From 82c0a50bef71e85ede4e1b3c5a076914a1a9786e Mon Sep 17 00:00:00 2001 From: TurtleWolfe Date: Sat, 4 Jul 2026 22:01:41 +0000 Subject: [PATCH] fix(db): #170 drop pre-#49 legacy schema leftovers (profiles, audit_logs, ...) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Six live-only objects survived from the deleted pre-#49 00000000000000_rls_foundation.sql era — absent from the monolithic migration (so fresh installs never had them) but lingering on prod. The 2026-07-04 schema-drift audit found them; this converges prod with a clean install. Objects dropped: tables public.profiles + public.audit_logs (with their pkey/FK/CHECK/indexes + 3 policies), functions handle_new_user() + handle_updated_at(), trigger profiles_updated_at. Safety — audited on the live DB before dropping (the "careful data-migration" concern from the issue is resolved: nothing real to save): - audit_logs: 8263 rows, ALL legacy 'user.signup', 8247 null-user + 16 E2E, ZERO real users. profiles: 16 rows, all E2E throwaways, zero real users. - Only handle_new_user referenced the BARE legacy tables (confirmed via word-boundary regex on pg_proc.prosrc); every canonical fn uses user_profiles/auth_audit_logs. handle_new_user was orphaned (no trigger). - No views or inbound FKs; the 3 policies auto-drop with the tables. Applied to prod via the Management API (monolithic-only, per CLAUDE.md), then added an idempotent PART 11 block to the monolith + legacy drops to 999_drop_all_tables.sql so prod and fresh installs converge. Verified post-drop on prod: - inventory: 0 legacy tables/functions/trigger; canonical tables/functions + on_auth_user_created trigger all intact. - signup smoke: a fresh auth.users insert wrote 1 user_profiles + 1 auth_audit_logs row (canonical), legacy tables absent — the exact #49 failure mode, now provably correct. - security advisor: the function_search_path_mutable flags on handle_new_user + handle_updated_at cleared. Closes #170 Co-Authored-By: Claude Fable 5 --- .../20251006_complete_monolithic_setup.sql | 24 +++++++++++++++++++ supabase/migrations/999_drop_all_tables.sql | 9 +++++++ 2 files changed, 33 insertions(+) diff --git a/supabase/migrations/20251006_complete_monolithic_setup.sql b/supabase/migrations/20251006_complete_monolithic_setup.sql index 8493d88d..085712b4 100644 --- a/supabase/migrations/20251006_complete_monolithic_setup.sql +++ b/supabase/migrations/20251006_complete_monolithic_setup.sql @@ -2505,5 +2505,29 @@ BEGIN END IF; END $$; +-- ============================================================================ +-- PART 11: LEGACY CLEANUP (#49 / #170) +-- ============================================================================ +-- Pre-#49 leftovers from an old conflicting `00000000000000_rls_foundation.sql` +-- migration (since deleted): the legacy `profiles` / `audit_logs` tables and +-- the old `handle_new_user()` signup trigger function that fed them (plus its +-- `handle_updated_at()` helper + `profiles_updated_at` trigger). The canonical +-- schema uses `user_profiles` / `auth_audit_logs` written by +-- `create_user_profile()` (see PART 8 + the on_auth_user_created trigger). +-- +-- A fresh install from this file never creates these objects, so this block is +-- ONLY to converge existing databases (prod) with a clean install. Verified +-- safe on prod 2026-07-04 by the schema-drift audit (#170): both tables held +-- ZERO real-user rows (audit_logs = 8263 legacy `user.signup` events, all +-- null/E2E; profiles = 16 E2E throwaways), no view/FK/canonical-function +-- referenced them, and handle_new_user was orphaned (no trigger fired it). +-- Dropping handle_new_user/handle_updated_at also clears their +-- function_search_path_mutable security-advisor flags. +DROP TRIGGER IF EXISTS profiles_updated_at ON public.profiles; +DROP TABLE IF EXISTS public.audit_logs CASCADE; +DROP TABLE IF EXISTS public.profiles CASCADE; +DROP FUNCTION IF EXISTS public.handle_new_user() CASCADE; +DROP FUNCTION IF EXISTS public.handle_updated_at() CASCADE; + -- Commit the transaction - everything succeeded COMMIT; diff --git a/supabase/migrations/999_drop_all_tables.sql b/supabase/migrations/999_drop_all_tables.sql index c6a936ff..7c3a0ef1 100644 --- a/supabase/migrations/999_drop_all_tables.sql +++ b/supabase/migrations/999_drop_all_tables.sql @@ -56,6 +56,12 @@ DROP TABLE IF EXISTS user_connections CASCADE; DROP TABLE IF EXISTS auth_audit_logs CASCADE; DROP TABLE IF EXISTS user_profiles CASCADE; +-- Pre-#49 legacy leftovers (#170) — no-ops on a clean DB, dropped here so a +-- full teardown clears them too if run against an older database. +DROP TRIGGER IF EXISTS profiles_updated_at ON public.profiles; +DROP TABLE IF EXISTS audit_logs CASCADE; +DROP TABLE IF EXISTS profiles CASCADE; + -- Drop trigger on auth.users if exists DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users; @@ -70,6 +76,9 @@ DROP FUNCTION IF EXISTS check_rate_limit(TEXT, TEXT, INET) CASCADE; DROP FUNCTION IF EXISTS record_failed_attempt(TEXT, TEXT, INET) CASCADE; DROP FUNCTION IF EXISTS update_conversation_timestamp() CASCADE; DROP FUNCTION IF EXISTS assign_sequence_number() CASCADE; +-- Pre-#49 legacy signup-trigger functions (#170) +DROP FUNCTION IF EXISTS handle_new_user() CASCADE; +DROP FUNCTION IF EXISTS handle_updated_at() CASCADE; -- ========================================= -- CLEANUP COMPLETE