feat(ST-703): auth and Prisma client singleton

- src/prisma.ts: PrismaClient via PrismaPg adapter and pg.Pool, same pattern as Scrum4Me's lib/prisma.ts - src/auth.ts: getAuth() resolves SCRUM4ME_TOKEN once, caches { userId, username, isDemo }. requireWriteAccess() throws PermissionDeniedError for demo tokens — write tools call this before any DB mutation Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 23:01:22 +02:00 · 2026-04-26 23:01:22 +02:00 · 2b52b1cedd
commit 2b52b1cedd
parent 992a4ad5e1
2 changed files with 66 additions and 0 deletions
--- a/src/prisma.ts
+++ b/src/prisma.ts
@ -0,0 +1,15 @@
+import { PrismaClient } from '@prisma/client'
+import { Pool } from 'pg'
+import { PrismaPg } from '@prisma/adapter-pg'
+
+function createClient(): PrismaClient {
+  const url = process.env.DATABASE_URL
+  if (!url) {
+    throw new Error('DATABASE_URL is not set — see .env.example')
+  }
+  const pool = new Pool({ connectionString: url })
+  const adapter = new PrismaPg(pool)
+  return new PrismaClient({ adapter, log: ['error'] })
+}
+
+export const prisma = createClient()