# Crossdeck Backend Storage Map

This repo now follows the North Star storage split:

- `Firebase Auth`
  - Developer authentication only.
  - Email/password, GitHub, Google, and Apple provider accounts.

- `Firestore`
  - Application data that is read by specific ID.
  - Current implementation:
    - `users/{uid}`
      - Auth-linked account record
      - Email, display name, provider list
      - `defaultProjectId`
      - `projectIds`
      - onboarding state
      - created/updated/sign-in timestamps
    - `projects/{projectId}`
      - Crossdeck project shell
      - owner and member IDs
      - environment list
      - business model
      - selected platforms
      - nested app surface configuration
      - nested payment-rail metadata
      - nested product -> entitlement mappings
      - nested verification state
      - onboarding checklist
      - counts for apps, payment rails, products, entitlements
      - created/updated timestamps
  - Planned Firestore records from the North Star:
    - app configurations
    - public SDK keys
    - payment rail metadata and `secretRef`
    - products and entitlements
    - current customer entitlement state
    - internal billing records
    - audit logs

- `Google Cloud Secret Manager`
  - Not wired in this pass.
  - Must store raw Apple `.p8` keys, Stripe secrets, webhook secrets, Google service-account credentials, and other private payment-rail material.
  - Firestore should store only metadata plus `secretRef`.

- `ClickHouse`
  - Not wired in this pass.
  - Must store the append-only event system:
    - telemetry events
    - purchase events
    - renewals
    - refunds
    - subscription state changes
    - entitlement lifecycle signals

## Current bootstrap flow

On first successful auth:

1. Firebase Auth creates the developer user.
2. Firestore creates `users/{uid}` if missing.
3. Firestore creates one default `projects/{projectId}` shell if missing.
4. The dashboard reads those records back and uses them as the first backend-backed state.

## What is intentionally not stored in Firestore

- Apple private keys
- Stripe secret keys
- Stripe webhook signing secrets
- Google Play private credentials
- any raw provider secret capable of verifying payments or changing access

That matches the North Star rule:

- Firebase stores configuration.
- Secret Manager stores secrets.
- ClickHouse stores events.