Schema
Core tables
| Table | Description |
|---|---|
users | Synced from auth.users |
teams | Team records |
team_members | Membership with roles (owner, admin, member) |
api_tokens | Hashed API tokens with team scope |
Data tables
| Table | Description |
|---|---|
tasks | Team-scoped tasks with status, priority, labels |
task_comments | Comments with author and body |
contacts | Team-scoped contact profiles |
contact_changes | Contact update audit trail |
Email tables
| Table | Description |
|---|---|
email_oauth_tokens | Gmail OAuth tokens per team |
email_watches | Gmail Watch subscription state |
Notification tables
| Table | Description |
|---|---|
device_tokens | Push notification device registrations |
notification_preferences | Per-user notification settings |
notification_log | Push delivery audit |
System tables
| Table | Description |
|---|---|
event_queue | SSE event buffer (cloud to service) |
reminder_actions | Reminder engine audit log |
Row Level Security
Every data table has RLS policies that check team membership:- Users can only read and write data for teams they belong to
- API tokens are scoped to a specific team via the
X-Team-Idheader - Policies use
auth.uid()for web sessions and the verified token’s team for API access
Migrations
Database migrations are insupabase/migrations/ (files 001 through 018). Run them with the Supabase CLI: