Adolfo Delorenzo
5714acf741
- pyproject.toml: uv workspace with 5 member packages (shared, gateway, router, orchestrator, llm-pool) - docker-compose.yml: PostgreSQL 16 + Redis 7 + Ollama services on konstruct-net - .env.example: all required env vars documented, konstruct_app role (not superuser) - scripts/init-db.sh: creates konstruct_app role at DB init time - packages/shared/shared/config.py: Pydantic Settings loading all env vars - packages/shared/shared/models/message.py: KonstructMessage, ChannelType, SenderInfo, MessageContent - packages/shared/shared/models/tenant.py: Tenant, Agent, ChannelConnection SQLAlchemy 2.0 models - packages/shared/shared/models/auth.py: PortalUser model for admin portal auth - packages/shared/shared/db.py: async SQLAlchemy engine, session factory, get_session dependency - packages/shared/shared/rls.py: current_tenant_id ContextVar and configure_rls_hook with parameterized SET LOCAL - packages/shared/shared/redis_keys.py: tenant-namespaced key constructors (rate_limit, idempotency, session, engaged_thread)
21 lines
664 B
Bash
Executable File
21 lines
664 B
Bash
Executable File
#!/bin/bash
|
|
# PostgreSQL initialization script
|
|
# Creates the konstruct_app application role with limited privileges.
|
|
# The postgres superuser role is NEVER used by application code.
|
|
set -e
|
|
|
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
|
DO \$\$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'konstruct_app') THEN
|
|
CREATE ROLE konstruct_app WITH LOGIN PASSWORD 'konstruct_dev';
|
|
END IF;
|
|
END
|
|
\$\$;
|
|
|
|
GRANT CONNECT ON DATABASE konstruct TO konstruct_app;
|
|
GRANT USAGE ON SCHEMA public TO konstruct_app;
|
|
EOSQL
|
|
|
|
echo "konstruct_app role created successfully."
|