OpenClaw brain

ADR-0002-app-projects-environments-and-repos.md

Brain/docs/ADR-0002-app-projects-environments-and-repos.md

docs/ADR-0002-app-projects-environments-and-repos.md

filedocs/ADR-0002-app-projects-environments-and-repos.md
# ADR-0002: App project environments and GitHub repositories

Date: 2026-05-04  
Status: Accepted

## Context

David has multiple app/web projects managed with Kompis, including Bosse Bokdoktor and BanterPicks. These projects need a clear default structure for ownership, repositories, environments, and deployment hygiene.

## Decision

### 1. One GitHub repo per app/project

Each app gets its own dedicated GitHub repository.

### 2. Ownership comes first

Before starting a new app/project, Kompis must ask which company/entity owns it.

Default owner choices:

- Be Viable AB
- HEL Management AB
- another company/entity David specifies

Default admin email follows the owner.

### 3. Local checkout per repo

Preferred local development path:

- `/root/.openclaw/workspace/<project-name>`

Temporary clean/deploy copies may live under `/tmp`, but they are not source of truth.

### 4. Standard environment model

Default app environments are:

- local dev
- sandbox/test
- production

Do not add extra environments unless there is a clear need.

### 5. Environment separation

Sandbox/test and production must stay separate for:

- secrets
- OAuth clients
- redirect URIs
- token stores
- databases
- third-party company accounts

### 6. Security defaults

New projects are private/protected by default.

- internal access gate before external/OAuth login
- secrets/env vars, never credentials in GitHub
- Cloudflare Access support where appropriate
- future-ready user/role/permission model
- no public anonymous access unless David explicitly approves it

## Consequences

### Positive

- Clear ownership boundaries
- Less repo confusion
- Safer deployments and credential handling
- Easier scaling to future projects

### Tradeoffs

- More repos to manage
- Slightly more setup work per project
- More discipline needed around environment separation

## Notes

This ADR is the source of truth for app/project repo and environment structure.

See also:

- `docs/APP-DEVELOPMENT-POLICY.md`
- `docs/PROJECT-POLICY.md`
- `docs/ADR-0001-openclaw-brain-repo.md`