alkdev/hub
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hub/docs/decisions/ADR-007-client-config-as-schema-validated-jsonb.md
glm-5.1 2b63cda1c7 Setup repo: migrate architecture specs, code stubs, and tasks from alkhub_ts 
Copy architecture docs, ADRs, storage domain specs, research, reviews,
and 56 storage architecture tasks from the alkhub_ts monorepo. Adapt for
standalone @alkdev/hub repo structure (src/ not packages/hub/).

Sanitize all sensitive information:
- Replace private IPs (10.0.0.1) with localhost defaults
- Remove internal server hostnames (dev1, ns528096)
- Replace /workspace/ private paths with npm package references
- Remove hardcoded credentials from examples
- Rewrite infrastructure.md without private network details

Add Deno project scaffolding: deno.json (pinned deps), .gitignore,
AGENTS.md, entry point. Migrate existing code stubs (crypto, config
types, logger) with updated import paths.
2026-05-25 10:56:32 +00:00

17 lines
1.3 KiB
Markdown
Raw Permalink Blame History

# ADR-007: Client config as schema-validated JSONB
- **Status**: Accepted
- **Date**: 2026-04-19
- **Deciders**: alkdev
## Context
The hub connects to external services — LLM providers, VCS, compute, MCP servers, future integrations (JMAP, etc.). Each has a different configuration shape. TypeBox schemas already exist for some (MCPServerConfig in core).
## Decision
Each client type has a known TypeBox schema that validates the config column on write. Schemas live in code (not in the DB). The type column determines which schema validates config. This supports arbitrary client types without schema migrations. The four-layer model: (1) Client config schema (TypeBox, in code), (2) Client config instance (JSONB, clients.config), (3) Auth config schema (TypeBox, in code — implicit in secretKey wiring), (4) Auth config instance (encrypted, client_secrets.value). Config instances are plain JSONB. Auth instances are encrypted with AES-256-GCM.
## Consequences
Config column is opaque to SQL queries. Acceptable because clients are looked up by name (unique) or type, not by config field values. Positive: no schema migrations for new client types, TypeBox validation ensures data integrity, clean separation of config and secrets. Negative: cannot query config fields directly in SQL.
Reference in New Issue View Git Blame Copy Permalink