AgentFlow Enterprise Docs

Supabase Schema and RLS

Manual invoice requests are written through a server-side service-role route. Public browser clients receive no select access.

Manual invoice requests

  • The manual_invoice_requests table has RLS enabled.
  • The public form writes through /api/payments/manual-invoice after validation and rate limiting.
  • Anonymous and authenticated browser roles do not receive table access.
  • Trusted server administration can review and update request status.
These docs describe implementation readiness and configuration. They are not a certification, penetration test, contractual SLA, or financial advice claim.