Primary People HR

HR platform for Primary People — staff records, onboarding, absence and compliance tailored to the education sector.

BuildingWatchHRGPT6 openUpdated 1w ago

Open Workspace

Tick what you need, then launch this project's tools together.

Links open in your current Chrome profile — RobOS can't switch profiles for you. Use Chrome · PrimaryICT Work. If your browser blocks the bulk open, click any link's arrow individually.

Current status & focus

Statusbuilding

Healthamber

Current focusStaff record schema + onboarding flow.

Last update3 Jun 2026

Next action

Map compliance fields (DBS, references, right-to-work) into the model.

Architecture

Next.js App Router + TypeScript + Tailwind. Supabase with strict RLS for sensitive HR data. Vercel hosting.

Design standard

Trustworthy, calm, compliance-friendly. Clear forms and audit trails. RobOS design language.

Known issues & blockers

Compliance field requirements need sign-off before schema is locked.

Decisions

All decisions

No decisions logged for this project yet.

Reusable prompts

Prompt library

Security audit (any project)
Security · best with claude
AI handover builder (any project)
Handover · best with gpt

AI handover

Primary People HR handles sensitive staff data (Next.js + Supabase, strict RLS). Compliance fields (DBS/references/right-to-work) are not yet signed off — don't lock the schema. Treat all HR data as confidential. GPT for planning, with a security audit before launch.

Quick launch

Live app GitHub repo Vercel project Supabase project Domain / DNS

cd command

cd "C:\dev\primary-people-hr"

Account & profile

Account identityPrimaryICT work account · GitHub (rob@rob-os.com) · Vercel via GitHub

Browser profileChrome · PrimaryICT Work

Local repo pathC:\dev\primary-people-hr

Domainprimarypeople.example

Environment map

NEXT_PUBLIC_SUPABASE_URL

Used by app runtime + Vercel · value in Vercel project env

public

NEXT_PUBLIC_SUPABASE_ANON_KEY

Used by app runtime + Vercel · value in Vercel project env

public anon key

SUPABASE_SERVICE_ROLE_KEY

Used by server only · value in Vercel project env (server)

sensitive HR data — strict access

Credentials map

All credentials

GitHub login

GitHub · Login

CriticalAI: never share

Account: rob@rob-os.com
Secret location: Password manager › RobOS vault › GitHub
MFA: Enabled
Recovery: Password manager › RobOS vault › GitHub › recovery
Last reviewed: 2026-06-13

Used by:HumanVercel

Shared in a chat transcript on 2026-06-13 — ROTATE soon and enable a passkey. Vercel & Supabase log in via this GitHub account.

AI-safe handover: GitHub is the identity hub — Vercel and Supabase authenticate via 'Continue with GitHub'. Never request or print the GitHub password. Use a fine-grained Personal Access Token in CI via the GITHUB_TOKEN env var instead.

Vercel (via GitHub SSO)

Vercel · Oauth App

Medium riskAI: never share

Account: rob@rob-os.com (GitHub SSO)
Secret location: No separate password — logs in via GitHub
MFA: Enabled
Last reviewed: 2026-06-13

Used by:HumanApp Runtime

No standalone secret; secured by the GitHub account. Use VERCEL_TOKEN for API automation later.

AI-safe handover: Vercel logs in with GitHub SSO — there is no separate Vercel password. For future API automation use a VERCEL_TOKEN env var; do not request it inline.

Supabase database password

Supabase · Login

CriticalAI: never share

Account: postgres (per project)
Secret location: Password manager › RobOS vault › Supabase DB; also in Supabase project settings
MFA: Off
Last reviewed: 2026-06-13

Used by:HumanApp Runtime

Shared in a chat transcript on 2026-06-13 — ROTATE in Supabase project settings. Dashboard login itself is via GitHub SSO.

AI-safe handover: The Supabase Postgres password is a secret. Never request, print or hardcode it. Connect using the pooled connection string from process.env (e.g. DATABASE_URL / SUPABASE_DB_URL) which I configure manually.

Supabase service role key

Supabase · Env Var

CriticalAI: env var only

Secret location: Supabase project › Settings › API; injected via Vercel env (server only)
Env var: SUPABASE_SERVICE_ROLE_KEY
MFA: Off
Last reviewed: 2026-06-13

Used by:App RuntimeVercel

Rotate from Supabase API settings if leaked. Server-side only — never in client bundles.

AI-safe handover: Use process.env.SUPABASE_SERVICE_ROLE_KEY on the server only. Do not hardcode, print, expose to the client, or request the value. Assume I configure it manually in Vercel.

For Codex

Generate a repo-ready task brief with acceptance criteria in the Prompt Builder.

Repo: rob-os/primary-people-hr