Foundation app
Next.js App Router foundation, shared layout shell, health route, and base styling are present.
Foundation shell
Foundation dashboard
This dashboard tracks completed foundation work and planned Pandora modules. It does not expose memory features because the memory engine and database schema are not implemented.
Server-side Supabase session lookup for the current request. No profile or memory records are loaded.
No Supabase Auth user is present for this request. The dashboard remains visible as a foundation status page.
Work that exists in the repository today.
Next.js App Router foundation, shared layout shell, health route, and base styling are present.
Architecture, security, API, memory, environment, and coding standards are documented as implementation contracts.
Open referenceSupabase CLI scripts and placeholder migration workflow are prepared without production memory schema.
Supabase Auth helpers, magic-link login, callback, logout, and safe session status API are present.
Initial Supabase migration defines core, real-life, and AU/story tables with row-level protection enabled.
Owner-scoped row-level security rules exist for user-owned core, real-life, and AU/story tables.
Schema-aligned TypeScript database types, typed Supabase clients, and table namespace helpers are present.
Repository contracts, context helpers, namespace guards, and owned insert preparation are present without public APIs.
Server-side repositories exist for selected core tables with owner and namespace filters.
Service-layer validators for memory candidates and patch candidates are present without public routes.
Service functions combine validation with safe repositories for memory candidate preparation and internal saving.
Internal services prepare and write retrieval, prompt, and audit logs through safe repositories.
Internal service validates memory patch candidates, writes append-only patch rows, and records audit logs.
Internal owner and namespace filtered memory item retrieval is present without pgvector or public routes.
Internal transaction boundary and idempotency helpers exist for future mutation safety.
RLS-protected idempotency records and internal persistence helpers exist, still without public mutation routes.
Internal mutation wrappers check idempotency, run transaction boundaries, and record outcomes without public routes.
Database functions and typed helpers coordinate idempotency claims and outcomes without public mutation routes.
Use this authenticated admin route for proof rows. The old /memory/browser public shell now redirects here and public reads remain disabled.
Required systems that remain planned and must not be implied as live.
No public ingest route, extraction runtime, semantic retrieval, or memory timeline behavior is implemented yet.
The pgvector extension, embedding tables, vector indexes, and semantic retrieval are not enabled.
Responses API calls, embeddings, extraction prompts, and model-backed memory workflows are not implemented.
Canon guardrails, scene aftermath, retcons, character state, and AU relationship state are schema-ready but not implemented as behavior.
The Custom GPT Actions OpenAPI schema and action routes are not implemented.
The optional remote MCP tools are planned and must later share the same validated service layer as REST APIs.
Rules future pages and APIs must preserve.
Pandora will treat its own Supabase Postgres database as durable memory, not ChatGPT built-in memory.
Real-life and AU/story memory must remain separated in every future query, write, and UI state.
Foundation UI must not invent people, worlds, relationships, promises, risks, deals, scenes, metrics, or audit logs.
Memory patch writes go through an internal create-only service and still expose no public routes.
The database policy layer now has an owner boundary; service-layer validation remains separate.
Table names and namespace expectations are now represented in reusable TypeScript helpers.
Service helpers prepare owner-bound records from authenticated context before future database operations.
Core repositories filter by owner and namespace, and still expose no public memory API surface.
Memory candidates are checked for namespace, type, source, and patch safety before any future persistence path.
Candidate services are internal-only and do not expose public ingest or patch routes.
Logging services are internal-only and write through owner-bound repositories without exposing public routes.
Patch services validate patch candidates and write audit rows without exposing mutation routes.
Retrieval services use owner and namespace repository filters and do not expose public search routes.
Mutation routes must later use real transaction behavior and persistent idempotency before exposure.
Internal mutation wrappers now check idempotency before writes and record outcomes, but no public mutation route exists.
Database function helpers coordinate idempotent claim and finish records, but no memory mutation is public yet.
No live data
No fake metrics, users, worlds, scenes, relationships, risks, promises, deals, or audit logs are shown. Real cards can be added only after backed by implemented routes, schema, RLS, and retrieval logic.
Reference contracts for future implementation tasks.