Decision Log

Why things are the way they are — so you don't re-litigate, and AI tools understand the reasoning.

13 Jun 2026

Context: RobOS needs to be useful immediately, and over-engineering persistence early would slow the first version.
Decision: Ship the MVP on local TypeScript/Markdown seed data (src/data, /brain). Add Supabase later behind the same types.
Reason: Fastest path to a useful, beautiful tool. The type contract means storage can be swapped without rewriting the UI.
Impact: No auth/DB needed now. AI tools can read/reason from local files. Persistence is a clean later phase.

Revisit 1 Sept 2026Supabase

13 Jun 2026

Context: Many AI tools exist, but supporting all of them dilutes the workflow and the UI.
Decision: RobOS supports Claude, GPT/ChatGPT and Codex only. No Gemini, Perplexity, Mistral, Grok or Copilot.
Reason: These three cover build (Claude), strategy (GPT) and repo work (Codex). A focused set keeps the Workbench sharp.
Impact: Provider selector, templates and Compare mode are designed around exactly these three.

13 Jun 2026

Context: RobOS maps credentials, but storing real secrets in source/Markdown/JSON/git is a serious risk.
Decision: The app stores a credential MAP only — locations, env var names, AI access rules, safe handover text. Real values live in a password manager. .gitignore excludes Credentials.txt and env files.
Reason: Secrets in a synced/committed repo leak. A map is operationally useful without the exposure.
Impact: AI tools get told what exists and how to use it safely, never the values themselves.

Revisit 1 Dec 2026

10 Jun 2026

Context: The ROM Portal serves multiple school clients; data isolation is non-negotiable.
Decision: Use Supabase Row Level Security as the primary isolation mechanism, with the service role key server-side only.
Reason: RLS enforces tenant isolation at the database, not just the app layer — far safer.
Impact: Every table needs explicit policies. The service role key must never reach the client.

Revisit 1 Aug 2026