Initialize repo and add session changes (2025-09-08)

docs/prp/02-tenancy.md

@@ -0,0 +1,21 @@
+# 02 — Tenancy Model
+
+Approach
+- Single database, row-level scoping via `tenant_id` on tenant-owned tables.
+- Global scope (BelongsToTenant trait) for all tenant-owned models; bypass for Super Admin.
+- Policies enforce `tenant_admin` and `member` roles; guest upload uses signed, limited-scope tokens.
+
+Keys & Indexes
+- Composite uniques include `tenant_id` (e.g., `events`: unique `tenant_id, slug`).
+- Foreign keys cascade/delete or null-on-delete based on data retention needs.
+
+Tenant Resolution
+- Tenant Admin PWA: resolve from authenticated token claim (`tenant_id`).
+- Guest PWA/custom domains: resolve from host/subdomain; map to event and tenant.
+
+Impersonation
+- Super Admin can impersonate tenant users; all actions audited with actor + target + reason.
+
+Backups & Export
+- Backups include tenant partitions by `tenant_id`.
+- Export endpoints provide per-tenant data bundles (photos metadata + links), respecting rate limits.