daveadmin
b6212b8729
client_users.email has a UNIQUE constraint. SSO users who already have a CaveauAI account share the same email address, causing provision to fail with "already belongs to another workspace". Fix: SSO-provisioned client_users rows use dbn-sso-{client_id}@dbn.tools.internal as the owner email so they never collide with real account rows. The real email stays on clients.contact_email for display purposes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Do Better Norge Legal Tools Hub
MVP docroot for tools.dobetternorge.no.
Required environment
- CaveauAI client access for
DBN_CAVEAU_CLIENT_SLUGandDBN_CAVEAU_PACKAGE_SLUG DBN_AZURE_OPENAI_ENDPOINTDBN_AZURE_OPENAI_API_KEYDBN_AZURE_OPENAI_API_VERSIONDBN_AZURE_OPENAI_CHAT_DEPLOYMENTDBN_AZURE_OPENAI_EMBEDDING_DEPLOYMENT
Optional:
DBN_AI_PORTAL_ROOT(defaults to siblingai-portal)DBN_CAVEAU_CLIENT_SLUG(defaults todobetter)DBN_CAVEAU_PACKAGE_SLUG(defaults tofamily-legal)DBN_TOOLS_SUPPORT_DIRDBN_TOOLS_METADATA_LOG
Authentication
The login form authenticates against Caveau client_users for the configured
client slug. The client must be active, the user must be active, and the client
must have an active subscription to the configured corpus package.
Use scripts/setup-caveau-access.php for repeatable local/production setup of
the Do Better Norge Caveau owner account, family-legal subscription, and
white-label domain mappings. Pass the account password through
DBN_SETUP_PASSWORD at runtime only; do not commit it.
The APIs process pasted text in memory and write only metadata such as tool name, latency, language, source count, chunk count, deployment, and anonymous session id.