# ADR-007: Client config as schema-validated JSONB

- **Status**: Accepted
- **Date**: 2026-04-19
- **Deciders**: alkdev

## Context

The hub connects to external services — LLM providers, VCS, compute, MCP servers, future integrations (JMAP, etc.). Each has a different configuration shape. TypeBox schemas already exist for some (MCPServerConfig in core).

## Decision

Each client type has a known TypeBox schema that validates the config column on write. Schemas live in code (not in the DB). The type column determines which schema validates config. This supports arbitrary client types without schema migrations. The four-layer model: (1) Client config schema (TypeBox, in code), (2) Client config instance (JSONB, clients.config), (3) Auth config schema (TypeBox, in code — implicit in secretKey wiring), (4) Auth config instance (encrypted, client_secrets.value). Config instances are plain JSONB. Auth instances are encrypted with AES-256-GCM.

## Consequences

Config column is opaque to SQL queries. Acceptable because clients are looked up by name (unique) or type, not by config field values. Positive: no schema migrations for new client types, TypeBox validation ensures data integrity, clean separation of config and secrets. Negative: cannot query config fields directly in SQL.