@derwinjs/db 0.6.0 → 0.8.0

package/dist/rag-retriever.js

@@ -122,6 +122,30 @@ export function createPrismaRAGRetriever(config) {
             }
             return { id };
         },
+        async updateOutcomeQuality(input) {
+            validateUpdateOutcomeQualityInput(input);
+            // Pattern D — tenant isolation. The WHERE clause scopes by both
+            // projectId AND fixAttemptId so a Sprint 7 Phase 5 update cannot
+            // bleed across tenants even if the caller mis-routes a fixAttemptId.
+            // Cross-tenant or missing-row → updateMany returns count=0; surface
+            // that as `{ updated: 0 }` per the contract (no throw).
+            //
+            // We deliberately use the typed `updateMany` (not raw SQL) because:
+            //   (a) the `embedding` column is Unsupported but we're not touching
+            //       it — we only set `outcomeQuality` (Float, fully typed); and
+            //   (b) `updateMany` returns the affected-row count, which we need to
+            //       hand back to the orchestrator for the audit trail.
+            const result = await prisma.rAGCorpus.updateMany({
+                where: {
+                    projectId: input.projectId,
+                    fixAttemptId: input.fixAttemptId,
+                },
+                data: {
+                    outcomeQuality: input.outcomeQuality,
+                },
+            });
+            return { updated: result.count };
+        },
     };
 }
 // ─── Helpers ─────────────────────────────────────────────────────────────
@@ -147,6 +171,20 @@ function validateFindSimilarInput(input) {
         throw new RAGRetrieverError('invalid_embedding_length', `queryEmbedding must be ${String(EMBEDDING_DIM)}-dim, got ${actual}`);
     }
 }
+function validateUpdateOutcomeQualityInput(input) {
+    if (typeof input.projectId !== 'string' || !input.projectId.trim()) {
+        throw new RAGRetrieverError('invalid_input', 'projectId is required');
+    }
+    if (typeof input.fixAttemptId !== 'string' || !input.fixAttemptId.trim()) {
+        throw new RAGRetrieverError('invalid_input', 'fixAttemptId is required');
+    }
+    if (typeof input.outcomeQuality !== 'number' ||
+        Number.isNaN(input.outcomeQuality) ||
+        input.outcomeQuality < 0 ||
+        input.outcomeQuality > 1) {
+        throw new RAGRetrieverError('invalid_input', 'outcomeQuality must be in [0, 1]');
+    }
+}
 function validatePersistInput(input) {
     if (typeof input.projectId !== 'string' || !input.projectId.trim()) {
         throw new RAGRetrieverError('invalid_input', 'projectId is required');

package/dist/rag-retriever.js.map

@@ -1 +1 @@
-{"version":3,"file":"rag-retriever.js","sourceRoot":"","sources":["../src/rag-retriever.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,aAAa,CAAC;AACxD,OAAO,EACL,iBAAiB,GAKlB,MAAM,eAAe,CAAC;AAEvB,6EAA6E;AAE7E,MAAM,aAAa,GAAG,IAAI,CAAC;AAC3B,MAAM,aAAa,GAAG,CAAC,CAAC;AAsBxB,4EAA4E;AAE5E,MAAM,UAAU,wBAAwB,CAAC,MAAgC;IACvE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1B,OAAO;QACL,KAAK,CAAC,WAAW,CAAC,KAAmC;YACnD,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAEhC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,aAAa,CAAC;YAC3C,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAEhE,8DAA8D;YAC9D,sEAAsE;YACtE,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO;gBACjC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAA,uBAAuB,KAAK,CAAC,OAAO,EAAE;gBAClD,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAEjB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,SAAS,CAAoB,MAAM,CAAC,GAAG,CAAA;;;;;;;;;gCASvC,aAAa;;8BAEf,KAAK,CAAC,SAAS;iCACZ,KAAK,CAAC,cAAc;YACzC,aAAa;iCACQ,aAAa;gBAC9B,KAAK;OACd,CAAC,CAAC;YAEH,sEAAsE;YACtE,qEAAqE;YACrE,wBAAwB;YACxB,OAAO,IAAI,CAAC,GAAG,CACb,CAAC,CAAC,EAAkB,EAAE,CAAC,CAAC;gBACtB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,UAAU,EAAE,CAAC,CAAC,UAAU;aACzB,CAAC,CACH,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,KAA+B;YAC3C,oBAAoB,CAAC,KAAK,CAAC,CAAC;YAE5B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;YACxB,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAE3D,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAA;;;;;gBAK3B,EAAE;gBACF,KAAK,CAAC,SAAS;gBACf,KAAK,CAAC,cAAc;gBACpB,KAAK,CAAC,OAAO;gBACb,KAAK,CAAC,UAAU;gBAChB,KAAK,CAAC,IAAI;gBACV,aAAa;gBACb,KAAK,CAAC,YAAY;gBAClB,KAAK,CAAC,cAAc;;;SAG3B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,mEAAmE;gBACnE,oEAAoE;gBACpE,kEAAkE;gBAClE,sDAAsD;gBACtD,IACE,GAAG,YAAY,MAAM,CAAC,6BAA6B;oBACnD,CAAC,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,EAC1D,CAAC;oBACD,MAAM,IAAI,iBAAiB,CACzB,cAAc,EACd,6DAA6D,EAC7D,GAAG,CACJ,CAAC;gBACJ,CAAC;gBACD,IAAI,GAAG,YAAY,KAAK,IAAI,uCAAuC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtF,MAAM,IAAI,iBAAiB,CACzB,cAAc,EACd,6DAA6D,EAC7D,GAAG,CACJ,CAAC;gBACJ,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,OAAO,EAAE,EAAE,EAAE,CAAC;QAChB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,4EAA4E;AAE5E,6EAA6E;AAC7E,SAAS,mBAAmB,CAAC,MAAgB;IAC3C,OAAO,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACtC,CAAC;AAED,6EAA6E;AAC7E,SAAS,UAAU;IACjB,OAAO,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAmC;IACnE,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;QACnE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;QAC7E,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,4BAA4B,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC;YAChD,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC;YACrC,CAAC,CAAC,WAAW,CAAC;QAChB,MAAM,IAAI,iBAAiB,CACzB,0BAA0B,EAC1B,0BAA0B,MAAM,CAAC,aAAa,CAAC,aAAa,MAAM,EAAE,CACrE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAA+B;IAC3D,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;QACnE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;QAC7E,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,4BAA4B,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/D,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,wBAAwB,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACzD,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QACzE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;QACnF,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,iCAAiC,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;QAChF,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QAC7F,MAAM,IAAI,iBAAiB,CACzB,0BAA0B,EAC1B,qBAAqB,MAAM,CAAC,aAAa,CAAC,aAAa,MAAM,EAAE,CAChE,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"rag-retriever.js","sourceRoot":"","sources":["../src/rag-retriever.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,aAAa,CAAC;AACxD,OAAO,EACL,iBAAiB,GAMlB,MAAM,eAAe,CAAC;AAEvB,6EAA6E;AAE7E,MAAM,aAAa,GAAG,IAAI,CAAC;AAC3B,MAAM,aAAa,GAAG,CAAC,CAAC;AAsBxB,4EAA4E;AAE5E,MAAM,UAAU,wBAAwB,CAAC,MAAgC;IACvE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1B,OAAO;QACL,KAAK,CAAC,WAAW,CAAC,KAAmC;YACnD,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAEhC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,aAAa,CAAC;YAC3C,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAEhE,8DAA8D;YAC9D,sEAAsE;YACtE,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO;gBACjC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAA,uBAAuB,KAAK,CAAC,OAAO,EAAE;gBAClD,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAEjB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,SAAS,CAAoB,MAAM,CAAC,GAAG,CAAA;;;;;;;;;gCASvC,aAAa;;8BAEf,KAAK,CAAC,SAAS;iCACZ,KAAK,CAAC,cAAc;YACzC,aAAa;iCACQ,aAAa;gBAC9B,KAAK;OACd,CAAC,CAAC;YAEH,sEAAsE;YACtE,qEAAqE;YACrE,wBAAwB;YACxB,OAAO,IAAI,CAAC,GAAG,CACb,CAAC,CAAC,EAAkB,EAAE,CAAC,CAAC;gBACtB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,UAAU,EAAE,CAAC,CAAC,UAAU;aACzB,CAAC,CACH,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,KAA+B;YAC3C,oBAAoB,CAAC,KAAK,CAAC,CAAC;YAE5B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;YACxB,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAE3D,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAA;;;;;gBAK3B,EAAE;gBACF,KAAK,CAAC,SAAS;gBACf,KAAK,CAAC,cAAc;gBACpB,KAAK,CAAC,OAAO;gBACb,KAAK,CAAC,UAAU;gBAChB,KAAK,CAAC,IAAI;gBACV,aAAa;gBACb,KAAK,CAAC,YAAY;gBAClB,KAAK,CAAC,cAAc;;;SAG3B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,mEAAmE;gBACnE,oEAAoE;gBACpE,kEAAkE;gBAClE,sDAAsD;gBACtD,IACE,GAAG,YAAY,MAAM,CAAC,6BAA6B;oBACnD,CAAC,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,EAC1D,CAAC;oBACD,MAAM,IAAI,iBAAiB,CACzB,cAAc,EACd,6DAA6D,EAC7D,GAAG,CACJ,CAAC;gBACJ,CAAC;gBACD,IAAI,GAAG,YAAY,KAAK,IAAI,uCAAuC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtF,MAAM,IAAI,iBAAiB,CACzB,cAAc,EACd,6DAA6D,EAC7D,GAAG,CACJ,CAAC;gBACJ,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,OAAO,EAAE,EAAE,EAAE,CAAC;QAChB,CAAC;QAED,KAAK,CAAC,oBAAoB,CACxB,KAA4C;YAE5C,iCAAiC,CAAC,KAAK,CAAC,CAAC;YAEzC,gEAAgE;YAChE,iEAAiE;YACjE,qEAAqE;YACrE,oEAAoE;YACpE,wDAAwD;YACxD,EAAE;YACF,oEAAoE;YACpE,qEAAqE;YACrE,oEAAoE;YACpE,sEAAsE;YACtE,2DAA2D;YAC3D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC;gBAC/C,KAAK,EAAE;oBACL,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,YAAY,EAAE,KAAK,CAAC,YAAY;iBACjC;gBACD,IAAI,EAAE;oBACJ,cAAc,EAAE,KAAK,CAAC,cAAc;iBACrC;aACF,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;QACnC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,4EAA4E;AAE5E,6EAA6E;AAC7E,SAAS,mBAAmB,CAAC,MAAgB;IAC3C,OAAO,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACtC,CAAC;AAED,6EAA6E;AAC7E,SAAS,UAAU;IACjB,OAAO,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAmC;IACnE,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;QACnE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;QAC7E,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,4BAA4B,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC;YAChD,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC;YACrC,CAAC,CAAC,WAAW,CAAC;QAChB,MAAM,IAAI,iBAAiB,CACzB,0BAA0B,EAC1B,0BAA0B,MAAM,CAAC,aAAa,CAAC,aAAa,MAAM,EAAE,CACrE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iCAAiC,CAAC,KAA4C;IACrF,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;QACnE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QACzE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IAC3E,CAAC;IACD,IACE,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ;QACxC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC;QAClC,KAAK,CAAC,cAAc,GAAG,CAAC;QACxB,KAAK,CAAC,cAAc,GAAG,CAAC,EACxB,CAAC;QACD,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,kCAAkC,CAAC,CAAC;IACnF,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAA+B;IAC3D,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;QACnE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;QAC7E,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,4BAA4B,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/D,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,wBAAwB,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACzD,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QACzE,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;QACnF,MAAM,IAAI,iBAAiB,CAAC,eAAe,EAAE,iCAAiC,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;QAChF,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QAC7F,MAAM,IAAI,iBAAiB,CACzB,0BAA0B,EAC1B,qBAAqB,MAAM,CAAC,aAAa,CAAC,aAAa,MAAM,EAAE,CAChE,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/regression-detector.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Default RegressionDetector — QAP-Sprint7 Phase 3 / QAP-071.
+ *
+ * Stock implementation of the SDK RegressionDetector callback type
+ * (packages/sdk/src/types/regression-detector.ts). Wires `QATicketStore.listQATickets`
+ * with (classification, surface, ageHours, status) filters to find newly-opened
+ * tickets matching the original ticket's classification + surface within
+ * `withinDays` of `sinceMergedAt`. Returns true iff at least one such ticket
+ * exists (excluding the original ticket itself).
+ *
+ * Why a callback factory in @derwinjs/db rather than a stateful adapter:
+ *   The RegressionDetector contract is intentionally a function type — not
+ *   every consumer reads QA tickets to decide regression. A telemetry-driven
+ *   Datadog/OpenTelemetry impl would query metrics instead. This file provides
+ *   the *default* QATicketStore-backed callback that runPostVerify wires when
+ *   the consumer opts into Derwin's standard regression-detection rule.
+ *
+ * Tenant isolation: the projectId argument from the callback flows directly
+ * into ticketStore.getQATicket and ticketStore.listQATickets, both of which
+ * are tenant-scoped per QAP-018B. No cross-project leakage is possible at
+ * this layer.
+ *
+ * Failure semantics: the callback never throws. Defense-in-depth — if the
+ * original ticket cannot be resolved (missing or cross-tenant), return false
+ * (no original means no regression context). This mirrors the orchestrator's
+ * "regression detection MUST NOT abort the post-verify path" rule. The
+ * upstream caller (runPostVerify) additionally wraps the call in try/catch
+ * for the same defensive posture.
+ */
+import type { QATicketStore, RegressionDetector } from '@derwinjs/sdk';
+export interface PrismaRegressionDetectorConfig {
+    /**
+     * QATicketStore instance — the same instance the rest of the platform uses,
+     * so the lookups respect the same tenant scope and DB connection pool.
+     */
+    ticketStore: QATicketStore;
+}
+/**
+ * Build a RegressionDetector backed by QATicketStore.listQATickets.
+ *
+ * The returned callback is invoked by runPostVerify when post-verify reports
+ * failure signals after a merge — see packages/core/src/orchestrator/run-post-verify.ts.
+ */
+export declare function createPrismaRegressionDetector(config: PrismaRegressionDetectorConfig): RegressionDetector;
+//# sourceMappingURL=regression-detector.d.ts.map

package/dist/regression-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"regression-detector.d.ts","sourceRoot":"","sources":["../src/regression-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAIvE,MAAM,WAAW,8BAA8B;IAC7C;;;OAGG;IACH,WAAW,EAAE,aAAa,CAAC;CAC5B;AAQD;;;;;GAKG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,8BAA8B,GACrC,kBAAkB,CAyCpB"}

package/dist/regression-detector.js

@@ -0,0 +1,78 @@
+/**
+ * Default RegressionDetector — QAP-Sprint7 Phase 3 / QAP-071.
+ *
+ * Stock implementation of the SDK RegressionDetector callback type
+ * (packages/sdk/src/types/regression-detector.ts). Wires `QATicketStore.listQATickets`
+ * with (classification, surface, ageHours, status) filters to find newly-opened
+ * tickets matching the original ticket's classification + surface within
+ * `withinDays` of `sinceMergedAt`. Returns true iff at least one such ticket
+ * exists (excluding the original ticket itself).
+ *
+ * Why a callback factory in @derwinjs/db rather than a stateful adapter:
+ *   The RegressionDetector contract is intentionally a function type — not
+ *   every consumer reads QA tickets to decide regression. A telemetry-driven
+ *   Datadog/OpenTelemetry impl would query metrics instead. This file provides
+ *   the *default* QATicketStore-backed callback that runPostVerify wires when
+ *   the consumer opts into Derwin's standard regression-detection rule.
+ *
+ * Tenant isolation: the projectId argument from the callback flows directly
+ * into ticketStore.getQATicket and ticketStore.listQATickets, both of which
+ * are tenant-scoped per QAP-018B. No cross-project leakage is possible at
+ * this layer.
+ *
+ * Failure semantics: the callback never throws. Defense-in-depth — if the
+ * original ticket cannot be resolved (missing or cross-tenant), return false
+ * (no original means no regression context). This mirrors the orchestrator's
+ * "regression detection MUST NOT abort the post-verify path" rule. The
+ * upstream caller (runPostVerify) additionally wraps the call in try/catch
+ * for the same defensive posture.
+ */
+// ─── Constants ────────────────────────────────────────────────────────────
+const HOURS_PER_DAY = 24;
+// ─── Factory ─────────────────────────────────────────────────────────────
+/**
+ * Build a RegressionDetector backed by QATicketStore.listQATickets.
+ *
+ * The returned callback is invoked by runPostVerify when post-verify reports
+ * failure signals after a merge — see packages/core/src/orchestrator/run-post-verify.ts.
+ */
+export function createPrismaRegressionDetector(config) {
+    const { ticketStore } = config;
+    return async ({ projectId, qaTicketId, sinceMergedAt, withinDays }) => {
+        // (1) Fetch the original ticket. Both not-found and cross-tenant
+        // collisions return null per the QATicketStore contract — either way,
+        // returning false here is the correct defensive answer (no original →
+        // no regression context to evaluate).
+        const original = await ticketStore.getQATicket({ id: qaTicketId, projectId });
+        if (original === null) {
+            return false;
+        }
+        // (2) List candidate regression tickets via the store's existing filter
+        // shape. We narrow on (classification, surface) to scope to the same
+        // failure family, on ageHoursMax = withinDays * 24 to bound the search
+        // window, and on status: 'OPEN' so already-resolved historical tickets
+        // don't generate false positives. ageHoursMin: 0 is the floor.
+        const candidates = await ticketStore.listQATickets({
+            projectId,
+            classification: original.classification,
+            surface: original.surface,
+            ageHoursMin: 0,
+            ageHoursMax: withinDays * HOURS_PER_DAY,
+            status: 'OPEN',
+        });
+        // (3) Paranoia filter — listQATickets uses age (relative to "now"), not
+        // an absolute timestamp, and the original's age might place IT inside
+        // the window too. We exclude (a) tickets created at or before the merge
+        // moment and (b) the original ticket itself. The combination means:
+        // only tickets opened strictly AFTER the merge that are NOT the original
+        // count as regressions.
+        const mergedAtMs = sinceMergedAt.getTime();
+        const matches = candidates.tickets.filter((t) => {
+            if (t.id === qaTicketId)
+                return false;
+            return t.createdAt.getTime() > mergedAtMs;
+        });
+        return matches.length > 0;
+    };
+}
+//# sourceMappingURL=regression-detector.js.map

package/dist/regression-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"regression-detector.js","sourceRoot":"","sources":["../src/regression-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAcH,6EAA6E;AAE7E,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB,4EAA4E;AAE5E;;;;;GAKG;AACH,MAAM,UAAU,8BAA8B,CAC5C,MAAsC;IAEtC,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;IAE/B,OAAO,KAAK,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,EAAE,EAAE;QACpE,iEAAiE;QACjE,sEAAsE;QACtE,sEAAsE;QACtE,sCAAsC;QACtC,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9E,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,wEAAwE;QACxE,qEAAqE;QACrE,uEAAuE;QACvE,uEAAuE;QACvE,+DAA+D;QAC/D,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC;YACjD,SAAS;YACT,cAAc,EAAE,QAAQ,CAAC,cAAc;YACvC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,WAAW,EAAE,CAAC;YACd,WAAW,EAAE,UAAU,GAAG,aAAa;YACvC,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;QAEH,wEAAwE;QACxE,sEAAsE;QACtE,wEAAwE;QACxE,oEAAoE;QACpE,yEAAyE;QACzE,wBAAwB;QACxB,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAC9C,IAAI,CAAC,CAAC,EAAE,KAAK,UAAU;gBAAE,OAAO,KAAK,CAAC;YACtC,OAAO,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,UAAU,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC;AACJ,CAAC"}

package/dist/trust-threshold-config-store.d.ts

@@ -0,0 +1,20 @@
+/**
+ * createPrismaTrustThresholdConfigStore — Prisma-backed implementation of
+ * the SDK TrustThresholdConfigStore contract introduced by QAP-082.
+ *
+ * Sprint 8 Phase 2 (Policy Governance). The config is stored as a JSON
+ * column on Project.trustThresholds. Null in storage means "use defaults".
+ *
+ * Tenant isolation: every method scopes by projectId. Pattern D applies —
+ * unknown / wrong-project lookups return DEFAULT_TRUST_THRESHOLDS rather
+ * than throwing or leaking existence (defense-in-depth against tenant
+ * enumeration).
+ */
+import type { PrismaClient } from './prisma.js';
+import { type TrustThresholdConfigStore } from '@derwinjs/sdk';
+export interface PrismaTrustThresholdConfigStoreConfig {
+    /** Generated Prisma client. Pass an instance per process. */
+    prisma: PrismaClient;
+}
+export declare function createPrismaTrustThresholdConfigStore(config: PrismaTrustThresholdConfigStoreConfig): TrustThresholdConfigStore;
+//# sourceMappingURL=trust-threshold-config-store.d.ts.map

package/dist/trust-threshold-config-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-threshold-config-store.d.ts","sourceRoot":"","sources":["../src/trust-threshold-config-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAIL,KAAK,yBAAyB,EAC/B,MAAM,eAAe,CAAC;AAIvB,MAAM,WAAW,qCAAqC;IACpD,6DAA6D;IAC7D,MAAM,EAAE,YAAY,CAAC;CACtB;AA8DD,wBAAgB,qCAAqC,CACnD,MAAM,EAAE,qCAAqC,GAC5C,yBAAyB,CA4B3B"}

package/dist/trust-threshold-config-store.js

@@ -0,0 +1,88 @@
+/**
+ * createPrismaTrustThresholdConfigStore — Prisma-backed implementation of
+ * the SDK TrustThresholdConfigStore contract introduced by QAP-082.
+ *
+ * Sprint 8 Phase 2 (Policy Governance). The config is stored as a JSON
+ * column on Project.trustThresholds. Null in storage means "use defaults".
+ *
+ * Tenant isolation: every method scopes by projectId. Pattern D applies —
+ * unknown / wrong-project lookups return DEFAULT_TRUST_THRESHOLDS rather
+ * than throwing or leaking existence (defense-in-depth against tenant
+ * enumeration).
+ */
+import { DEFAULT_TRUST_THRESHOLDS, TrustThresholdConfigError, } from '@derwinjs/sdk';
+// ─── Validation ──────────────────────────────────────────────────────────
+/**
+ * Each threshold must be a finite integer in [0, 100]. We accept floats
+ * because the JSON column can store them, but the dispatcher's comparison
+ * is integer-percent semantically; reject NaN / Infinity / out-of-range.
+ */
+function validateConfig(config) {
+    for (const [key, value] of [
+        ['low', config.low],
+        ['medium', config.medium],
+        ['high', config.high],
+    ]) {
+        if (typeof value !== 'number' || !Number.isFinite(value)) {
+            throw new TrustThresholdConfigError('invalid_input', `TrustThresholdConfig: ${key} must be a finite number (got ${String(value)})`);
+        }
+        if (value < 0 || value > 100) {
+            throw new TrustThresholdConfigError('invalid_input', `TrustThresholdConfig: ${key} must be in [0, 100] (got ${String(value)})`);
+        }
+    }
+}
+/**
+ * Best-effort coercion of an unknown JSON value into a TrustThresholdConfig.
+ * Returns null if the shape is wrong — caller falls back to defaults. We
+ * intentionally do not throw here: defense-in-depth so a corrupted row
+ * doesn't cascade into a runtime error.
+ */
+function tryParseConfig(value) {
+    if (value !== null &&
+        typeof value === 'object' &&
+        !Array.isArray(value) &&
+        'low' in value &&
+        'medium' in value &&
+        'high' in value) {
+        const v = value;
+        if (typeof v.low === 'number' &&
+            typeof v.medium === 'number' &&
+            typeof v.high === 'number' &&
+            Number.isFinite(v.low) &&
+            Number.isFinite(v.medium) &&
+            Number.isFinite(v.high)) {
+            return { low: v.low, medium: v.medium, high: v.high };
+        }
+    }
+    return null;
+}
+// ─── Factory ─────────────────────────────────────────────────────────────
+export function createPrismaTrustThresholdConfigStore(config) {
+    const { prisma } = config;
+    return {
+        async getConfig(input) {
+            const project = await prisma.project.findUnique({
+                where: { id: input.projectId },
+                select: { trustThresholds: true },
+            });
+            if (project === null)
+                return { ...DEFAULT_TRUST_THRESHOLDS };
+            const parsed = tryParseConfig(project.trustThresholds);
+            return parsed ?? { ...DEFAULT_TRUST_THRESHOLDS };
+        },
+        async setConfig(input) {
+            validateConfig(input.config);
+            await prisma.project.update({
+                where: { id: input.projectId },
+                data: {
+                    trustThresholds: {
+                        low: input.config.low,
+                        medium: input.config.medium,
+                        high: input.config.high,
+                    },
+                },
+            });
+        },
+    };
+}
+//# sourceMappingURL=trust-threshold-config-store.js.map

package/dist/trust-threshold-config-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-threshold-config-store.js","sourceRoot":"","sources":["../src/trust-threshold-config-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EACL,wBAAwB,EACxB,yBAAyB,GAG1B,MAAM,eAAe,CAAC;AASvB,4EAA4E;AAE5E;;;;GAIG;AACH,SAAS,cAAc,CAAC,MAA4B;IAClD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI;QACzB,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;QACnB,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC;QACzB,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC;KACb,EAAE,CAAC;QACX,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,yBAAyB,CACjC,eAAe,EACf,yBAAyB,GAAG,iCAAiC,MAAM,CAAC,KAAK,CAAC,GAAG,CAC9E,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;YAC7B,MAAM,IAAI,yBAAyB,CACjC,eAAe,EACf,yBAAyB,GAAG,6BAA6B,MAAM,CAAC,KAAK,CAAC,GAAG,CAC1E,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,KAAc;IACpC,IACE,KAAK,KAAK,IAAI;QACd,OAAO,KAAK,KAAK,QAAQ;QACzB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACrB,KAAK,IAAI,KAAK;QACd,QAAQ,IAAI,KAAK;QACjB,MAAM,IAAI,KAAK,EACf,CAAC;QACD,MAAM,CAAC,GAAG,KAAgC,CAAC;QAC3C,IACE,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;YACzB,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;YAC5B,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAC1B,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YACtB,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;YACzB,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EACvB,CAAC;YACD,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,4EAA4E;AAE5E,MAAM,UAAU,qCAAqC,CACnD,MAA6C;IAE7C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1B,OAAO;QACL,KAAK,CAAC,SAAS,CAAC,KAA4B;YAC1C,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;gBAC9C,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;gBAC9B,MAAM,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;YACH,IAAI,OAAO,KAAK,IAAI;gBAAE,OAAO,EAAE,GAAG,wBAAwB,EAAE,CAAC;YAC7D,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACvD,OAAO,MAAM,IAAI,EAAE,GAAG,wBAAwB,EAAE,CAAC;QACnD,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,KAA0D;YACxE,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC7B,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;gBAC1B,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;gBAC9B,IAAI,EAAE;oBACJ,eAAe,EAAE;wBACf,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG;wBACrB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM;wBAC3B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI;qBACxB;iBACF;aACF,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@derwinjs/db",
-  "version": "0.6.0",
+  "version": "0.8.0",
   "description": "Prisma schema + migrations for Derwin's own Postgres. 14 models, project-namespaced. Per ADR-0005. Ships its own generated Prisma client (multi-platform binaries) for cross-consumer compatibility.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",
@@ -33,8 +33,8 @@
   },
   "dependencies": {
     "@prisma/client": "^5.22.0",
-    "@derwinjs/core": "0.6.0",
-    "@derwinjs/sdk": "0.6.0"
+    "@derwinjs/core": "0.8.0",
+    "@derwinjs/sdk": "0.8.0"
   },
   "devDependencies": {
     "@vitest/coverage-v8": "^2.1.9",

package/prisma/migrations/20260507120000_sprint8_policy_governance/migration.sql

@@ -0,0 +1,58 @@
+-- Sprint 8 (QAP-080..081) — Policy governance: path-tier rules + classification override table.
+--
+-- Promotes Policy.pathRules / Policy.classificationOverrides JSON columns to
+-- first-class tables so the policy-editor UI (Sprint 9 / QAP-088) can render,
+-- reorder, and audit them as discrete rows. The legacy JSON fields on Policy
+-- stay for back-compat with QAP-013's createPrismaFixPolicy until Sprint 9
+-- migrates the read path.
+--
+-- Idempotent (IF NOT EXISTS) — safe to re-run on environments where the
+-- enum or tables already exist.
+
+-- 1. Project.defaultTier — fallback tier when no PathTierRule matches.
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "defaultTier" "derwin"."RiskTier" NOT NULL DEFAULT 'LOW';
+
+-- 2. OverrideMode enum.
+DO $$ BEGIN
+  CREATE TYPE "derwin"."OverrideMode" AS ENUM ('BLOCK_AUTO_FIX', 'FORCE_ESCALATION', 'DOWNGRADE_TIER');
+EXCEPTION
+  WHEN duplicate_object THEN NULL;
+END $$;
+
+-- 3. PathTierRule.
+CREATE TABLE IF NOT EXISTS "derwin"."path_tier_rules" (
+  "id"        TEXT PRIMARY KEY,
+  "projectId" TEXT NOT NULL,
+  "pattern"   TEXT NOT NULL,
+  "tier"      "derwin"."RiskTier" NOT NULL,
+  "priority"  INTEGER NOT NULL,
+  "reason"    TEXT,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  "updatedAt" TIMESTAMP(3) NOT NULL,
+  CONSTRAINT "path_tier_rules_projectId_fkey"
+    FOREIGN KEY ("projectId") REFERENCES "derwin"."projects"("id")
+    ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS "path_tier_rules_projectId_priority_idx"
+  ON "derwin"."path_tier_rules" ("projectId", "priority");
+
+-- 4. ClassificationOverride.
+CREATE TABLE IF NOT EXISTS "derwin"."classification_overrides" (
+  "id"             TEXT PRIMARY KEY,
+  "projectId"      TEXT NOT NULL,
+  "classification" TEXT NOT NULL,
+  "surface"        TEXT,
+  "overrideMode"   "derwin"."OverrideMode" NOT NULL,
+  "downgradeTier"  "derwin"."RiskTier",
+  "reason"         TEXT NOT NULL,
+  "createdBy"      TEXT NOT NULL,
+  "createdAt"      TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "classification_overrides_projectId_fkey"
+    FOREIGN KEY ("projectId") REFERENCES "derwin"."projects"("id")
+    ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS "classification_overrides_projectId_classification_surface_idx"
+  ON "derwin"."classification_overrides" ("projectId", "classification", "surface");

package/prisma/migrations/20260507120100_sprint8_phase2_thresholds_and_freeze/migration.sql

@@ -0,0 +1,33 @@
+-- Sprint 8 Phase 2 (QAP-082..083) — Trust threshold config + freeze windows.
+--
+-- Phase 1 (20260507120000_sprint8_policy_governance) added PathTierRule,
+-- ClassificationOverride, and Project.defaultTier. Phase 2 layers on:
+--   1. Project.trustThresholds JSONB — per-tier minimum trustPercent for
+--      auto-fix dispatch. Null → use SDK defaults ({low:60, medium:80, high:95}).
+--   2. freeze_windows table — operator-defined recurring dispatch freeze
+--      windows. Cron-driven, 5-field, no seconds.
+--
+-- Idempotent (IF NOT EXISTS). Safe to re-run on environments where Phase 1
+-- already landed but Phase 2 didn't.
+
+-- 1. Project.trustThresholds — JSONB, nullable.
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "trustThresholds" JSONB;
+
+-- 2. FreezeWindow.
+CREATE TABLE IF NOT EXISTS "derwin"."freeze_windows" (
+  "id"              TEXT PRIMARY KEY,
+  "projectId"       TEXT NOT NULL,
+  "cronExpression"  TEXT NOT NULL,
+  "durationMinutes" INTEGER NOT NULL,
+  "label"           TEXT NOT NULL,
+  "blocksDispatch"  BOOLEAN NOT NULL DEFAULT TRUE,
+  "enabled"         BOOLEAN NOT NULL DEFAULT TRUE,
+  "createdAt"       TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "freeze_windows_projectId_fkey"
+    FOREIGN KEY ("projectId") REFERENCES "derwin"."projects"("id")
+    ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS "freeze_windows_projectId_enabled_idx"
+  ON "derwin"."freeze_windows" ("projectId", "enabled");

package/prisma/migrations/20260507120200_sprint8_phase3_budget_cap/migration.sql

@@ -0,0 +1,21 @@
+-- Sprint 8 Phase 3 (QAP-084) — Per-project budget cap + soft-warn pct.
+--
+-- Adds the budget-gate columns the BudgetGate contract reads:
+--   1. Project.monthlyBudgetUsd  — DOUBLE PRECISION, nullable. Null = NO_CAP.
+--   2. Project.budgetSoftWarnPct — DOUBLE PRECISION, default 0.8 (80%).
+--
+-- The dispatcher consults a BudgetGate before runFixCycle and refuses new
+-- auto-fix dispatches when month-to-date spend / monthlyBudgetUsd >= 1.0.
+-- Soft-warn (>= budgetSoftWarnPct, < 1.0) is observable but non-blocking;
+-- hard-stop (>= 1.0) blocks. NO_CAP (monthlyBudgetUsd IS NULL) is the
+-- pre-Phase-3 default and preserves legacy behavior for projects that have
+-- not opted into explicit USD caps.
+--
+-- Idempotent (IF NOT EXISTS). Safe to re-run on environments where Phase 1
+-- and Phase 2 have already landed but Phase 3 has not.
+
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "monthlyBudgetUsd" DOUBLE PRECISION;
+
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "budgetSoftWarnPct" DOUBLE PRECISION NOT NULL DEFAULT 0.8;

package/prisma/migrations/20260507120300_sprint8_phase4_kill_switches/migration.sql

@@ -0,0 +1,74 @@
+-- Sprint 8 Phase 4 (QAP-085 / QAP-086 / QAP-087) — Three kill switches.
+--
+-- Adds the schema the KillSwitchEvaluator contract reads/writes:
+--   1. Project.killSwitchConfig — JSONB, nullable. Per-project threshold
+--      overrides; null → use SDK defaults.
+--   2. KillSwitchType enum — three trigger discriminators.
+--   3. KillSwitchScope enum — three granularity discriminators.
+--   4. kill_switch_states table — history-preserving log of every trip.
+--
+-- The dispatcher consults a KillSwitchEvaluator before runFixCycle and
+-- refuses to dispatch when any matching engaged switch is present:
+--   - PROJECT or PLATFORM-scope switches block before ticket fetch.
+--   - CLASSIFICATION-scope switches block after ticket fetch when the
+--     ticket's classification + surface match the engaged switch's tuple.
+--
+-- History semantics: a new trip inserts a new row; an unblock flips
+-- engaged → false on the existing row; subsequent re-trips on the same
+-- tuple insert another row. This preserves the audit trail.
+--
+-- Idempotent (IF NOT EXISTS / DO ... EXCEPTION). Safe to re-run on
+-- environments where Phase 1 / Phase 2 / Phase 3 already landed but
+-- Phase 4 has not.
+
+-- 1. Project.killSwitchConfig — JSONB, nullable.
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "killSwitchConfig" JSONB;
+
+-- 2. KillSwitchType enum.
+DO $$ BEGIN
+  CREATE TYPE "derwin"."KillSwitchType" AS ENUM (
+    'SUCCESS_RATE_DROP',
+    'CONSECUTIVE_FAILURE',
+    'REGRESSION_CASCADE'
+  );
+EXCEPTION
+  WHEN duplicate_object THEN NULL;
+END $$;
+
+-- 3. KillSwitchScope enum.
+DO $$ BEGIN
+  CREATE TYPE "derwin"."KillSwitchScope" AS ENUM (
+    'CLASSIFICATION',
+    'PROJECT',
+    'PLATFORM'
+  );
+EXCEPTION
+  WHEN duplicate_object THEN NULL;
+END $$;
+
+-- 4. KillSwitchState table.
+CREATE TABLE IF NOT EXISTS "derwin"."kill_switch_states" (
+  "id"             TEXT PRIMARY KEY,
+  "projectId"      TEXT,
+  "classification" TEXT,
+  "surface"        TEXT,
+  "type"           "derwin"."KillSwitchType" NOT NULL,
+  "scope"          "derwin"."KillSwitchScope" NOT NULL,
+  "engaged"        BOOLEAN NOT NULL DEFAULT TRUE,
+  "engagedAt"      TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  "unblockedAt"    TIMESTAMP(3),
+  "unblockedBy"    TEXT,
+  "reason"         TEXT NOT NULL,
+  "triggerMetrics" JSONB NOT NULL,
+  "createdAt"      TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "kill_switch_states_projectId_fkey"
+    FOREIGN KEY ("projectId") REFERENCES "derwin"."projects"("id")
+    ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS "kill_switch_states_projectId_engaged_idx"
+  ON "derwin"."kill_switch_states" ("projectId", "engaged");
+
+CREATE INDEX IF NOT EXISTS "kill_switch_states_type_scope_engaged_idx"
+  ON "derwin"."kill_switch_states" ("type", "scope", "engaged");