|
| 1 | +# PR_26164_092-fix-db-identity-governance |
| 2 | + |
| 3 | +## Branch Validation |
| 4 | + |
| 5 | +PASS: current branch is `main`. |
| 6 | + |
| 7 | +## Scope Summary |
| 8 | + |
| 9 | +PASS: Scoped to fixing the DB DDL/DML governance issues from PR_26164_091 only. |
| 10 | + |
| 11 | +Changed files: |
| 12 | + |
| 13 | +- `docs_build/database/README.md` |
| 14 | +- `docs_build/database/ddl/dev-app-identity-schema.sql` |
| 15 | +- `docs_build/database/dml/dev-app-identity-temporary-setup-review.sql` |
| 16 | + |
| 17 | +## Requirement Checklist |
| 18 | + |
| 19 | +| Requirement | Status | Evidence | |
| 20 | +| --- | --- | --- | |
| 21 | +| Read `docs_build/dev/PROJECT_INSTRUCTIONS.md` before execution | PASS | Project instructions were read before implementation. | |
| 22 | +| Verify current branch is `main` before changes | PASS | `git branch --show-current` returned `main`. | |
| 23 | +| Scope to DB DDL/DML governance issues from PR_26164_091 only | PASS | Only database governance docs, DDL, DML, and reports changed. | |
| 24 | +| Use project governance model | PASS | DDL now uses key-based identity records and shared audit ownership fields. | |
| 25 | +| Do not use legacy id ownership model | PASS | SQL audit found no legacy id-based identity ownership patterns in DDL/DML. | |
| 26 | +| Use key-based records | PASS | `users`, `roles`, and `user_roles` each define `key text PRIMARY KEY`. | |
| 27 | +| Audit fields exist on shared records | PASS | `createdAt`, `updatedAt`, `createdBy`, and `updatedBy` exist on all three identity tables. | |
| 28 | +| Ownership fields reference `users.key` | PASS | `createdBy` and `updatedBy` reference `users(key)`; `user_roles.userKey` references `users(key)`. | |
| 29 | +| Keep DDL under `docs_build/database/ddl/` | PASS | Identity DDL remains in `docs_build/database/ddl/dev-app-identity-schema.sql`. | |
| 30 | +| Keep temporary DML/setup under `docs_build/database/dml/` | PASS | Temporary setup SQL remains in `docs_build/database/dml/dev-app-identity-temporary-setup-review.sql`. | |
| 31 | +| Do not place DDL under `src/` or `docs/` | PASS | Validation found no `.sql` or `.ddl` files under `src/` or `docs/`. | |
| 32 | +| Do not reintroduce MEM DB | PASS | Database governance files contain no MEM DB references. | |
| 33 | +| Do not introduce Supabase runtime wiring | PASS | No runtime files changed; database governance files contain no Supabase references. | |
| 34 | +| Do not add custom password storage tables | PASS | No password storage tables or password hash/salt fields were added. | |
| 35 | +| Do not add fake login behavior | PASS | No runtime/auth files changed; the temporary DML setup user is inactive and has no auth provider. | |
| 36 | +| Seed roles by role key | PASS | Temporary DML uses role keys such as `role-admin`, `role-creator`, `role-user`, and `role-guest`. | |
| 37 | +| Seed user_roles by userKey and roleKey | PASS | Temporary DML inserts `user_roles` with `userKey` and `roleKey`. | |
| 38 | +| Mark temporary DML as review/dev setup only | PASS | DML header states it is a temporary setup/review artifact and DEV review only until Admin -> Site Setup owns setup behavior. | |
| 39 | + |
| 40 | +## Identity Schema Governance Audit |
| 41 | + |
| 42 | +PASS: `users` uses: |
| 43 | + |
| 44 | +- `key text PRIMARY KEY` |
| 45 | +- `createdAt` |
| 46 | +- `updatedAt` |
| 47 | +- `createdBy` referencing `users(key)` |
| 48 | +- `updatedBy` referencing `users(key)` |
| 49 | + |
| 50 | +PASS: `roles` uses: |
| 51 | + |
| 52 | +- `key text PRIMARY KEY` |
| 53 | +- `createdAt` |
| 54 | +- `updatedAt` |
| 55 | +- `createdBy` referencing `users(key)` |
| 56 | +- `updatedBy` referencing `users(key)` |
| 57 | + |
| 58 | +PASS: `user_roles` uses: |
| 59 | + |
| 60 | +- `key text PRIMARY KEY` |
| 61 | +- `userKey` referencing `users(key)` |
| 62 | +- `roleKey` referencing `roles(key)` |
| 63 | +- `createdAt` |
| 64 | +- `updatedAt` |
| 65 | +- `createdBy` referencing `users(key)` |
| 66 | +- `updatedBy` referencing `users(key)` |
| 67 | + |
| 68 | +PASS: Legacy identity ownership patterns are absent from the DDL/DML files. |
| 69 | + |
| 70 | +## DDL/DML Location Audit |
| 71 | + |
| 72 | +PASS: DDL is only under `docs_build/database/ddl/`. |
| 73 | + |
| 74 | +PASS: Temporary DML/setup SQL is only under `docs_build/database/dml/`. |
| 75 | + |
| 76 | +PASS: No `.sql` or `.ddl` files exist under `src/` or `docs/`. |
| 77 | + |
| 78 | +## MEM DB Reintroduction Audit |
| 79 | + |
| 80 | +PASS: Scoped database governance files were scanned and do not contain MEM DB, Local Mem, or MockDbAdapter references. |
| 81 | + |
| 82 | +## Validation Lane Report |
| 83 | + |
| 84 | +Playwright impacted: No. |
| 85 | + |
| 86 | +No Playwright impact. This PR is a DDL/DML governance fix only. |
| 87 | + |
| 88 | +Validation commands: |
| 89 | + |
| 90 | +- PASS: `git diff --check` |
| 91 | +- PASS: no DDL files under `src/` or `docs/` |
| 92 | +- PASS: identity DDL key-primary audit |
| 93 | +- PASS: identity DDL audit-field audit |
| 94 | +- PASS: ownership fields reference `users.key` |
| 95 | +- PASS: no legacy id-based identity ownership patterns remain in DDL/DML |
| 96 | +- PASS: no MEM DB references in database governance files |
| 97 | +- PASS: no Supabase runtime wiring or password storage table references |
| 98 | +- PASS: temporary DML review/dev setup marker and key-reference audit |
| 99 | + |
| 100 | +## Manual Validation Notes |
| 101 | + |
| 102 | +- Confirmed the DDL no longer defines generated numeric or UUID identity ownership columns. |
| 103 | +- Confirmed the temporary setup SQL uses role keys and joins by `userKey` / `roleKey`. |
| 104 | +- Confirmed no runtime JavaScript, auth client, account page, fake login behavior, or Playwright test changes were made. |
| 105 | +- Full samples smoke test was not run because this PR is DDL/DML governance only. |
0 commit comments