|
| 1 | +# PR_26166_155-supabase-identity-tables-bootstrap |
| 2 | + |
| 3 | +## Branch Validation |
| 4 | +- PASS: Current branch is `main`. |
| 5 | +- Expected branch: `main`. |
| 6 | + |
| 7 | +## Requirement Checklist |
| 8 | +- PASS: `docs_build/dev/PROJECT_INSTRUCTIONS.md` was read before implementation. |
| 9 | +- PASS: `GAMEFOUNDRY_DB_PROVIDER=local-db` remains the required product-data posture. |
| 10 | +- PASS: Product data remains on Local DB; no product-table migration was added. |
| 11 | +- PASS: Direct PostgreSQL is not required for identity readiness. `validate:supabase-dev` uses Supabase REST/Auth checks for service-role and identity table readiness. |
| 12 | +- PASS: Direct PostgreSQL TLS failure is retained as a diagnostic and can be downgraded to `WARN` when REST/API identity readiness passes. |
| 13 | +- PASS: Added Supabase identity DDL under `docs_build/database/ddl/account/`. |
| 14 | +- PASS: Added DEV/review bootstrap instructions under `docs_build/database/seed/account/`. |
| 15 | +- PASS: Required identity tables are represented in DDL: |
| 16 | + - `users` |
| 17 | + - `roles` |
| 18 | + - `user_roles` |
| 19 | +- PASS: Required ownership fields are represented: |
| 20 | + - `key` |
| 21 | + - `createdAt` |
| 22 | + - `updatedAt` |
| 23 | + - `createdBy` |
| 24 | + - `updatedBy` |
| 25 | +- PASS: `users.key` remains the authoritative ownership reference. |
| 26 | +- PASS: DEV static ULID exceptions are documented only for User 1, User 2, User 3, and DavidQ admin. |
| 27 | +- PASS: No password tables were added. |
| 28 | +- PASS: No browser-owned auth or identity data was added. |
| 29 | +- PASS: No secrets or `.env.local` files were committed or modified. |
| 30 | +- PASS: `validate:supabase-dev` now runs with Node system CA support while keeping TLS verification enabled. |
| 31 | +- PASS: Service role authentication validates successfully through REST/Auth. |
| 32 | +- FAIL: Live Supabase `users`, `roles`, and `user_roles` table checks do not pass yet because the tables are not present in the remote Supabase schema cache. |
| 33 | +- FAIL: Live direct DB TLS failure remains a blocker in the current output because REST/API identity table readiness does not pass yet. Once the tables pass through REST/API, the direct DB TLS failure is downgraded to `WARN`. |
| 34 | + |
| 35 | +## Validation Lane Report |
| 36 | +- Impacted lane: targeted operator auth/provider database bootstrap validation. |
| 37 | +- Playwright impacted: No. No browser runtime or auth/session page behavior changed. |
| 38 | +- Samples validation: SKIP. No samples or sample manifests changed. |
| 39 | + |
| 40 | +## Validation Performed |
| 41 | +- PASS: `node --check scripts/validate-supabase-dev.mjs` |
| 42 | +- PASS: `node -e "JSON.parse(require('fs').readFileSync('package.json','utf8')); console.log('package.json OK')"` |
| 43 | +- PASS: `git diff --check` |
| 44 | +- PASS: No TLS bypass patterns were added. |
| 45 | +- PASS: No password table DDL was added. |
| 46 | +- FAIL: `npm run validate:supabase-dev` because the remote Supabase identity tables still need the DDL applied. |
| 47 | + |
| 48 | +## validate:supabase-dev Output |
| 49 | + |
| 50 | +```text |
| 51 | +> html-javascript-gaming@1.0.0 validate:supabase-dev |
| 52 | +> node --use-system-ca ./scripts/validate-supabase-dev.mjs |
| 53 | +
|
| 54 | +PASS - .env.local loaded (6 key(s) loaded) |
| 55 | +PASS - URL configured (GAMEFOUNDRY_SUPABASE_URL=https:...e.co) |
| 56 | +PASS - Publishable key configured (GAMEFOUNDRY_SUPABASE_ANON_KEY=sb_pub...V2Zj) |
| 57 | +PASS - Service role key configured (GAMEFOUNDRY_SUPABASE_SERVICE_ROLE_KEY=sb_sec...KRU6) |
| 58 | +PASS - Database URL configured (GAMEFOUNDRY_SUPABASE_DATABASE_URL=postgr...gres) |
| 59 | +PASS - Supabase reachable (HTTP 404) |
| 60 | +PASS - TLS validation |
| 61 | +PASS - Auth endpoint reachable (HTTP 200) |
| 62 | +PASS - Service role authentication (HTTP 200) |
| 63 | +FAIL - Database connection (SELF_SIGNED_CERT_IN_CHAIN) |
| 64 | +FAIL - users table (HTTP 404: Could not find the table 'public.users' in the schema cache Run docs_build/database/ddl/account/supabase-identity-tables.sql through the approved Supabase SQL setup path.) |
| 65 | +FAIL - roles table (HTTP 404: Could not find the table 'public.roles' in the schema cache Run docs_build/database/ddl/account/supabase-identity-tables.sql through the approved Supabase SQL setup path.) |
| 66 | +FAIL - user_roles table (HTTP 404: Could not find the table 'public.user_roles' in the schema cache Run docs_build/database/ddl/account/supabase-identity-tables.sql through the approved Supabase SQL setup path.) |
| 67 | +
|
| 68 | +Overall Result: FAIL |
| 69 | +Failed checks: Database connection, users table, roles table, user_roles table |
| 70 | +``` |
| 71 | + |
| 72 | +## Manual Validation Notes |
| 73 | +- The new DDL file is the approved SQL setup path for the missing Supabase identity tables. |
| 74 | +- REST/Auth TLS now validates successfully under Node by using the system CA store; TLS verification remains enabled. |
| 75 | +- Service-role authentication passes without printing secret values. |
| 76 | +- The direct database URL still fails TLS trust, which matches the known DEV DB URL issue. |
| 77 | +- The validator intentionally keeps the direct DB failure as `FAIL` until REST/API identity table readiness is green. |
| 78 | +- After running the DDL in Supabase SQL editor or another approved operator SQL path, rerun `npm run validate:supabase-dev`; expected result is identity table PASS and direct DB TLS WARN if the DB URL still fails. |
| 79 | + |
| 80 | +## Changed Files |
| 81 | +- `package.json` |
| 82 | +- `scripts/validate-supabase-dev.mjs` |
| 83 | +- `docs_build/database/ddl/account/supabase-identity-tables.sql` |
| 84 | +- `docs_build/database/seed/account/supabase-dev-identity-bootstrap.md` |
| 85 | +- `docs_build/dev/reports/PR_26166_155-supabase-identity-tables-bootstrap.md` |
| 86 | + |
| 87 | +## Review Artifacts |
| 88 | +- `docs_build/dev/reports/codex_review.diff` |
| 89 | +- `docs_build/dev/reports/codex_changed_files.txt` |
0 commit comments