|
| 1 | +# PR_26167_198-database-ssl-mode-contract |
| 2 | + |
| 3 | +Status: PASS |
| 4 | + |
| 5 | +## Branch Validation |
| 6 | +- PASS: Current branch is `main`. |
| 7 | +- Expected branch: `main`. |
| 8 | + |
| 9 | +## Summary |
| 10 | +- Added `GAMEFOUNDRY_DATABASE_SSL` as the authoritative database SSL mode for runtime/product-data Postgres access. |
| 11 | +- Supported modes are `disable` and `require`. |
| 12 | +- Removed URL/host-derived SSL mode selection and removed TLS/TCP fallback behavior. |
| 13 | +- Runtime, validator, and DDL apply now visibly report the configured database SSL mode. |
| 14 | + |
| 15 | +## Requirement Checklist |
| 16 | +- PASS: Read `docs_build/dev/PROJECT_INSTRUCTIONS.md` before execution. |
| 17 | +- PASS: Hard-stopped branch check passed on `main`. |
| 18 | +- PASS: Added authoritative `GAMEFOUNDRY_DATABASE_SSL` contract. |
| 19 | +- PASS: Supported values limited to `disable` and `require`. |
| 20 | +- PASS: No TLS-then-TCP fallback remains. |
| 21 | +- PASS: No TCP-then-TLS fallback remains. |
| 22 | +- PASS: `scripts/validate-supabase-dev.mjs` validates and reports database SSL mode. |
| 23 | +- PASS: `scripts/apply-supabase-dev-ddl.mjs` validates and reports database SSL mode. |
| 24 | +- PASS: Runtime database connection code validates and uses `GAMEFOUNDRY_DATABASE_SSL`. |
| 25 | +- PASS: Product-data database access readiness requires `GAMEFOUNDRY_DATABASE_SSL`. |
| 26 | +- PASS: Runtime startup reports database SSL mode. |
| 27 | +- PASS: SSL/server mismatch fails visibly with actionable diagnostics. |
| 28 | +- PASS: Did not reintroduce provider variables. |
| 29 | +- PASS: Did not create DEV/UAT/PROD branching. |
| 30 | +- PASS: Connection behavior is driven by `GAMEFOUNDRY_DATABASE_URL` and `GAMEFOUNDRY_DATABASE_SSL`. |
| 31 | +- PASS: No SQLite/local-db/mock-db fallback added. |
| 32 | + |
| 33 | +## SSL Mode Contract Evidence |
| 34 | +- Validator output includes: `PASS - Database SSL mode: disable`. |
| 35 | +- DDL output includes: `PASS - Database SSL mode: disable`. |
| 36 | +- Runtime startup output includes: `Database SSL mode: disable`. |
| 37 | +- Negative mismatch check with `GAMEFOUNDRY_DATABASE_SSL=require` against the plain local Postgres listener exited with code `1` and reported: `PostgreSQL server did not accept TLS negotiation. If this database target is a plain local Postgres listener, set GAMEFOUNDRY_DATABASE_SSL=disable.` |
| 38 | + |
| 39 | +## Local Postgres Validation Evidence |
| 40 | +- `GAMEFOUNDRY_DATABASE_SSL=disable` was used for validation. |
| 41 | +- `node .\scripts\validate-supabase-dev.mjs` PASS: |
| 42 | + - Database SSL mode configured. |
| 43 | + - Database SSL mode: disable. |
| 44 | + - Database connection PASS. |
| 45 | + - `users` table PASS. |
| 46 | + - `roles` table PASS. |
| 47 | + - `user_roles` table PASS. |
| 48 | +- `node .\scripts\apply-supabase-dev-ddl.mjs` PASS: |
| 49 | + - Database SSL mode: disable. |
| 50 | + - DDL connection mode selected from `GAMEFOUNDRY_DATABASE_SSL`: plain TCP. |
| 51 | + - Applied 15 grouped GFS DDL files. |
| 52 | + |
| 53 | +## Validation Lane Report |
| 54 | +- PASS: `node --check src\dev-runtime\persistence\postgres-connection-client.mjs`. |
| 55 | +- PASS: `node --check src\dev-runtime\auth\provider-contract-stubs.mjs`. |
| 56 | +- PASS: `node --check scripts\validate-supabase-dev.mjs`. |
| 57 | +- PASS: `node --check scripts\apply-supabase-dev-ddl.mjs`. |
| 58 | +- PASS: `node --check scripts\start-local-api-server.mjs`. |
| 59 | +- PASS: `GAMEFOUNDRY_DATABASE_SSL=disable node .\scripts\validate-supabase-dev.mjs`. |
| 60 | +- PASS: `GAMEFOUNDRY_DATABASE_SSL=disable node .\scripts\apply-supabase-dev-ddl.mjs`. |
| 61 | +- PASS: `npm run dev:local-api` startup check. |
| 62 | +- PASS: Controlled mismatch check failed visibly for `GAMEFOUNDRY_DATABASE_SSL=require` against local plain TCP Postgres. |
| 63 | +- PASS: Forbidden-marker scan for old `sslmode`, provider variables, SQLite/local-db/mock-db, and copy-source env auto-load markers in changed active files. |
| 64 | +- PASS: `git diff --check`. |
| 65 | +- SKIP: Full samples smoke; PR scope is database SSL mode configuration/runtime validation only. |
| 66 | + |
| 67 | +## Manual Validation Notes |
| 68 | +- Runtime startup check used a bounded background job on port `5598` and was stopped after capturing startup output. |
| 69 | +- Startup output confirmed: |
| 70 | + - `Configured auth connection: configured`. |
| 71 | + - `Configured database connection: configured`. |
| 72 | + - `Database SSL mode: disable`. |
| 73 | +- No secrets, connection strings, `.env`, or copy-source env files were added to the ZIP. |
| 74 | + |
| 75 | +## Artifact Output |
| 76 | +- PASS: Repo-structured ZIP created at `tmp/PR_26167_198-database-ssl-mode-contract_delta.zip`. |
| 77 | + |
| 78 | +## Changed Files |
| 79 | +- `.env.example` |
| 80 | +- `scripts/apply-supabase-dev-ddl.mjs` |
| 81 | +- `scripts/start-local-api-server.mjs` |
| 82 | +- `scripts/validate-supabase-dev.mjs` |
| 83 | +- `src/dev-runtime/auth/provider-contract-stubs.mjs` |
| 84 | +- `src/dev-runtime/persistence/postgres-connection-client.mjs` |
| 85 | +- `docs_build/dev/reports/PR_26167_198-database-ssl-mode-contract.md` |
| 86 | +- `docs_build/dev/reports/codex_review.diff` |
| 87 | +- `docs_build/dev/reports/codex_changed_files.txt` |
0 commit comments