Staging Force Rls Verification Checklist

# Staging FORCE RLS Re-enable Verification Checklist
 
Target date: 2026-02-18
Owner: Platform engineering  
Depends on: async RLS hardening PR (`withTenant()` coverage in worker + notifications) deployed first.
 
## 1) Pre-flight (must pass)
 
- [ ] Staging API deploy includes async hardening changes.
- [ ] Worker process is running and healthy.
- [ ] `DATABASE_URL` points to staging DB (not local/prod).
 
## 2) Apply migration
 
```bash
pnpm --filter @rgl8r/api exec prisma migrate deploy
```
 
- [ ] Migration `20260302000000_reenable_force_rls_tenant_tables` applies successfully.
 
## 3) Verify FORCE RLS state in DB
 
Run in `psql` on staging DB:
 
```sql
SELECT
  n.nspname AS schema_name,
  c.relname AS table_name,
  c.relrowsecurity AS rls_enabled,
  c.relforcerowsecurity AS force_rls_enabled
FROM pg_class c
JOIN pg_namespace n ON n.oid = c.relnamespace
WHERE n.nspname = 'app'
  AND c.relname IN (
    'sima_results',
    'sima_exposures',
    'sku_attributes',
    'attribute_validations',
    'shipments',
    'findings',
    'ship_job_shipments',
    'jobs',
    'ingestion_batches',
    'sku_ingestions',
    'audit_events',
    'value_events',
    'integration_keys',
    'integration_key_events',
    'wayfair_batches',
    'rule_definitions',
    'rule_executions',
    'tenant_detector_configs',
    'carrier_accounts',
    'carrier_contracts',
    'carrier_contract_versions',
    'tenant_notification_defaults',
    'notification_preferences',
    'notification_log',
    'guest_sessions'
  )
ORDER BY c.relname;
```
 
- [ ] Every listed table has `rls_enabled = true` and `force_rls_enabled = true`.
 
## 4) Smoke async lanes (post-migration)
 
- [ ] `ship_upload` completes.
- [ ] `order_upload` completes.
- [ ] `sima_validation` completes.
- [ ] `catalog_upload` completes (legacy `wayfair_upload` rows count under this lane).
- [ ] `notification_event` job completes.
- [ ] `notification_digest` job completes.
 
## 5) Safety checks
 
- [ ] SHIP carrier parity workflow runs and publishes artifact.
- [ ] No repeated `withTenant: invalid tenantId` or missing tenant-context errors in staging logs.
- [ ] No worker claim failures due to RLS context.
 
## 6) Rollback path (only if incident)
 
- Use migration rollback SQL at:
  - `apps/api/prisma/migrations/20260302000000_reenable_force_rls_tenant_tables/rollback.sql`
- Re-run smoke tests after rollback to confirm restoration.