diff --git a/distribution/build.gradle.kts b/distribution/build.gradle.kts
new file mode 100644
index 0000000..45dea42
--- /dev/null
+++ b/distribution/build.gradle.kts
@@ -0,0 +1,52 @@
+// distribution — assembles the runnable vibe_erp fat-jar.
+//
+// This module is the only one that pulls every PBC and platform module
+// together into a bootable Spring Boot application. It is referenced by
+// the Dockerfile (stage 1) which produces the shipping image documented
+// in the architecture spec, sections 10 and 11.
+
+plugins {
+    alias(libs.plugins.kotlin.jvm)
+    alias(libs.plugins.kotlin.spring)
+    alias(libs.plugins.spring.boot)
+    alias(libs.plugins.spring.dependency.management)
+}
+
+java {
+    toolchain {
+        languageVersion.set(JavaLanguageVersion.of(21))
+    }
+}
+
+dependencies {
+    implementation(project(":platform:platform-bootstrap"))
+    implementation(project(":platform:platform-persistence"))
+    implementation(project(":platform:platform-plugins"))
+    implementation(project(":pbc:pbc-identity"))
+
+    implementation(libs.spring.boot.starter)
+    implementation(libs.spring.boot.starter.web)
+    implementation(libs.spring.boot.starter.data.jpa)
+    implementation(libs.spring.boot.starter.actuator)
+    implementation(libs.kotlin.stdlib)
+    implementation(libs.kotlin.reflect)
+    implementation(libs.jackson.module.kotlin)
+    runtimeOnly(libs.postgres)
+    runtimeOnly(libs.liquibase.core)
+
+    testImplementation(libs.spring.boot.starter.test)
+}
+
+// The fat-jar produced here is what the Dockerfile copies into the
+// runtime image as /app/vibe-erp.jar.
+tasks.bootJar {
+    mainClass.set("org.vibeerp.platform.bootstrap.VibeErpApplicationKt")
+    archiveFileName.set("vibe-erp.jar")
+}
+
+// `./gradlew :distribution:bootRun` — used by `make run` for local dev.
+// Activates the dev profile so application-dev.yaml on the classpath is
+// layered on top of application.yaml.
+tasks.bootRun {
+    systemProperty("spring.profiles.active", "dev")
+}
diff --git a/distribution/src/main/resources/application-dev.yaml b/distribution/src/main/resources/application-dev.yaml
new file mode 100644
index 0000000..0d66f6f
--- /dev/null
+++ b/distribution/src/main/resources/application-dev.yaml
@@ -0,0 +1,21 @@
+# vibe_erp — developer overrides (active under -Dspring.profiles.active=dev).
+#
+# Activated by `./gradlew :distribution:bootRun` (see distribution/build.gradle.kts).
+# These values point at a local Postgres started via `make up` or any other
+# locally-running Postgres on port 5432.
+
+spring:
+  datasource:
+    url: jdbc:postgresql://localhost:5432/vibeerp
+    username: vibeerp
+    password: vibeerp
+
+vibeerp:
+  plugins:
+    directory: ./plugins-dev
+  files:
+    local-path: ./files-dev
+
+logging:
+  level:
+    org.vibeerp: DEBUG
diff --git a/distribution/src/main/resources/application.yaml b/distribution/src/main/resources/application.yaml
new file mode 100644
index 0000000..f6cb728
--- /dev/null
+++ b/distribution/src/main/resources/application.yaml
@@ -0,0 +1,56 @@
+# vibe_erp — production-ish defaults.
+#
+# This is the baseline configuration baked into the shipping image. It is
+# deliberately non-secret: every sensitive value is read from an environment
+# variable so the same image works for self-hosted and (eventually) hosted
+# deployments. See architecture spec sections 10 and 11.
+#
+# Customer overrides live in /opt/vibe-erp/config/vibe-erp.yaml on the
+# mounted volume. Plug-in configuration lives in metadata__plugin_config,
+# never here.
+
+spring:
+  application:
+    name: vibe-erp
+  datasource:
+    url: ${VIBEERP_DB_URL}
+    username: ${VIBEERP_DB_USER}
+    password: ${VIBEERP_DB_PASSWORD}
+    driver-class-name: org.postgresql.Driver
+  jpa:
+    # Liquibase owns the schema; Hibernate must never touch DDL.
+    hibernate:
+      ddl-auto: validate
+    open-in-view: false
+  liquibase:
+    change-log: classpath:db/changelog/master.xml
+
+server:
+  port: 8080
+  shutdown: graceful
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health,info,prometheus
+
+vibeerp:
+  instance:
+    mode: ${VIBEERP_INSTANCE_MODE:self-hosted}
+    default-tenant: ${VIBEERP_DEFAULT_TENANT:default}
+  plugins:
+    directory: ${VIBEERP_PLUGINS_DIR:/opt/vibe-erp/plugins}
+    auto-load: true
+  i18n:
+    default-locale: en-US
+    fallback-locale: en-US
+    available-locales: en-US,zh-CN,de-DE,ja-JP,es-ES
+  files:
+    backend: local
+    local-path: ${VIBEERP_FILES_DIR:/opt/vibe-erp/files}
+
+logging:
+  level:
+    org.vibeerp: INFO
+    org.springframework: WARN
diff --git a/distribution/src/main/resources/db/changelog/master.xml b/distribution/src/main/resources/db/changelog/master.xml
new file mode 100644
index 0000000..32931c9
--- /dev/null
+++ b/distribution/src/main/resources/db/changelog/master.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  vibe_erp — Liquibase master changelog.
+
+  This file composes per-PBC changelogs via <include>. Each PBC owns its own
+  changelog under db/changelog/<pbc-name>/ and is responsible for its own
+  table prefix (architecture spec section 8 — schema namespacing).
+-->
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                                       https://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.27.xsd">
+    <include file="classpath:db/changelog/platform/000-platform-init.xml"/>
+    <include file="classpath:db/changelog/pbc-identity/001-identity-init.xml"/>
+</databaseChangeLog>
diff --git a/distribution/src/main/resources/db/changelog/pbc-identity/001-identity-init.xml b/distribution/src/main/resources/db/changelog/pbc-identity/001-identity-init.xml
new file mode 100644
index 0000000..c2284f5
--- /dev/null
+++ b/distribution/src/main/resources/db/changelog/pbc-identity/001-identity-init.xml
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                                       https://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.27.xsd">
+
+    <!--
+        pbc-identity initial schema.
+
+        Owns: identity__user, identity__role, identity__user_role.
+
+        Conventions enforced for every business table in vibe_erp:
+          • UUID primary key
+          • tenant_id varchar(64) NOT NULL
+          • Audit columns: created_at, created_by, updated_at, updated_by
+          • Optimistic-locking version column
+          • ext jsonb NOT NULL DEFAULT '{}' for key-user custom fields
+          • GIN index on ext for fast custom-field queries
+          • Composite index on (tenant_id, ...) for tenant-scoped lookups
+          • Postgres Row-Level Security enabled, with a simple per-tenant
+            policy bound to the GUC `vibeerp.current_tenant` set by the
+            platform on every transaction (see TODO below)
+
+        TODO(v0.2): the platform's `RlsTransactionHook` is not yet
+        implemented, so the RLS policy in this file uses
+        `current_setting('vibeerp.current_tenant', true)` and is enabled
+        but not yet enforced (NO FORCE). When the hook lands, change to
+        FORCE ROW LEVEL SECURITY in a follow-up changeset.
+    -->
+
+    <changeSet id="identity-init-001" author="vibe_erp">
+        <comment>Create identity__user table</comment>
+        <sql>
+            CREATE TABLE identity__user (
+                id           uuid PRIMARY KEY,
+                tenant_id    varchar(64)  NOT NULL,
+                username     varchar(128) NOT NULL,
+                display_name varchar(256) NOT NULL,
+                email        varchar(320),
+                enabled      boolean      NOT NULL DEFAULT true,
+                ext          jsonb        NOT NULL DEFAULT '{}'::jsonb,
+                created_at   timestamptz  NOT NULL,
+                created_by   varchar(128) NOT NULL,
+                updated_at   timestamptz  NOT NULL,
+                updated_by   varchar(128) NOT NULL,
+                version      bigint       NOT NULL DEFAULT 0
+            );
+            CREATE UNIQUE INDEX identity__user_tenant_username_uk
+                ON identity__user (tenant_id, username);
+            CREATE INDEX identity__user_ext_gin
+                ON identity__user USING GIN (ext jsonb_path_ops);
+        </sql>
+        <rollback>
+            DROP TABLE identity__user;
+        </rollback>
+    </changeSet>
+
+    <changeSet id="identity-init-002" author="vibe_erp">
+        <comment>Enable Row-Level Security on identity__user (advisory until RlsTransactionHook lands)</comment>
+        <sql>
+            ALTER TABLE identity__user ENABLE ROW LEVEL SECURITY;
+            CREATE POLICY identity__user_tenant_isolation ON identity__user
+                USING (tenant_id = current_setting('vibeerp.current_tenant', true));
+        </sql>
+        <rollback>
+            DROP POLICY IF EXISTS identity__user_tenant_isolation ON identity__user;
+            ALTER TABLE identity__user DISABLE ROW LEVEL SECURITY;
+        </rollback>
+    </changeSet>
+
+    <changeSet id="identity-init-003" author="vibe_erp">
+        <comment>Create identity__role table</comment>
+        <sql>
+            CREATE TABLE identity__role (
+                id           uuid PRIMARY KEY,
+                tenant_id    varchar(64)  NOT NULL,
+                code         varchar(64)  NOT NULL,
+                name         varchar(256) NOT NULL,
+                description  text,
+                ext          jsonb        NOT NULL DEFAULT '{}'::jsonb,
+                created_at   timestamptz  NOT NULL,
+                created_by   varchar(128) NOT NULL,
+                updated_at   timestamptz  NOT NULL,
+                updated_by   varchar(128) NOT NULL,
+                version      bigint       NOT NULL DEFAULT 0
+            );
+            CREATE UNIQUE INDEX identity__role_tenant_code_uk
+                ON identity__role (tenant_id, code);
+            CREATE INDEX identity__role_ext_gin
+                ON identity__role USING GIN (ext jsonb_path_ops);
+            ALTER TABLE identity__role ENABLE ROW LEVEL SECURITY;
+            CREATE POLICY identity__role_tenant_isolation ON identity__role
+                USING (tenant_id = current_setting('vibeerp.current_tenant', true));
+        </sql>
+        <rollback>
+            DROP TABLE identity__role;
+        </rollback>
+    </changeSet>
+
+    <changeSet id="identity-init-004" author="vibe_erp">
+        <comment>Create identity__user_role join table</comment>
+        <sql>
+            CREATE TABLE identity__user_role (
+                id           uuid PRIMARY KEY,
+                tenant_id    varchar(64)  NOT NULL,
+                user_id      uuid         NOT NULL REFERENCES identity__user(id) ON DELETE CASCADE,
+                role_id      uuid         NOT NULL REFERENCES identity__role(id) ON DELETE CASCADE,
+                created_at   timestamptz  NOT NULL,
+                created_by   varchar(128) NOT NULL,
+                updated_at   timestamptz  NOT NULL,
+                updated_by   varchar(128) NOT NULL,
+                version      bigint       NOT NULL DEFAULT 0
+            );
+            CREATE UNIQUE INDEX identity__user_role_uk
+                ON identity__user_role (tenant_id, user_id, role_id);
+            ALTER TABLE identity__user_role ENABLE ROW LEVEL SECURITY;
+            CREATE POLICY identity__user_role_tenant_isolation ON identity__user_role
+                USING (tenant_id = current_setting('vibeerp.current_tenant', true));
+        </sql>
+        <rollback>
+            DROP TABLE identity__user_role;
+        </rollback>
+    </changeSet>
+
+</databaseChangeLog>
diff --git a/distribution/src/main/resources/db/changelog/platform/000-platform-init.xml b/distribution/src/main/resources/db/changelog/platform/000-platform-init.xml
new file mode 100644
index 0000000..536378a
--- /dev/null
+++ b/distribution/src/main/resources/db/changelog/platform/000-platform-init.xml
@@ -0,0 +1,411 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  vibe_erp — platform init changelog.
+
+  Creates the cross-cutting platform tables: a tenant table, an audit
+  table, and the metadata__* registry tables described in architecture
+  spec section 8 ("The metadata store").
+
+  These are intentionally minimal v0.1 stubs: id + tenant_id + source +
+  timestamps + (where useful) a payload jsonb. Real columns are added by
+  later changesets in the PBCs that own them. pbc-identity owns the User
+  schema and ships its own changelog.
+
+  NOTE: Postgres Row-Level Security policies are NOT enabled here. RLS
+  policies are added in a dedicated changeset in the v1.0 cut, so that
+  they can be authored alongside the application-level @TenantId filter
+  (architecture spec section 8 — "Tenant isolation"). The build pattern
+  for that changeset will mirror the changesets below.
+-->
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                                       https://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.27.xsd">
+
+    <!-- ─── platform__tenant ─────────────────────────────────────────── -->
+    <changeSet id="platform-init-001" author="vibe_erp">
+        <createTable tableName="platform__tenant">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <rollback>
+            <dropTable tableName="platform__tenant"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── platform__audit ──────────────────────────────────────────── -->
+    <changeSet id="platform-init-002" author="vibe_erp">
+        <createTable tableName="platform__audit">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <rollback>
+            <dropTable tableName="platform__audit"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__entity ─────────────────────────────────────────── -->
+    <changeSet id="platform-init-003" author="vibe_erp">
+        <createTable tableName="metadata__entity">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__entity" indexName="idx_metadata__entity__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__entity"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__custom_field ───────────────────────────────────── -->
+    <changeSet id="platform-init-004" author="vibe_erp">
+        <createTable tableName="metadata__custom_field">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__custom_field" indexName="idx_metadata__custom_field__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__custom_field"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__form ───────────────────────────────────────────── -->
+    <changeSet id="platform-init-005" author="vibe_erp">
+        <createTable tableName="metadata__form">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__form" indexName="idx_metadata__form__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__form"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__workflow ───────────────────────────────────────── -->
+    <changeSet id="platform-init-006" author="vibe_erp">
+        <createTable tableName="metadata__workflow">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__workflow" indexName="idx_metadata__workflow__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__workflow"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__rule ───────────────────────────────────────────── -->
+    <changeSet id="platform-init-007" author="vibe_erp">
+        <createTable tableName="metadata__rule">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__rule" indexName="idx_metadata__rule__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__rule"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__permission ─────────────────────────────────────── -->
+    <changeSet id="platform-init-008" author="vibe_erp">
+        <createTable tableName="metadata__permission">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__permission" indexName="idx_metadata__permission__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__permission"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__role_permission ────────────────────────────────── -->
+    <changeSet id="platform-init-009" author="vibe_erp">
+        <createTable tableName="metadata__role_permission">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__role_permission" indexName="idx_metadata__role_permission__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__role_permission"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__menu ───────────────────────────────────────────── -->
+    <changeSet id="platform-init-010" author="vibe_erp">
+        <createTable tableName="metadata__menu">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__menu" indexName="idx_metadata__menu__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__menu"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__report ─────────────────────────────────────────── -->
+    <changeSet id="platform-init-011" author="vibe_erp">
+        <createTable tableName="metadata__report">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__report" indexName="idx_metadata__report__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__report"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__translation ────────────────────────────────────── -->
+    <changeSet id="platform-init-012" author="vibe_erp">
+        <createTable tableName="metadata__translation">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__translation" indexName="idx_metadata__translation__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__translation"/>
+        </rollback>
+    </changeSet>
+
+    <!-- ─── metadata__plugin_config ──────────────────────────────────── -->
+    <changeSet id="platform-init-013" author="vibe_erp">
+        <createTable tableName="metadata__plugin_config">
+            <column name="id" type="uuid">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="tenant_id" type="varchar(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="source" type="varchar(32)" defaultValue="core">
+                <constraints nullable="false"/>
+            </column>
+            <column name="payload" type="jsonb" defaultValueComputed="'{}'::jsonb">
+                <constraints nullable="false"/>
+            </column>
+            <column name="created_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+            <column name="updated_at" type="timestamptz" defaultValueComputed="now()">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <createIndex tableName="metadata__plugin_config" indexName="idx_metadata__plugin_config__tenant_source">
+            <column name="tenant_id"/>
+            <column name="source"/>
+        </createIndex>
+        <rollback>
+            <dropTable tableName="metadata__plugin_config"/>
+        </rollback>
+    </changeSet>
+
+</databaseChangeLog>