# Data Model: Auth Structure

This document defines the database schema changes for the `064-auth-structure` feature.

## New Tables

### `platform_users`

This table stores the authentication and profile information for Platform Operators. These users are managed locally and are entirely separate from the tenant-facing `users` table.

**Purpose**: To provide a dedicated identity store for system administrators and operators, enabling secure access to the `/system` panel.

**Laravel Migration Definition**:

```php
Schema::create('platform_users', function (Blueprint $table) {
    $table->id();
    $table->string('name');
    $table->string('email')->unique();
    $table->string('password');
    $table->jsonb('capabilities')->default('[]');
    $table->boolean('is_active')->default(true);
    $table->timestamp('last_login_at')->nullable();
    $table->rememberToken();
    $table->timestamps();
});
```

### Field Definitions

| Column         | Type                 | Description                                                                                               | Notes                                  |
|----------------|----------------------|-----------------------------------------------------------------------------------------------------------|----------------------------------------|
| `id`           | `bigint`, `unsigned` | Primary key.                                                                                              | Auto-incrementing.                     |
| `name`         | `string`             | The full name of the platform operator.                                                                   | Required.                              |
| `email`        | `string`             | The unique email address used for login.                                                                  | Must be unique across the table.       |
| `password`     | `string`             | The hashed password for the user.                                                                         | Never stored in plain text.            |
| `capabilities` | `jsonb`              | A list of string identifiers for permissions (e.g., `["platform.use_break_glass"]`).                      | Defaults to an empty array (`[]`).      |
| `is_active`    | `boolean`            | Flag to enable or disable the account. Inactive users cannot log in.                                      | Defaults to `true`.                    |
| `last_login_at`| `timestamp`          | Records the timestamp of the user's last successful login.                                                | Nullable.                              |
| `remember_token` | `string`           | Used by Laravel's "Remember Me" functionality.                                                          | Nullable.                              |
| `created_at`   | `timestamp`          | Timestamp of when the record was created.                                                                 | Managed by Eloquent.                   |
| `updated_at`   | `timestamp`          | Timestamp of when the record was last updated.                                                            | Managed by Eloquent.                   |

## Modified Tables

No existing tables will be modified as part of the core data model changes.

## Deprecations

-   **`users.is_platform_superadmin`**: This column in the `users` table is now considered deprecated. No new code should rely on it for authorization. A separate, future migration will be responsible for its removal after a backfill process is complete.