AW: theCure

backend/app/db/session.py

@@ -0,0 +1,15 @@
+from typing import AsyncGenerator, Optional
+import os
+from sqlalchemy.ext.asyncio import AsyncEngine, AsyncSession, create_async_engine
+from sqlalchemy.orm import sessionmaker
+
+DATABASE_URL = os.getenv("DATABASE_URL", "postgresql+asyncpg://postgres:postgres@db:5432/postgres")
+
+engine: AsyncEngine = create_async_engine(DATABASE_URL, echo=False, future=True)
+AsyncSessionLocal = sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
+
+async def get_session(jwt: Optional[str] = None) -> AsyncGenerator[AsyncSession, None]:
+    async with engine.connect() as conn:
+        # TODO: forward Supabase JWT → Postgres for RLS
+        async with AsyncSession(bind=conn) as session:
+            yield session

backend/app/main.py

@@ -0,0 +1,11 @@
+from fastapi import FastAPI
+from .routes import runtime, admin
+
+app = FastAPI(title="Codeless Platform API", version="0.1.0")
+
+@app.get("/health")
+async def health():
+    return {"status": "ok"}
+
+app.include_router(runtime.router, prefix="/api", tags=["runtime"])
+app.include_router(admin.router,  prefix="/admin", tags=["admin"])

backend/app/models/core.py

@@ -0,0 +1,65 @@
+from sqlalchemy.orm import DeclarativeBase, mapped_column
+from sqlalchemy import String, Text, DateTime, ForeignKey, Boolean
+from sqlalchemy.dialects.postgresql import UUID, JSONB
+from sqlalchemy.sql import func
+import uuid
+
+class Base(DeclarativeBase):
+    pass
+
+class Application(Base):
+    __tablename__ = "applications"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    name = mapped_column(String, unique=True, nullable=False)
+    description = mapped_column(Text)
+    owner_user_id = mapped_column(UUID(as_uuid=True), nullable=True)
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+class Entity(Base):
+    __tablename__ = "entities"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    application_id = mapped_column(UUID(as_uuid=True), ForeignKey("applications.id"), nullable=False)
+    name = mapped_column(String, nullable=False)
+    label = mapped_column(String)
+    description = mapped_column(Text)
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+class Field(Base):
+    __tablename__ = "fields"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    entity_id = mapped_column(UUID(as_uuid=True), ForeignKey("entities.id"), nullable=False)
+    name = mapped_column(String, nullable=False)
+    label = mapped_column(String)
+    field_type = mapped_column(String, nullable=False)
+    required = mapped_column(Boolean, default=False)
+    default_value = mapped_column(String)
+    relation_entity = mapped_column(UUID(as_uuid=True), ForeignKey("entities.id"))
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+class Form(Base):
+    __tablename__ = "forms"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    application_id = mapped_column(UUID(as_uuid=True), ForeignKey("applications.id"), nullable=False)
+    entity_id = mapped_column(UUID(as_uuid=True), ForeignKey("entities.id"), nullable=False)
+    name = mapped_column(String, nullable=False)
+    label = mapped_column(String)
+    form_type = mapped_column(String, nullable=False)
+    layout_json = mapped_column(JSONB, nullable=False)
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+class Workflow(Base):
+    __tablename__ = "workflows"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    application_id = mapped_column(UUID(as_uuid=True), ForeignKey("applications.id"), nullable=False)
+    entity_id = mapped_column(UUID(as_uuid=True), ForeignKey("entities.id"), nullable=False)
+    name = mapped_column(String, nullable=False)
+    description = mapped_column(Text)
+    trigger_event = mapped_column(String, nullable=False)
+    condition_json = mapped_column(JSONB)
+    action_json = mapped_column(JSONB)
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())

backend/app/models/security.py

@@ -0,0 +1,48 @@
+from sqlalchemy.orm import mapped_column
+from sqlalchemy import String, Text, DateTime, ForeignKey, Boolean
+from sqlalchemy.dialects.postgresql import UUID, JSONB
+from sqlalchemy.sql import func
+import uuid
+from .core import Base
+
+class Role(Base):
+    __tablename__ = "roles"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    name = mapped_column(String, unique=True, nullable=False)
+    description = mapped_column(Text)
+    parent_role_id = mapped_column(UUID(as_uuid=True), ForeignKey("roles.id"))
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+class User(Base):
+    __tablename__ = "users"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    email = mapped_column(String, unique=True)
+    display_name = mapped_column(String)
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+class UserRole(Base):
+    __tablename__ = "user_roles"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    user_id = mapped_column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=False)
+    role_id = mapped_column(UUID(as_uuid=True), ForeignKey("roles.id"), nullable=False)
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+
+class EntityPermission(Base):
+    __tablename__ = "entity_permissions"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    role_id = mapped_column(UUID(as_uuid=True), ForeignKey("roles.id"), nullable=False)
+    entity_id = mapped_column(UUID(as_uuid=True), ForeignKey("entities.id"), nullable=False)
+    can_create = mapped_column(Boolean, default=False)
+    can_read   = mapped_column(Boolean, default=False)
+    can_update = mapped_column(Boolean, default=False)
+    can_delete = mapped_column(Boolean, default=False)
+    row_filter_json = mapped_column(JSONB)
+    created_at = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+class FieldPermission(Base):
+    __tablename__ = "field_permissions"
+    id = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    role_id = mapped_column(UUID(as_uuid=_

backend/app/models/views.py

@@ -0,0 +1,27 @@
+from sqlalchemy.orm import mapped_column
+from sqlalchemy import String, Boolean
+from sqlalchemy.dialects.postgresql import UUID, JSONB
+from .core import Base
+
+# Read-only ORM mappings to Postgres views
+
+class CurrentUserEntityPermission(Base):
+    __tablename__ = "current_user_entity_permissions"
+    user_id = mapped_column(UUID(as_uuid=True), primary_key=True)
+    entity_id = mapped_column(UUID(as_uuid=True), primary_key=True)
+    entity_name = mapped_column(String)
+    can_create = mapped_column(Boolean)
+    can_read   = mapped_column(Boolean)
+    can_update = mapped_column(Boolean)
+    can_delete = mapped_column(Boolean)
+    row_filters = mapped_column(JSONB)
+
+class CurrentUserFieldPermission(Base):
+    __tablename__ = "current_user_field_permissions"
+    user_id = mapped_column(UUID(as_uuid=True), primary_key=True)
+    field_id = mapped_column(UUID(as_uuid=True), primary_key=True)
+    entity_id = mapped_column(UUID(as_uuid=True))
+    field_name = mapped_column(String)
+    entity_name = mapped_column(String)
+    can_read   = mapped_column(Boolean)
+    can_update = mapped_column(Boolean)

backend/app/routes/admin.py

@@ -0,0 +1,12 @@
+from fastapi import APIRouter
+
+router = APIRouter()
+
+# Stub endpoints for Admin (4GL) APIs — expand later.
+@router.get("/apps")
+async def list_apps():
+    return []
+
+@router.post("/apps")
+async def create_app(payload: dict):
+    return payload

backend/app/routes/runtime.py

@@ -0,0 +1,23 @@
+from fastapi import APIRouter, Depends, Header
+from sqlalchemy.ext.asyncio import AsyncSession
+from ..db.session import get_session
+from ..services import runtime_crud
+
+router = APIRouter()
+
+@router.get("/{entity}/records")
+async def list_records(entity: str, authorization: str | None = Header(default=None), session: AsyncSession = Depends(get_session)):
+    return await runtime_crud.list_records(session, entity)
+
+@router.post("/{entity}/records")
+async def create_record(entity: str, payload: dict, authorization: str | None = Header(default=None), session: AsyncSession = Depends(get_session)):
+    return await runtime_crud.create_record(session, entity, payload)
+
+@router.patch("/{entity}/records/{record_id}")
+async def update_record(entity: str, record_id: str, payload: dict, authorization: str | None = Header(default=None), session: AsyncSession = Depends(get_session)):
+    return await runtime_crud.update_record(session, entity, record_id, payload)
+
+@router.delete("/{entity}/records/{record_id}")
+async def delete_record(entity: str, record_id: str, authorization: str | None = Header(default=None), session: AsyncSession = Depends(get_session)):
+    await runtime_crud.delete_record(session, entity, record_id)
+    return {"status": "deleted"}

backend/app/services/permissions.py

@@ -0,0 +1,30 @@
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+from typing import Dict, Set
+from ..models.views import CurrentUserEntityPermission, CurrentUserFieldPermission
+
+async def fetch_entity_permissions(session: AsyncSession) -> Dict[str, dict]:
+    result = await session.execute(select(CurrentUserEntityPermission))
+    perms = {}
+    for row in result.scalars():
+        perms[row.entity_name] = {
+            "can_create": row.can_create,
+            "can_read": row.can_read,
+            "can_update": row.can_update,
+            "can_delete": row.can_delete,
+            "row_filters": row.row_filters,
+        }
+    return perms
+
+async def fetch_field_permissions(session: AsyncSession) -> Dict[str, Set[str]]:
+    result = await session.execute(select(CurrentUserFieldPermission))
+    readable: Dict[str, Set[str]] = {}
+    updatable: Dict[str, Set[str]] = {}
+    for row in result.scalars():
+        readable.setdefault(row.entity_name, set())
+        updatable.setdefault(row.entity_name, set())
+        if row.can_read:
+            readable[row.entity_name].add(row.field_name)
+        if row.can_update:
+            updatable[row.entity_name].add(row.field_name)
+    return {"readable": readable, "updatable": updatable}

backend/app/services/runtime_crud.py

@@ -0,0 +1,54 @@
+from typing import Any, Dict, List
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import text
+
+# Minimal demo CRUD for tickets entity.
+async def list_records(session: AsyncSession, entity: str, limit: int = 50, offset: int = 0) -> List[Dict[str, Any]]:
+    if entity != 'tickets':
+        return []
+    stmt = text("""
+        select id, title, description, status, created_by, created_at
+        from public.tickets
+        order by created_at desc
+        limit :limit offset :offset
+    """)
+    result = await session.execute(stmt, dict(limit=limit, offset=offset))
+    return [dict(r._mapping) for r in result]
+
+async def create_record(session: AsyncSession, entity: str, payload: Dict[str, Any]) -> Dict[str, Any]:
+    if entity != 'tickets':
+        return payload
+    stmt = text("""
+        insert into public.tickets (title, description, status, created_by)
+        values (:title, :description, coalesce(:status, 'open'), coalesce(:created_by, gen_random_uuid()))
+        returning id, title, description, status, created_by, created_at
+    """)
+    result = await session.execute(stmt, payload)
+    row = result.first()
+    await session.commit()
+    return dict(row._mapping) if row else {}
+
+async def update_record(session: AsyncSession, entity: str, record_id: str, payload: Dict[str, Any]) -> Dict[str, Any]:
+    if entity != 'tickets':
+        return payload
+    stmt = text("""
+        update public.tickets
+        set title = coalesce(:title, title),
+            description = coalesce(:description, description),
+            status = coalesce(:status, status)
+        where id = :id
+        returning id, title, description, status, created_by, created_at
+    """)
+    params = {**payload, "id": record_id}
+    result = await session.execute(stmt, params)
+    row = result.first()
+    await session.commit()
+    return dict(row._mapping) if row else {}
+
+async def delete_record(session: AsyncSession, entity: str, record_id: str) -> None:
+    if entity != 'tickets':
+        return None
+    stmt = text("delete from public.tickets where id = :id")
+    await session.execute(stmt, {"id": record_id})
+    await session.commit()
+    return None