vibn-agent-runner/vibn-frontend/scripts/migrate-workspace-gcs.sql

-- =============================================================================
-- VIBN P5.3 — per-workspace GCS storage columns on vibn_workspaces
--
-- Adds the columns that ensureWorkspaceGcsProvisioned() persists into:
--
--   gcp_service_account_email     — workspace's dedicated GCP SA, e.g.
--                                   vibn-ws-mark@master-ai-484822.iam.gserviceaccount.com
--   gcp_service_account_key_enc   — base64( secret-box(SA JSON keyfile) ).
--                                   Currently only used for runtime auth from app
--                                   code (env injection); control-plane auth still
--                                   uses GOOGLE_SERVICE_ACCOUNT_KEY_B64.
--   gcs_default_bucket_name       — globally-unique GCS bucket created on first
--                                   provision, e.g. vibn-ws-mark-a3f9c1.
--   gcs_hmac_access_id            — S3-compatible HMAC access key id (plain text;
--                                   not a secret on its own).
--   gcs_hmac_secret_enc           — base64( secret-box(HMAC secret) ). Decrypted
--                                   only when STORAGE_SECRET_ACCESS_KEY needs to be
--                                   injected into a Coolify app.
--   gcp_provision_status          — independent of provision_status so a partial
--                                   GCP failure does not flip the whole workspace.
--                                   Values: 'pending' | 'partial' | 'ready' | 'error'.
--   gcp_provision_error           — last error message from the GCP provisioner.
--
-- Safe to re-run.
-- =============================================================================

ALTER TABLE vibn_workspaces
  ADD COLUMN IF NOT EXISTS gcp_service_account_email   TEXT,
  ADD COLUMN IF NOT EXISTS gcp_service_account_key_enc TEXT,
  ADD COLUMN IF NOT EXISTS gcs_default_bucket_name     TEXT,
  ADD COLUMN IF NOT EXISTS gcs_hmac_access_id          TEXT,
  ADD COLUMN IF NOT EXISTS gcs_hmac_secret_enc         TEXT,
  ADD COLUMN IF NOT EXISTS gcp_provision_status        TEXT NOT NULL DEFAULT 'pending',
  ADD COLUMN IF NOT EXISTS gcp_provision_error         TEXT;

CREATE INDEX IF NOT EXISTS vibn_workspaces_gcp_status_idx
  ON vibn_workspaces (gcp_provision_status);

SELECT 'P5.3 workspace-GCS migration complete' AS status;