feat: backup appwritefix: CORS error by adding platforms

2026-03-15 00:01:10 -04:00
parent cf4bfc971c
commit f14e405e6f
7 changed files with 403 additions and 4 deletions
--- a/docs/summaries/decisions-2026-03-14-domain-target-fix.md
+++ b/docs/summaries/decisions-2026-03-14-domain-target-fix.md
@@ -40,4 +40,17 @@ File is now only downloaded if absent. Upgrade playbook handles re-downloads.
 - Appwrite console loads without error ✅
 - Stack running on bab1.mgmt.toal.ca ✅
 - install_appwrite.yml is idempotent ✅
- node_exporter install: complete, metrics confirmed ✅
+- node_exporter install: complete, metrics confirmed ✅
+- bootstrap_appwrite.yml: project + API key creation working ✅
+  - API key stored at kv/oys/bab-appwrite-api-key
+
+## bootstrap_appwrite.yml — Key Decisions
+
+| Decision | Rationale |
+|----------|-----------|
+| No account creation task | Appwrite only grants console owner role via web UI signup, not REST API |
+| JWT required for console API | Session cookie alone gives `role: users`; JWT carries team membership claims including `projects.write` |
+| teamId fetched dynamically | Appwrite 1.8.x requires teamId in POST /v1/projects; use teams[0]['$id'] from GET /v1/teams |
+| `$id` via bracket notation | Jinja2 treats `$` as special; dot notation fails |
+| vault_kv2_write (not vault_kv2_put) | No put module in community.hashi_vault; no patch operation — dedicated path avoids clobbering other secrets |
+| Dedicated Vault path kv/oys/bab-appwrite-api-key | Separate from env config secrets to avoid full-overwrite on re-run |