AgentFlow Enterprise Docs
Supabase Schema and RLS
Manual invoice requests are written through a server-side service-role route. Public browser clients receive no select access.
Manual invoice requests
- The
manual_invoice_requeststable has RLS enabled. - The public form writes through
/api/payments/manual-invoiceafter validation and rate limiting. - Anonymous and authenticated browser roles do not receive table access.
- Trusted server administration can review and update request status.
These docs describe implementation readiness and configuration. They are not a certification, penetration test, contractual SLA, or financial advice claim.