Scritorio’s first account system uses a separate Supabase project for identity, authorization, entitlement state, and managed AI usage accounting. The desktop app stays local-first: manuscripts, notes, Codex files, reports, and exports remain local project files.

Backend

  • Supabase project: scritorio
  • Project ref: pyglmeehohtpjimgiuyz
  • Region: us-east-1
  • Organization: kevin-personal-assistant-data
The existing todos and journaling project is not reused.

Desktop Environment

The desktop app only needs public Supabase config: 
PUBLIC_SUPABASE_URL="https://pyglmeehohtpjimgiuyz.supabase.co"
PUBLIC_SUPABASE_PUBLISHABLE_KEY="..."
PUBLIC_SCRITORIO_AI_GATEWAY_URL="https://..."
No Lemon Squeezy API key, webhook secret, Supabase service role key, or other privileged value belongs in desktop code or public environment variables.

Account And Authorization

Supabase Auth handles account creation, login, session refresh, and access tokens. The desktop app uses the Supabase publishable key to create an account, sign in, load the current user, update the user’s profile, and call authenticated backend surfaces. Server-side systems derive identity from the Supabase user id rather than from any client-provided user id. Supabase Postgres stores:
  • profiles for account profile display
  • billing_customers, subscriptions, license_keys, and entitlements for paid account state
  • ai_user_plans for managed AI plan and quota periods
  • ai_usage_events for the managed AI usage ledger
Row level security is enabled on account, billing, entitlement, plan, and usage tables. Users can read their own rows. Privileged writes happen through trusted backend code, not from desktop code.

Managed AI Gateway

Managed AI requests go through a Cloudflare Worker instead of direct desktop-to-OpenAI calls. The Worker verifies the Supabase access token, checks ai_user_plans, sums ai_usage_events, calls OpenAI with Scritorio’s backend key, and writes a usage event. See Managed AI Gateway for the full runtime flow.

Lemon Squeezy Test Mode

Lemon Squeezy approval is not required for this integration pass. Test mode supports checkouts, subscriptions, webhooks, and license keys. Test-mode products, customers, and webhook settings are separate from live mode, so launch requires replacing IDs/secrets and configuring the live webhook endpoint. The first backend billing surface is the Cloudflare Worker webhook: 
https://api.scritorio.studio/v1/billing/lemonsqueezy/webhook
Set LEMONSQUEEZY_WEBHOOK_SECRET as a Worker secret. Lemon Squeezy signs each webhook request with that secret; the Worker verifies the signature before logging the event to Supabase.

Entitlement Flow

  1. A signed-in desktop user clicks the account plan action.
  2. The desktop app will call a Scritorio API checkout endpoint.
  3. The Worker will create a Lemon Squeezy Test-mode checkout with custom_data.user_id.
  4. Lemon sends subscription and license webhooks to the Scritorio API webhook endpoint.
  5. The Worker verifies the webhook signature and writes a durable billing_webhook_events row in Supabase.
  6. A later pass will process those logged events into billing, subscription, license, and entitlement rows.
  7. The desktop account panel refreshes and shows subscription, license, and entitlement state.
Paid feature gates should read normalized entitlements, starting with scritorio_pro.