FAQ

FAQ

Detailed answers for launch, auth, data, security, and production operations.

Open Go-Live Checklist
Fast LaunchWhat is the fastest way to connect a new app?

Use GNOMEBASE_URL + GNOMEBASE_ANON_KEY + X-Tenant. This path is designed for quick client integration and safe read-only access by default.

Fast LaunchWhen should I switch from ANON key to full auth tokens?

Switch when your app needs user identity, write actions, role-based behavior, or per-session traceability. Keep ANON for public/read-only flows.

AuthDoes GnomeBase support Google and GitHub login?

Yes. OAuth start/callback routes are wired. Configure provider client IDs/secrets in runtime env and set your redirect base URL.

AuthWhy do I get tenant_mismatch?

Your resolved tenant (X-Tenant or subdomain) does not match the tenant in the token. Use a token issued for that tenant or change tenant header.

DatabaseHow is cross-tenant leakage prevented?

Every request runs with tenant/user RLS context in Postgres. Queries are allowlist-checked first and then executed under FORCE RLS policies.

DatabaseWhy is a table or column blocked even though it exists?

The generic CRUD API only accepts resources present in allowlist.json. Existence in schema alone is not sufficient for API access.

StorageWhat causes storage_invalid_path?

The requested path failed tenant prefix checks or attempted path escape. Signed operations must stay inside configured tenant-scoped prefixes.

StorageWhat causes storage_upload_incomplete?

Commit verification failed because object size/content-type did not match expected values or the object did not exist at commit time.

RealtimeWhy is a realtime subscription denied?

Topic must match tenant scope and allowlist policy. Non-allowlisted or cross-tenant topics return realtime_topic_denied.

SecurityIs Redis required for correctness?

No. Postgres is authoritative. Redis is optional and only used for non-authoritative acceleration paths like cache/fanout hints.

SecurityAre model internals exposed in SpiderWeb AI?

No. Runtime model names are alias-safe in UI output. You will see operational modes and aliases, not provider model internals.

OperationsHow do I know if production is ready?

Use Go-Live checks and ensure all gates pass (RLS, tenant resolver, allowlist, storage prefix, realtime restrictions, and audit emission).

OperationsWhere do notifications come from?

The bell feed is live tenant audit data. Auth, data, storage, launch, realtime, and trinity actions appear automatically.

OperationsCan I export reproducibility evidence?

Yes. Gate artifacts include environment fingerprint, manifest, and deterministic run outputs for release verification.

BillingCan teams start simple and scale controls later?

Yes. Fast Launch gets teams live quickly, and advanced controls can be layered in as requirements grow without re-platforming.