feat(db): mesh data model — meshes, members, invites, audit log

- pgSchema "mesh" with 4 tables isolating the peer mesh domain - Enums: visibility, transport, tier, role - audit_log is metadata-only (E2E encryption enforced at broker/client) - Cascade on mesh delete, soft-delete via archivedAt/revokedAt Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 21:19:32 +01:00
commit d3163a5bff
1384 changed files with 314925 additions and 0 deletions
--- a/apps/web/.env.example
+++ b/apps/web/.env.example
@@ -0,0 +1,178 @@
+# Since .env is gitignored, you can use .env.example to build a new `.env` file when you clone the repo.
+# Keep this file up-to-date when you add new variables to \`.env\`.
+
+# This file will be committed to version control, so make sure not to have any secrets in it.
+# If you are cloning this repo, create a copy of this file named `.env` and populate it with your secrets.
+
+# Env variables extracted from shared to be exposed to the client in Next.js app
+NEXT_PUBLIC_PRODUCT_NAME="${PRODUCT_NAME}"
+NEXT_PUBLIC_URL="${URL}"
+NEXT_PUBLIC_DEFAULT_LOCALE="${DEFAULT_LOCALE}"
+
+# Theme mode and color
+NEXT_PUBLIC_THEME_MODE="system"
+NEXT_PUBLIC_THEME_COLOR="orange"
+
+# Email address to send contact form submissions to
+CONTACT_EMAIL="hello@resend.dev"
+
+
+#########################
+###    Auth config    ###
+#########################
+
+# Use this variable to enable or disable password-based authentication. If you set this to true, users will be able to sign up and sign in using their email and password. If you set this to false, the form won't be shown.
+NEXT_PUBLIC_AUTH_PASSWORD="true"
+
+# Use this variable to enable or disable magic link-based authentication. If you set this to true, users will be able to sign up and sign in using a magic link sent to their email. If you set this to false, the form won't be shown.
+NEXT_PUBLIC_AUTH_MAGIC_LINK="false"
+
+# Use this variable to enable or disable passkey-based authentication. If you set this to true, users will be able to sign in using a passkey and add them to their accounts. If you set this to false, the option won't be available.
+NEXT_PUBLIC_AUTH_PASSKEY="true"
+
+# Use this variable to enable or disable anonymous authentication. If you set this to true, users will be able to proceed to your app without "traditional" authentication. If you set this to false, the anonymous login won't be available.
+NEXT_PUBLIC_AUTH_ANONYMOUS="true"
+
+# Auth server secret - used to sign the tokens
+BETTER_AUTH_SECRET="lT4GdPj3OSx00OcTRUdwywn1DNgBBuvK"
+
+# OAuth providers
+APPLE_CLIENT_ID="<your-apple-client-id>"
+APPLE_CLIENT_SECRET="<your-apple-client-secret>"
+APPLE_APP_BUNDLE_IDENTIFIER="<your-apple-bundle-identifier>"
+
+GOOGLE_CLIENT_ID="<your-google-client-id>"
+GOOGLE_CLIENT_SECRET="<your-google-client-secret>"
+
+GITHUB_CLIENT_ID="<your-github-client-id>"
+GITHUB_CLIENT_SECRET="<your-github-client-secret>"
+
+
+# Seed config (used for accounts in development environment)
+SEED_EMAIL="me@turbostarter.dev"
+SEED_PASSWORD="Pa\$\$w0rd"
+
+
+##########################
+###   Billing config   ###
+##########################
+
+# Billing model - used to bill your customers
+BILLING_MODEL="recurring"
+
+# Stripe server config - required only if you use Stripe as a billing provider
+STRIPE_WEBHOOK_SECRET="<your-stripe-webhook-secret>"
+STRIPE_SECRET_KEY="<your-stripe-secret-key>"
+
+# Lemon Squeezy server config - required only if you use Lemon Squeezy as a billing provider
+LEMON_SQUEEZY_API_KEY="<your-lemon-squeezy-api-key>"
+LEMON_SQUEEZY_SIGNING_SECRET="<your-lemon-squeezy-signing-secret>"
+LEMON_SQUEEZY_STORE_ID="<your-lemon-squeezy-store-id>"
+
+# Polar server config - required only if you use Polar as a billing provider
+POLAR_ACCESS_TOKEN="<your-polar-access-token>"
+POLAR_WEBHOOK_SECRET="<your-polar-webhook-secret>"
+POLAR_ORGANIZATION_SLUG="<your-polar-organization-slug>"
+
+
+########################
+###   Email config   ###
+########################
+
+# Email from address - used as the sender of the email
+EMAIL_FROM="hello@resend.dev"
+
+# Resend server config - required only if you use Resend as an email provider
+RESEND_API_KEY="<your-resend-api-key>"
+
+# Sendgrid server config - required only if you use Sendgrid as an email provider
+SENDGRID_API_KEY="<your-sendgrid-api-key>"
+
+# Plunk server config - required only if you use Plunk as an email provider
+PLUNK_API_KEY="<your-plunk-api-key>"
+
+# Postmark server config - required only if you use Postmark as an email provider
+POSTMARK_API_KEY="<your-postmark-api-key>"
+
+# Nodemailer server config - required only if you use Nodemailer as an email provider
+NODEMAILER_USER="<your-nodemailer-user>"
+NODEMAILER_PASSWORD="<your-nodemailer-password>"
+NODEMAILER_HOST="<your-nodemailer-host>"
+NODEMAILER_PORT="0"
+
+
+#############################
+###   Monitoring config   ###
+#############################
+
+# Sentry config - required only if you use Sentry as a monitoring provider
+NEXT_PUBLIC_SENTRY_DSN="<your-sentry-dsn>"
+NEXT_PUBLIC_SENTRY_ENVIRONMENT="development"
+SENTRY_AUTH_TOKEN="<your-sentry-auth-token>" # required for source maps upload
+
+# Posthog config - reused from analytics section below
+
+
+############################
+###   Analytics config   ###
+############################
+
+# Posthog config - required only if you use Posthog as an analytics/monitoring provider
+NEXT_PUBLIC_POSTHOG_KEY="<your-posthog-api-key>"
+NEXT_PUBLIC_POSTHOG_HOST="https://us.i.posthog.com"
+
+# Open Panel config - required only if you use Open Panel as an analytics provider
+NEXT_PUBLIC_OPEN_PANEL_CLIENT_ID="<your-open-panel-client-id>"
+OPEN_PANEL_SECRET="<your-open-panel-secret>"
+
+# Google Analytics config - required only if you use Google Analytics as an analytics provider
+NEXT_PUBLIC_GOOGLE_ANALYTICS_MEASUREMENT_ID="<your-google-analytics-measurement-id>"
+GOOGLE_ANALYTICS_SECRET="<your-google-analytics-secret>"
+
+# Umami config - required only if you use Umami as an analytics provider
+NEXT_PUBLIC_UMAMI_HOST="https://cloud.umami.is"
+NEXT_PUBLIC_UMAMI_WEBSITE_ID="<your-umami-website-id>"
+UMAMI_API_HOST="https://api-gateway.umami.dev"
+UMAMI_API_KEY="<your-umami-api-key>"
+
+# Plausible config - required only if you use Plausible as an analytics provider
+NEXT_PUBLIC_PLAUSIBLE_HOST="https://plausible.io"
+NEXT_PUBLIC_PLAUSIBLE_DOMAIN="<your-plausible-domain>"
+
+# Mixpanel config - required only if you use Mixpanel as an analytics provider
+NEXT_PUBLIC_MIXPANEL_TOKEN="<your-mixpanel-token>"
+
+# Vemetric config - required only if you use Vemetric as an analytics provider
+NEXT_PUBLIC_VEMETRIC_PROJECT_TOKEN="<your-vemetric-project-token>"
+
+
+##########################
+###   Storage config   ###
+##########################
+
+# S3 server config - required only if you use S3 as a storage provider
+S3_REGION="us-east-1"
+S3_BUCKET="storage"
+S3_ENDPOINT="https://s3.amazonaws.com"
+S3_ACCESS_KEY_ID="<your-s3-access-key-id>"
+S3_SECRET_ACCESS_KEY="<your-s3-secret-access-key>"
+
+
+#########################
+###     AI config     ###
+#########################
+
+# OpenAI API key - required only if you use OpenAI as an AI provider
+OPENAI_API_KEY="<your-openai-api-key>"
+
+# Anthropic API key - required only if you use Anthropic as an AI provider
+ANTHROPIC_API_KEY="<your-anthropic-api-key>"
+
+# Google Generative AI API key - required only if you use Google Generative AI as an AI provider
+GOOGLE_GENERATIVE_AI_API_KEY="<your-google-generative-ai-api-key>"
+
+# Mistral API key - required only if you use Mistral as an AI provider
+MISTRAL_API_KEY="<your-mistral-api-key>"
+
+# Perplexity API key - required only if you use Perplexity as an AI provider
+PERPLEXITY_API_KEY="<your-perplexity-api-key>"