feat: bootstrap backend MVP and architecture docs

scripts/init_schema.sql

@@ -0,0 +1,30 @@
+BEGIN;
+
+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
+CREATE TABLE IF NOT EXISTS users (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  authentik_sub VARCHAR(255) NOT NULL UNIQUE,
+  email VARCHAR(320),
+  display_name VARCHAR(255),
+  is_active BOOLEAN NOT NULL DEFAULT TRUE,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE IF NOT EXISTS permissions (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  scope_type VARCHAR(32) NOT NULL,
+  scope_id VARCHAR(128) NOT NULL,
+  module VARCHAR(128) NOT NULL,
+  action VARCHAR(32) NOT NULL,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  CONSTRAINT uq_permissions_user_scope_module_action
+    UNIQUE (user_id, scope_type, scope_id, module, action)
+);
+
+CREATE INDEX IF NOT EXISTS idx_users_authentik_sub ON users(authentik_sub);
+CREATE INDEX IF NOT EXISTS idx_permissions_user_id ON permissions(user_id);
+
+COMMIT;