Account and Consent
Saviqo integrations should separate user consent from database permissions.
Consent explains what a connected agent is allowed to do. Database access is still enforced through authenticated server services and Supabase Row Level Security.
Planned Consent Groups
budget.readanalytics.readstatements.readgoals.writeworkflow.execute
Write access should be introduced gradually and should require preview, confirmation, idempotency, and audit logging.