
+project_id = "people-truth"
+
+[api]
+enabled = true
+# Port to use for the API URL.
+port = 54321
+# Schemas to expose in your API. Tables, views and stored procedures in this schema will get API
+# endpoints. `public` and `graphql_public` schemas are included by default.
+schemas = ["public", "graphql_public"]
+# Extra schemas to add to the search_path of every request.
+extra_search_path = ["public", "extensions"]
+# The maximum number of rows returns from a view, table, or stored procedure. Limits payload size
+# for accidental or malicious requests.
+max_rows = 1000
+# Controls whether new tables, views, sequences and functions created in the `public` schema by
+# `postgres` are reachable through the Data API roles (`anon`, `authenticated`, `service_role`)
+# without explicit GRANTs. Leave unset today to preserve local behaviour. The implicit default
+# flips to `false` on 2026-05-30 to match the new cloud default, and the field is removed in
+# 2026-10-30 once the always-revoked behaviour is permanent. Set to `false` to opt in early.
+# auto_expose_new_tables = false
+
+[api.tls]
+# Enable HTTPS endpoints locally using a self-signed certificate.
+enabled = false
+# Paths to self-signed certificate pair.
+# cert_path = "../certs/my-cert.pem"
+# key_path = "../certs/my-key.pem"
+
+[db]
+# Port to use for the local database URL.
+port = 54322
+# Port used by db diff command to initialize the shadow database.
+shadow_port = 54320
+# Maximum amount of time to wait for health check when starting the local database.
+health_timeout = "2m"
+# The database major version to use. This has to be the same as your remote database's. Run `SHOW
+# server_version;` on the remote database to check.
+major_version = 17
+
+[db.pooler]
+enabled = false
+# Port to use for the local connection pooler.
+port = 54329
+# Specifies when a server connection can be reused by other clients.
+# Configure one of the supported pooler modes: `transaction`, `session`.
+pool_mode = "transaction"
+# How many server connections to allow per user/database pair.
+default_pool_size = 20
+# Maximum number of client connections allowed.
+max_client_conn = 100
+
+# [db.vault]
+# secret_key = "env(SECRET_VALUE)"
+
+[db.migrations]
+# If disabled, migrations will be skipped during a db push or reset.
+enabled = true
+# Specifies an ordered list of schema files that describe your database.
+# Supports glob patterns relative to supabase directory: "./schemas/*.sql"
+schema_paths = []
+
+[db.seed]
+# If enabled, seeds the database after migrations during a db reset.
+enabled = false
+# Specifies an ordered list of seed files to load during db reset.
+# Supports glob patterns relative to supabase directory: "./seeds/*.sql"
+sql_paths = ["./seed.sql"]
+
+[db.network_restrictions]
+# Enable management of network restrictions.
+enabled = false
+# List of IPv4 CIDR blocks allowed to connect to the database.
+# Defaults to allow all IPv4 connections. Set empty array to block all IPs.
+allowed_cidrs = ["0.0.0.0/0"]
+# List of IPv6 CIDR blocks allowed to connect to the database.
+# Defaults to allow all IPv6 connections. Set empty array to block all IPs.
+allowed_cidrs_v6 = ["::/0"]
+
+# Uncomment to reject non-secure connections to the database.
+# [db.ssl_enforcement]
+# enabled = true
+
+[realtime]
+enabled = true
+# Bind realtime via either IPv4 or IPv6. (default: IPv4)
+# ip_version = "IPv6"
+# The maximum length in bytes of HTTP request headers. (default: 4096)
+# max_header_length = 4096
+
+[studio]
+enabled = true
+# Port to use for Supabase Studio.
+port = 54323
+# External URL of the API server that frontend connects to.
+api_url = "http://127.0.0.1"
+# OpenAI API Key to use for Supabase AI in the Supabase Studio.
+openai_api_key = "env(OPENAI_API_KEY)"
+
+# Email testing server. Emails sent with the local dev setup are not actually sent - rather, they
+# are monitored, and you can view the emails that would have been sent from the web interface.
+[inbucket]
+enabled = true
+# Port to use for the email testing server web interface.
+port = 54324
+# Uncomment to expose additional ports for testing user applications that send emails.
+# smtp_port = 54325
+# pop3_port = 54326
+# admin_email = "admin@email.com"
+# sender_name = "Admin"
+
+[storage]
+enabled = true
+# The maximum file size allowed (e.g. "5MB", "500KB").
+file_size_limit = "50MiB"
+
+# Uncomment to configure local storage buckets
+# [storage.buckets.images]
+# public = false
+# file_size_limit = "50MiB"
+# allowed_mime_types = ["image/png", "image/jpeg"]
+# objects_path = "./images"
+
+# Allow connections via S3 compatible clients
+[storage.s3_protocol]
+enabled = true
+
+# Image transformation API is available to Supabase Pro plan.
+# [storage.image_transformation]
+# enabled = true
+
+# Store analytical data in S3 for running ETL jobs over Iceberg Catalog
+# This feature is only available on the hosted platform.
+[storage.analytics]
+enabled = false
+max_namespaces = 5
+max_tables = 10
+max_catalogs = 2
+
+# Analytics Buckets is available to Supabase Pro plan.
+# [storage.analytics.buckets.my-warehouse]
+
+# Store vector embeddings in S3 for large and durable datasets
+[storage.vector]
+enabled = true
+max_buckets = 10
+max_indexes = 5
+
+# Vector Buckets is available to Supabase Pro plan.
+# [storage.vector.buckets.documents-openai]
+
+[auth]
+enabled = true
+# The base URL of your website. Used as an allow-list for redirects and for constructing URLs used
+# in emails.
+site_url = "http://127.0.0.1:3000"
+# The public URL that Auth serves on. Defaults to the API external URL with `/auth/v1` appended.
+# external_url = ""
+# A list of *exact* URLs that auth providers are permitted to redirect to post authentication.
+additional_redirect_urls = ["https://127.0.0.1:3000"]
+# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week).
+jwt_expiry = 3600
+# JWT issuer URL. If not set, defaults to auth.external_url.
+# jwt_issuer = ""
+# Path to JWT signing key. DO NOT commit your signing keys file to git.
+# signing_keys_path = "./signing_keys.json"
+# If disabled, the refresh token will never expire.
+enable_refresh_token_rotation = true
+# Allows refresh tokens to be reused after expiry, up to the specified interval in seconds.
+# Requires enable_refresh_token_rotation = true.
+refresh_token_reuse_interval = 10
+# Allow/disallow new user signups to your project.
+enable_signup = true
+# Allow/disallow anonymous sign-ins to your project.
+enable_anonymous_sign_ins = false
+# Allow/disallow testing manual linking of accounts
+enable_manual_linking = false
+# Passwords shorter than this value will be rejected as weak. Minimum 6, recommended 8 or more.
+minimum_password_length = 6
+# Passwords that do not meet the following requirements will be rejected as weak. Supported values
+# are: `letters_digits`, `lower_upper_letters_digits`, `lower_upper_letters_digits_symbols`
+password_requirements = ""
+
+# Configure passkey sign-ins.
+# [auth.passkey]
+# enabled = false
+
+# Configure WebAuthn relying party settings (required when passkey is enabled).
+# [auth.webauthn]
+# rp_display_name = "Supabase"
+# rp_id = "localhost"
+# rp_origins = ["http://127.0.0.1:3000"]
+
+[auth.rate_limit]
+# Number of emails that can be sent per hour. Requires auth.email.smtp to be enabled.
+email_sent = 2
+# Number of SMS messages that can be sent per hour. Requires auth.sms to be enabled.
+sms_sent = 30
+# Number of anonymous sign-ins that can be made per hour per IP address. Requires enable_anonymous_sign_ins = true.
+anonymous_users = 30
+# Number of sessions that can be refreshed in a 5 minute interval per IP address.
+token_refresh = 150
+# Number of sign up and sign-in requests that can be made in a 5 minute interval per IP address (excludes anonymous users).
+sign_in_sign_ups = 30
+# Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address.
+token_verifications = 30
+# Number of Web3 logins that can be made in a 5 minute interval per IP address.
+web3 = 30
+
+# Configure one of the supported captcha providers: `hcaptcha`, `turnstile`.
+# [auth.captcha]
+# enabled = true
+# provider = "hcaptcha"
+# secret = ""
+
+[auth.email]
+# Allow/disallow new user signups via email to your project.
+enable_signup = true
+# If enabled, a user will be required to confirm any email change on both the old, and new email
+# addresses. If disabled, only the new email is required to confirm.
+double_confirm_changes = true
+# If enabled, users need to confirm their email address before signing in.
+enable_confirmations = false
+# If enabled, users will need to reauthenticate or have logged in recently to change their password.
+secure_password_change = false
+# Controls the minimum amount of time that must pass before sending another signup confirmation or password reset email.
+max_frequency = "1s"
+# Number of characters used in the email OTP.
+otp_length = 6
+# Number of seconds before the email OTP expires (defaults to 1 hour).
+otp_expiry = 3600
+
+# Use a production-ready SMTP server
+# [auth.email.smtp]
+# enabled = true
+# host = "smtp.sendgrid.net"
+# port = 587
+# user = "apikey"
+# pass = "env(SENDGRID_API_KEY)"
+# admin_email = "admin@email.com"
+# sender_name = "Admin"
+
+# Uncomment to customize email template
+# [auth.email.template.invite]
+# subject = "You have been invited"
+# content_path = "./supabase/templates/invite.html"
+
+# Uncomment to customize notification email template
+# [auth.email.notification.password_changed]
+# enabled = true
+# subject = "Your password has been changed"
+# content_path = "./templates/password_changed_notification.html"
+
+[auth.sms]
+# Allow/disallow new user signups via SMS to your project.
+enable_signup = false
+# If enabled, users need to confirm their phone number before signing in.
+enable_confirmations = false
+# Template for sending OTP to users
+template = "Your code is {{ `{{ .Code }}` }}"
+# Controls the minimum amount of time that must pass before sending another sms otp.
+max_frequency = "5s"
+
+# Use pre-defined map of phone number to OTP for testing.
+# [auth.sms.test_otp]
+# 4152127777 = "123456"
+
+# Configure logged in session timeouts.
+# [auth.sessions]
+# Force log out after the specified duration.
+# timebox = "24h"
+# Force log out if the user has been inactive longer than the specified duration.
+# inactivity_timeout = "8h"
+
+# This hook runs before a new user is created and allows developers to reject the request based on the incoming user object.
+# [auth.hook.before_user_created]
+# enabled = true
+# uri = "pg-functions://postgres/auth/before-user-created-hook"
+
+# This hook runs before a token is issued and allows you to add additional claims based on the authentication method used.
+# [auth.hook.custom_access_token]
+# enabled = true
+# uri = "pg-functions://<database>/<schema>/<hook_name>"
+
+# Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`.
+[auth.sms.twilio]
+enabled = false
+account_sid = ""
+message_service_sid = ""
+# DO NOT commit your Twilio auth token to git. Use environment variable substitution instead:
+auth_token = "env(SUPABASE_AUTH_SMS_TWILIO_AUTH_TOKEN)"
+
+# Multi-factor-authentication is available to Supabase Pro plan.
+[auth.mfa]
+# Control how many MFA factors can be enrolled at once per user.
+max_enrolled_factors = 10
+
+# Control MFA via App Authenticator (TOTP)
+[auth.mfa.totp]
+enroll_enabled = false
+verify_enabled = false
+
+# Configure MFA via Phone Messaging
+[auth.mfa.phone]
+enroll_enabled = false
+verify_enabled = false
+otp_length = 6
+template = "Your code is {{ `{{ .Code }}` }}"
+max_frequency = "5s"
+
+# Configure MFA via WebAuthn
+# [auth.mfa.web_authn]
+# enroll_enabled = true
+# verify_enabled = true
+
+# Use an external OAuth provider. The full list of providers are: `apple`, `azure`, `bitbucket`,
+# `discord`, `facebook`, `github`, `gitlab`, `google`, `keycloak`, `linkedin_oidc`, `notion`, `twitch`,
+# `twitter`, `x`, `slack`, `spotify`, `workos`, `zoom`.
+[auth.external.apple]
+enabled = false
+client_id = ""
+# DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead:
+secret = "env(SUPABASE_AUTH_EXTERNAL_APPLE_SECRET)"
+# Overrides the default auth callback URL derived from auth.external_url.
+redirect_uri = ""
+# Overrides the default auth provider URL. Used to support self-hosted gitlab, single-tenant Azure,
+# or any other third-party OIDC providers.
+url = ""
+# If enabled, the nonce check will be skipped. Required for local sign in with Google auth.
+skip_nonce_check = false
+# If enabled, it will allow the user to successfully authenticate when the provider does not return an email address.
+email_optional = false
+
+# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard.
+# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting.
+[auth.web3.solana]
+enabled = false
+
+# Use Firebase Auth as a third-party provider alongside Supabase Auth.
+[auth.third_party.firebase]
+enabled = false
+# project_id = "my-firebase-project"
+
+# Use Auth0 as a third-party provider alongside Supabase Auth.
+[auth.third_party.auth0]
+enabled = false
+# tenant = "my-auth0-tenant"
+# tenant_region = "us"
+
+# Use AWS Cognito (Amplify) as a third-party provider alongside Supabase Auth.
+[auth.third_party.aws_cognito]
+enabled = false
+# user_pool_id = "my-user-pool-id"
+# user_pool_region = "us-east-1"
+
+# Use Clerk as a third-party provider alongside Supabase Auth.
+[auth.third_party.clerk]
+enabled = false
+# Obtain from https://clerk.com/setup/supabase
+# domain = "example.clerk.accounts.dev"
+
+# OAuth server configuration
+[auth.oauth_server]
+# Enable OAuth server functionality
+enabled = false
+# Path for OAuth consent flow UI
+authorization_url_path = "/oauth/consent"
+# Allow dynamic client registration
+allow_dynamic_registration = false
+
+[edge_runtime]
+enabled = true
+# Supported request policies: `oneshot`, `per_worker`.
+# `per_worker` (default) — enables hot reload during local development.
+# `oneshot` — fallback mode if hot reload causes issues (e.g. in large repos or with symlinks).
+policy = "per_worker"
+# Port to attach the Chrome inspector for debugging edge functions.
+inspector_port = 8083
+# The Deno major version to use.
+deno_version = 2
+
+# [edge_runtime.secrets]
+# secret_key = "env(SECRET_VALUE)"
+
+[analytics]
+enabled = true
+port = 54327
+# Configure one of the supported backends: `postgres`, `bigquery`.
+backend = "postgres"
+
+# Experimental features may be deprecated any time
+[experimental]
+# Configures Postgres storage engine to use OrioleDB (S3)
+orioledb_version = ""
+# Configures S3 bucket URL, eg. <bucket_name>.s3-<region>.amazonaws.com
+s3_host = "env(S3_HOST)"
+# Configures S3 bucket region, eg. us-east-1
+s3_region = "env(S3_REGION)"
+# Configures AWS_ACCESS_KEY_ID for S3 bucket
+s3_access_key = "env(S3_ACCESS_KEY)"
+# Configures AWS_SECRET_ACCESS_KEY for S3 bucket
+s3_secret_key = "env(S3_SECRET_KEY)"
+
+# [experimental.pgdelta]
+# When enabled, pg-delta becomes the active engine for supported schema flows.
+# enabled = false
+# Directory under `supabase/` where declarative files are written.
+# declarative_schema_path = "./database"
+# JSON string passed through to pg-delta SQL formatting.
+# format_options = "{\"keywordCase\":\"upper\",\"indent\":2,\"maxWidth\":80,\"commaStyle\":\"trailing\"}"

package/supabase/migrations/20260611000000_initial_people_truth.sql

@@ -0,0 +1,114 @@
+create extension if not exists pgcrypto;
+create extension if not exists pg_trgm;
+
+create table if not exists public.people (
+  id uuid primary key default gen_random_uuid(),
+  canonical_name text not null,
+  display_name text,
+  sort_name text,
+  avatar_url text,
+  bio text,
+  note text,
+  created_at timestamptz not null default now(),
+  updated_at timestamptz not null default now()
+);
+
+create table if not exists public.person_names (
+  id uuid primary key default gen_random_uuid(),
+  person_id uuid not null references public.people(id) on delete cascade,
+  name text not null,
+  name_type text not null default 'alias'
+    check (name_type in ('canonical', 'display', 'alias', 'nickname', 'courtesy_name', 'pen_name', 'former_name', 'foreign_name', 'other')),
+  locale text,
+  is_primary boolean not null default false,
+  created_at timestamptz not null default now()
+);
+
+create unique index if not exists person_names_unique_lower_name_type
+  on public.person_names (person_id, lower(name), name_type);
+
+create unique index if not exists person_names_primary_per_type
+  on public.person_names (person_id, name_type)
+  where is_primary;
+
+create index if not exists person_names_name_trgm
+  on public.person_names using gin (name gin_trgm_ops);
+
+create table if not exists public.person_identifiers (
+  id uuid primary key default gen_random_uuid(),
+  person_id uuid not null references public.people(id) on delete cascade,
+  identifier_type text not null,
+  value text not null,
+  url text,
+  is_primary boolean not null default false,
+  created_at timestamptz not null default now(),
+  unique (identifier_type, value)
+);
+
+create table if not exists public.person_affiliations (
+  id uuid primary key default gen_random_uuid(),
+  person_id uuid not null references public.people(id) on delete cascade,
+  organization_name text not null,
+  role_title text,
+  start_date date,
+  end_date date,
+  note text,
+  created_at timestamptz not null default now()
+);
+
+create table if not exists public.sources (
+  id uuid primary key default gen_random_uuid(),
+  source_type text not null default 'manual',
+  source_ref text,
+  title text,
+  url text,
+  captured_at timestamptz,
+  created_at timestamptz not null default now()
+);
+
+create table if not exists public.person_facts (
+  id uuid primary key default gen_random_uuid(),
+  person_id uuid not null references public.people(id) on delete cascade,
+  predicate text not null,
+  value text not null,
+  confidence text not null default 'unverified'
+    check (confidence in ('confirmed', 'likely', 'unverified')),
+  source_id uuid references public.sources(id) on delete set null,
+  valid_from date,
+  valid_to date,
+  created_at timestamptz not null default now(),
+  updated_at timestamptz not null default now()
+);
+
+create index if not exists people_canonical_name_trgm
+  on public.people using gin (canonical_name gin_trgm_ops);
+
+create index if not exists people_display_name_trgm
+  on public.people using gin (display_name gin_trgm_ops);
+
+create index if not exists person_identifiers_person_id
+  on public.person_identifiers (person_id);
+
+create index if not exists person_affiliations_person_id
+  on public.person_affiliations (person_id);
+
+create index if not exists person_facts_person_id_created_at
+  on public.person_facts (person_id, created_at desc);
+
+create or replace function public.touch_updated_at()
+returns trigger as $$
+begin
+  new.updated_at = now();
+  return new;
+end;
+$$ language plpgsql;
+
+drop trigger if exists touch_people_updated_at on public.people;
+create trigger touch_people_updated_at
+before update on public.people
+for each row execute function public.touch_updated_at();
+
+drop trigger if exists touch_person_facts_updated_at on public.person_facts;
+create trigger touch_person_facts_updated_at
+before update on public.person_facts
+for each row execute function public.touch_updated_at();

package/supabase/schema.sql

@@ -0,0 +1,114 @@
+create extension if not exists pgcrypto;
+create extension if not exists pg_trgm;
+
+create table if not exists public.people (
+  id uuid primary key default gen_random_uuid(),
+  canonical_name text not null,
+  display_name text,
+  sort_name text,
+  avatar_url text,
+  bio text,
+  note text,
+  created_at timestamptz not null default now(),
+  updated_at timestamptz not null default now()
+);
+
+create table if not exists public.person_names (
+  id uuid primary key default gen_random_uuid(),
+  person_id uuid not null references public.people(id) on delete cascade,
+  name text not null,
+  name_type text not null default 'alias'
+    check (name_type in ('canonical', 'display', 'alias', 'nickname', 'courtesy_name', 'pen_name', 'former_name', 'foreign_name', 'other')),
+  locale text,
+  is_primary boolean not null default false,
+  created_at timestamptz not null default now()
+);
+
+create unique index if not exists person_names_unique_lower_name_type
+  on public.person_names (person_id, lower(name), name_type);
+
+create unique index if not exists person_names_primary_per_type
+  on public.person_names (person_id, name_type)
+  where is_primary;
+
+create index if not exists person_names_name_trgm
+  on public.person_names using gin (name gin_trgm_ops);
+
+create table if not exists public.person_identifiers (
+  id uuid primary key default gen_random_uuid(),
+  person_id uuid not null references public.people(id) on delete cascade,
+  identifier_type text not null,
+  value text not null,
+  url text,
+  is_primary boolean not null default false,
+  created_at timestamptz not null default now(),
+  unique (identifier_type, value)
+);
+
+create table if not exists public.person_affiliations (
+  id uuid primary key default gen_random_uuid(),
+  person_id uuid not null references public.people(id) on delete cascade,
+  organization_name text not null,
+  role_title text,
+  start_date date,
+  end_date date,
+  note text,
+  created_at timestamptz not null default now()
+);
+
+create table if not exists public.sources (
+  id uuid primary key default gen_random_uuid(),
+  source_type text not null default 'manual',
+  source_ref text,
+  title text,
+  url text,
+  captured_at timestamptz,
+  created_at timestamptz not null default now()
+);
+
+create table if not exists public.person_facts (
+  id uuid primary key default gen_random_uuid(),
+  person_id uuid not null references public.people(id) on delete cascade,
+  predicate text not null,
+  value text not null,
+  confidence text not null default 'unverified'
+    check (confidence in ('confirmed', 'likely', 'unverified')),
+  source_id uuid references public.sources(id) on delete set null,
+  valid_from date,
+  valid_to date,
+  created_at timestamptz not null default now(),
+  updated_at timestamptz not null default now()
+);
+
+create index if not exists people_canonical_name_trgm
+  on public.people using gin (canonical_name gin_trgm_ops);
+
+create index if not exists people_display_name_trgm
+  on public.people using gin (display_name gin_trgm_ops);
+
+create index if not exists person_identifiers_person_id
+  on public.person_identifiers (person_id);
+
+create index if not exists person_affiliations_person_id
+  on public.person_affiliations (person_id);
+
+create index if not exists person_facts_person_id_created_at
+  on public.person_facts (person_id, created_at desc);
+
+create or replace function public.touch_updated_at()
+returns trigger as $$
+begin
+  new.updated_at = now();
+  return new;
+end;
+$$ language plpgsql;
+
+drop trigger if exists touch_people_updated_at on public.people;
+create trigger touch_people_updated_at
+before update on public.people
+for each row execute function public.touch_updated_at();
+
+drop trigger if exists touch_person_facts_updated_at on public.person_facts;
+create trigger touch_person_facts_updated_at
+before update on public.person_facts
+for each row execute function public.touch_updated_at();