Skip to main content

GLD Legacy Importer RLS Readiness

Status: planning only.

Use this page as the public portal entry point for the legacy importer RLS closeout tracked by issue #275. The canonical plan remains in GitHub: docs/gld-legacy-importer-rls-readiness-plan.md.

Current Purpose

A Supabase advisor run flagged RLS readiness gaps on older importer tables. The response is not a blanket production change. The safe path is to review table use, data sensitivity, grants, policies, service paths, and rollback before any migration exists.

Safety Boundaries

  • No database command has been run from this portal page.
  • No migration is approved by this page.
  • No anon grants are approved for the legacy importer tables.
  • No browser/client access is approved for raw importer tables.
  • No service role key belongs in browser code, public docs, issue comments, screenshots, or artifacts.
  • No hosted-dev, staging, or production Supabase project should be changed until a maintainer approves the policy set and rollback path.

Table Scope

The current planning scope covers seven legacy importer tables:

TablePublic/browser posture
public.source_accountsNo public/browser access
public.importer_runsNo public/browser access
public.source_itemsNo public/browser access
public.event_candidatesNo public/browser access until an approved operator path exists
public.event_candidate_sourcesNo public/browser access
public.validation_jobsNo public/browser access
public.confirmation_requestsNo public/browser access

Review Path

  1. Confirm whether each legacy table still has an active code path.
  2. Decide whether Data API exposure is needed. If not, keep the tables service-side only.
  3. Design RLS policies and grants together, not as separate fixes.
  4. Add read-only assertions for RLS status, grants, and policy inventory.
  5. Add service-path assertions before any write or migration proposal.
  6. Run Supabase advisors in the approved non-production target before any production discussion.
  7. Post only aggregate public-safe evidence back to issue #275.

Owner Acceptance

Use the owner acceptance packet in the canonical plan before closing the planning-only slice. Acceptance can cover planning readiness only; it does not approve a migration, Data API exposure change, public grant, hosted-dev change, staging change, or production change.

Stop Conditions

Stop before implementation if a migration would:

  • grant anon access to any legacy importer table
  • expose raw source text, source URLs, source IDs, raw HTML, validation traces, or recipient references
  • put a service role key into browser or public runtime paths
  • enable RLS without matching policy, grant, and service-path tests
  • change hosted-dev, staging, or production without maintainer approval