@derwinjs/db 0.7.0 → 0.9.0

package/dist/project-mode-store.d.ts

@@ -0,0 +1,28 @@
+/**
+ * createPrismaProjectModeStore — Prisma-backed implementation of the SDK
+ * ProjectModeStore contract introduced by QAP-090.
+ *
+ * Sprint 9 (Policy + UI, Phase 1). Single choke point for reading and
+ * writing `Project.mode` (OBSERVE / TICKET_ONLY / AUTHOR / AUTO — see
+ * product brief §11.2). Every mode change goes through `setMode` so the
+ * audit log (ProjectModeLog) stays in lockstep with the Project row.
+ *
+ * Tenant isolation: every read scopes by projectId. `getMode` returns
+ * null for unknown projectId; `listLog` returns an empty array. `setMode`
+ * throws `project_not_found` (rather than returning null) because a
+ * mode-change call against a missing project is a caller bug, not a
+ * cross-tenant probe — this matches the operator UX of the policy editor.
+ *
+ * Atomicity: `setMode` wraps (a) read fromMode → (b) update Project.mode +
+ * modeChangedAt + modeChangedBy → (c) insert ProjectModeLog row in a
+ * single Prisma interactive transaction so a partial write never leaves
+ * the audit log out of sync with the Project row.
+ */
+import type { PrismaClient } from './prisma.js';
+import { type ProjectModeStore } from '@derwinjs/sdk';
+export interface PrismaProjectModeStoreConfig {
+    /** Generated Prisma client. Pass an instance per process. */
+    prisma: PrismaClient;
+}
+export declare function createPrismaProjectModeStore(config: PrismaProjectModeStoreConfig): ProjectModeStore;
+//# sourceMappingURL=project-mode-store.d.ts.map

package/dist/project-mode-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-mode-store.d.ts","sourceRoot":"","sources":["../src/project-mode-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAML,KAAK,gBAAgB,EAEtB,MAAM,eAAe,CAAC;AAIvB,MAAM,WAAW,4BAA4B;IAC3C,6DAA6D;IAC7D,MAAM,EAAE,YAAY,CAAC;CACtB;AAgED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,4BAA4B,GACnC,gBAAgB,CA+ElB"}

package/dist/project-mode-store.js

@@ -0,0 +1,126 @@
+/**
+ * createPrismaProjectModeStore — Prisma-backed implementation of the SDK
+ * ProjectModeStore contract introduced by QAP-090.
+ *
+ * Sprint 9 (Policy + UI, Phase 1). Single choke point for reading and
+ * writing `Project.mode` (OBSERVE / TICKET_ONLY / AUTHOR / AUTO — see
+ * product brief §11.2). Every mode change goes through `setMode` so the
+ * audit log (ProjectModeLog) stays in lockstep with the Project row.
+ *
+ * Tenant isolation: every read scopes by projectId. `getMode` returns
+ * null for unknown projectId; `listLog` returns an empty array. `setMode`
+ * throws `project_not_found` (rather than returning null) because a
+ * mode-change call against a missing project is a caller bug, not a
+ * cross-tenant probe — this matches the operator UX of the policy editor.
+ *
+ * Atomicity: `setMode` wraps (a) read fromMode → (b) update Project.mode +
+ * modeChangedAt + modeChangedBy → (c) insert ProjectModeLog row in a
+ * single Prisma interactive transaction so a partial write never leaves
+ * the audit log out of sync with the Project row.
+ */
+import { ProjectModeStoreError, ProjectModeValues, } from '@derwinjs/sdk';
+// ─── Validation ──────────────────────────────────────────────────────────
+function validateSetInput(input) {
+    if (typeof input.projectId !== 'string' || input.projectId.length === 0) {
+        throw new ProjectModeStoreError('invalid_input', 'ProjectModeStore: projectId is required');
+    }
+    if (!ProjectModeValues.includes(input.toMode)) {
+        throw new ProjectModeStoreError('invalid_mode', `ProjectModeStore: toMode must be one of ${ProjectModeValues.join(', ')} (got ${input.toMode})`);
+    }
+    if (typeof input.reason !== 'string' || input.reason.trim().length === 0) {
+        throw new ProjectModeStoreError('invalid_input', 'ProjectModeStore: reason is required');
+    }
+    if (typeof input.changedBy !== 'string' || input.changedBy.trim().length === 0) {
+        throw new ProjectModeStoreError('invalid_input', 'ProjectModeStore: changedBy is required');
+    }
+}
+function mapProjectRow(row) {
+    return {
+        projectId: row.id,
+        mode: row.mode,
+        modeChangedAt: row.modeChangedAt,
+        modeChangedBy: row.modeChangedBy,
+    };
+}
+function mapLogRow(row) {
+    return {
+        id: row.id,
+        projectId: row.projectId,
+        fromMode: row.fromMode,
+        toMode: row.toMode,
+        reason: row.reason,
+        changedBy: row.changedBy,
+        changedAt: row.changedAt,
+    };
+}
+// ─── Factory ─────────────────────────────────────────────────────────────
+export function createPrismaProjectModeStore(config) {
+    const { prisma } = config;
+    return {
+        async getMode(input) {
+            const row = await prisma.project.findUnique({
+                where: { id: input.projectId },
+                select: {
+                    id: true,
+                    mode: true,
+                    modeChangedAt: true,
+                    modeChangedBy: true,
+                },
+            });
+            if (row === null)
+                return null;
+            return mapProjectRow(row);
+        },
+        async setMode(input) {
+            validateSetInput(input);
+            // Atomic: read fromMode → update Project → insert log row.
+            // Interactive transaction so all three steps share a snapshot and
+            // commit together.
+            const updated = await prisma.$transaction(async (tx) => {
+                const existing = await tx.project.findUnique({
+                    where: { id: input.projectId },
+                    select: { id: true, mode: true },
+                });
+                if (existing === null) {
+                    throw new ProjectModeStoreError('project_not_found', `ProjectModeStore: project ${input.projectId} not found`);
+                }
+                const fromMode = existing.mode;
+                const now = new Date();
+                const next = await tx.project.update({
+                    where: { id: input.projectId },
+                    data: {
+                        mode: input.toMode,
+                        modeChangedAt: now,
+                        modeChangedBy: input.changedBy,
+                    },
+                    select: {
+                        id: true,
+                        mode: true,
+                        modeChangedAt: true,
+                        modeChangedBy: true,
+                    },
+                });
+                await tx.projectModeLog.create({
+                    data: {
+                        projectId: input.projectId,
+                        fromMode,
+                        toMode: input.toMode,
+                        reason: input.reason,
+                        changedBy: input.changedBy,
+                    },
+                });
+                return next;
+            });
+            return mapProjectRow(updated);
+        },
+        async listLog(input) {
+            const rows = await prisma.projectModeLog.findMany({
+                where: { projectId: input.projectId },
+                orderBy: { changedAt: 'desc' },
+                take: input.limit ?? 50,
+            });
+            return rows.map(mapLogRow);
+        },
+    };
+}
+//# sourceMappingURL=project-mode-store.js.map

package/dist/project-mode-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-mode-store.js","sourceRoot":"","sources":["../src/project-mode-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,OAAO,EACL,qBAAqB,EACrB,iBAAiB,GAMlB,MAAM,eAAe,CAAC;AASvB,4EAA4E;AAE5E,SAAS,gBAAgB,CAAC,KAA0B;IAClD,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,qBAAqB,CAAC,eAAe,EAAE,yCAAyC,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,qBAAqB,CAC7B,cAAc,EACd,2CAA2C,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,MAAM,GAAG,CAChG,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,qBAAqB,CAAC,eAAe,EAAE,sCAAsC,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/E,MAAM,IAAI,qBAAqB,CAAC,eAAe,EAAE,yCAAyC,CAAC,CAAC;IAC9F,CAAC;AACH,CAAC;AAWD,SAAS,aAAa,CAAC,GAAe;IACpC,OAAO;QACL,SAAS,EAAE,GAAG,CAAC,EAAE;QACjB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,aAAa,EAAE,GAAG,CAAC,aAAa;QAChC,aAAa,EAAE,GAAG,CAAC,aAAa;KACjC,CAAC;AACJ,CAAC;AAYD,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC;AACJ,CAAC;AAED,4EAA4E;AAE5E,MAAM,UAAU,4BAA4B,CAC1C,MAAoC;IAEpC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1B,OAAO;QACL,KAAK,CAAC,OAAO,CAAC,KAA4B;YACxC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;gBAC1C,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;gBAC9B,MAAM,EAAE;oBACN,EAAE,EAAE,IAAI;oBACR,IAAI,EAAE,IAAI;oBACV,aAAa,EAAE,IAAI;oBACnB,aAAa,EAAE,IAAI;iBACpB;aACF,CAAC,CAAC;YACH,IAAI,GAAG,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC;YAC9B,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,KAA0B;YACtC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YAExB,2DAA2D;YAC3D,kEAAkE;YAClE,mBAAmB;YACnB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE;gBACrD,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC;oBAC3C,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;oBAC9B,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;iBACjC,CAAC,CAAC;gBACH,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;oBACtB,MAAM,IAAI,qBAAqB,CAC7B,mBAAmB,EACnB,6BAA6B,KAAK,CAAC,SAAS,YAAY,CACzD,CAAC;gBACJ,CAAC;gBAED,MAAM,QAAQ,GAAgB,QAAQ,CAAC,IAAI,CAAC;gBAC5C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;gBAEvB,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;oBACnC,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;oBAC9B,IAAI,EAAE;wBACJ,IAAI,EAAE,KAAK,CAAC,MAAM;wBAClB,aAAa,EAAE,GAAG;wBAClB,aAAa,EAAE,KAAK,CAAC,SAAS;qBAC/B;oBACD,MAAM,EAAE;wBACN,EAAE,EAAE,IAAI;wBACR,IAAI,EAAE,IAAI;wBACV,aAAa,EAAE,IAAI;wBACnB,aAAa,EAAE,IAAI;qBACpB;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC;oBAC7B,IAAI,EAAE;wBACJ,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,QAAQ;wBACR,MAAM,EAAE,KAAK,CAAC,MAAM;wBACpB,MAAM,EAAE,KAAK,CAAC,MAAM;wBACpB,SAAS,EAAE,KAAK,CAAC,SAAS;qBAC3B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,CAAC;YAEH,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,KAA4C;YACxD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;gBAChD,KAAK,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE;gBACrC,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;gBAC9B,IAAI,EAAE,KAAK,CAAC,KAAK,IAAI,EAAE;aACxB,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/trust-threshold-config-store.d.ts

@@ -0,0 +1,20 @@
+/**
+ * createPrismaTrustThresholdConfigStore — Prisma-backed implementation of
+ * the SDK TrustThresholdConfigStore contract introduced by QAP-082.
+ *
+ * Sprint 8 Phase 2 (Policy Governance). The config is stored as a JSON
+ * column on Project.trustThresholds. Null in storage means "use defaults".
+ *
+ * Tenant isolation: every method scopes by projectId. Pattern D applies —
+ * unknown / wrong-project lookups return DEFAULT_TRUST_THRESHOLDS rather
+ * than throwing or leaking existence (defense-in-depth against tenant
+ * enumeration).
+ */
+import type { PrismaClient } from './prisma.js';
+import { type TrustThresholdConfigStore } from '@derwinjs/sdk';
+export interface PrismaTrustThresholdConfigStoreConfig {
+    /** Generated Prisma client. Pass an instance per process. */
+    prisma: PrismaClient;
+}
+export declare function createPrismaTrustThresholdConfigStore(config: PrismaTrustThresholdConfigStoreConfig): TrustThresholdConfigStore;
+//# sourceMappingURL=trust-threshold-config-store.d.ts.map

package/dist/trust-threshold-config-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-threshold-config-store.d.ts","sourceRoot":"","sources":["../src/trust-threshold-config-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAIL,KAAK,yBAAyB,EAC/B,MAAM,eAAe,CAAC;AAIvB,MAAM,WAAW,qCAAqC;IACpD,6DAA6D;IAC7D,MAAM,EAAE,YAAY,CAAC;CACtB;AA8DD,wBAAgB,qCAAqC,CACnD,MAAM,EAAE,qCAAqC,GAC5C,yBAAyB,CA4B3B"}

package/dist/trust-threshold-config-store.js

@@ -0,0 +1,88 @@
+/**
+ * createPrismaTrustThresholdConfigStore — Prisma-backed implementation of
+ * the SDK TrustThresholdConfigStore contract introduced by QAP-082.
+ *
+ * Sprint 8 Phase 2 (Policy Governance). The config is stored as a JSON
+ * column on Project.trustThresholds. Null in storage means "use defaults".
+ *
+ * Tenant isolation: every method scopes by projectId. Pattern D applies —
+ * unknown / wrong-project lookups return DEFAULT_TRUST_THRESHOLDS rather
+ * than throwing or leaking existence (defense-in-depth against tenant
+ * enumeration).
+ */
+import { DEFAULT_TRUST_THRESHOLDS, TrustThresholdConfigError, } from '@derwinjs/sdk';
+// ─── Validation ──────────────────────────────────────────────────────────
+/**
+ * Each threshold must be a finite integer in [0, 100]. We accept floats
+ * because the JSON column can store them, but the dispatcher's comparison
+ * is integer-percent semantically; reject NaN / Infinity / out-of-range.
+ */
+function validateConfig(config) {
+    for (const [key, value] of [
+        ['low', config.low],
+        ['medium', config.medium],
+        ['high', config.high],
+    ]) {
+        if (typeof value !== 'number' || !Number.isFinite(value)) {
+            throw new TrustThresholdConfigError('invalid_input', `TrustThresholdConfig: ${key} must be a finite number (got ${String(value)})`);
+        }
+        if (value < 0 || value > 100) {
+            throw new TrustThresholdConfigError('invalid_input', `TrustThresholdConfig: ${key} must be in [0, 100] (got ${String(value)})`);
+        }
+    }
+}
+/**
+ * Best-effort coercion of an unknown JSON value into a TrustThresholdConfig.
+ * Returns null if the shape is wrong — caller falls back to defaults. We
+ * intentionally do not throw here: defense-in-depth so a corrupted row
+ * doesn't cascade into a runtime error.
+ */
+function tryParseConfig(value) {
+    if (value !== null &&
+        typeof value === 'object' &&
+        !Array.isArray(value) &&
+        'low' in value &&
+        'medium' in value &&
+        'high' in value) {
+        const v = value;
+        if (typeof v.low === 'number' &&
+            typeof v.medium === 'number' &&
+            typeof v.high === 'number' &&
+            Number.isFinite(v.low) &&
+            Number.isFinite(v.medium) &&
+            Number.isFinite(v.high)) {
+            return { low: v.low, medium: v.medium, high: v.high };
+        }
+    }
+    return null;
+}
+// ─── Factory ─────────────────────────────────────────────────────────────
+export function createPrismaTrustThresholdConfigStore(config) {
+    const { prisma } = config;
+    return {
+        async getConfig(input) {
+            const project = await prisma.project.findUnique({
+                where: { id: input.projectId },
+                select: { trustThresholds: true },
+            });
+            if (project === null)
+                return { ...DEFAULT_TRUST_THRESHOLDS };
+            const parsed = tryParseConfig(project.trustThresholds);
+            return parsed ?? { ...DEFAULT_TRUST_THRESHOLDS };
+        },
+        async setConfig(input) {
+            validateConfig(input.config);
+            await prisma.project.update({
+                where: { id: input.projectId },
+                data: {
+                    trustThresholds: {
+                        low: input.config.low,
+                        medium: input.config.medium,
+                        high: input.config.high,
+                    },
+                },
+            });
+        },
+    };
+}
+//# sourceMappingURL=trust-threshold-config-store.js.map

package/dist/trust-threshold-config-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-threshold-config-store.js","sourceRoot":"","sources":["../src/trust-threshold-config-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EACL,wBAAwB,EACxB,yBAAyB,GAG1B,MAAM,eAAe,CAAC;AASvB,4EAA4E;AAE5E;;;;GAIG;AACH,SAAS,cAAc,CAAC,MAA4B;IAClD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI;QACzB,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;QACnB,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC;QACzB,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC;KACb,EAAE,CAAC;QACX,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,yBAAyB,CACjC,eAAe,EACf,yBAAyB,GAAG,iCAAiC,MAAM,CAAC,KAAK,CAAC,GAAG,CAC9E,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;YAC7B,MAAM,IAAI,yBAAyB,CACjC,eAAe,EACf,yBAAyB,GAAG,6BAA6B,MAAM,CAAC,KAAK,CAAC,GAAG,CAC1E,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,KAAc;IACpC,IACE,KAAK,KAAK,IAAI;QACd,OAAO,KAAK,KAAK,QAAQ;QACzB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACrB,KAAK,IAAI,KAAK;QACd,QAAQ,IAAI,KAAK;QACjB,MAAM,IAAI,KAAK,EACf,CAAC;QACD,MAAM,CAAC,GAAG,KAAgC,CAAC;QAC3C,IACE,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;YACzB,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;YAC5B,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAC1B,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YACtB,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;YACzB,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EACvB,CAAC;YACD,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,4EAA4E;AAE5E,MAAM,UAAU,qCAAqC,CACnD,MAA6C;IAE7C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1B,OAAO;QACL,KAAK,CAAC,SAAS,CAAC,KAA4B;YAC1C,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;gBAC9C,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;gBAC9B,MAAM,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;YACH,IAAI,OAAO,KAAK,IAAI;gBAAE,OAAO,EAAE,GAAG,wBAAwB,EAAE,CAAC;YAC7D,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACvD,OAAO,MAAM,IAAI,EAAE,GAAG,wBAAwB,EAAE,CAAC;QACnD,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,KAA0D;YACxE,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC7B,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;gBAC1B,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;gBAC9B,IAAI,EAAE;oBACJ,eAAe,EAAE;wBACf,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG;wBACrB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM;wBAC3B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI;qBACxB;iBACF;aACF,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@derwinjs/db",
-  "version": "0.7.0",
+  "version": "0.9.0",
   "description": "Prisma schema + migrations for Derwin's own Postgres. 14 models, project-namespaced. Per ADR-0005. Ships its own generated Prisma client (multi-platform binaries) for cross-consumer compatibility.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",
@@ -33,8 +33,8 @@
   },
   "dependencies": {
     "@prisma/client": "^5.22.0",
-    "@derwinjs/core": "0.7.0",
-    "@derwinjs/sdk": "0.7.0"
+    "@derwinjs/core": "0.9.0",
+    "@derwinjs/sdk": "0.9.0"
   },
   "devDependencies": {
     "@vitest/coverage-v8": "^2.1.9",

package/prisma/migrations/20260507120000_sprint8_policy_governance/migration.sql

@@ -0,0 +1,58 @@
+-- Sprint 8 (QAP-080..081) — Policy governance: path-tier rules + classification override table.
+--
+-- Promotes Policy.pathRules / Policy.classificationOverrides JSON columns to
+-- first-class tables so the policy-editor UI (Sprint 9 / QAP-088) can render,
+-- reorder, and audit them as discrete rows. The legacy JSON fields on Policy
+-- stay for back-compat with QAP-013's createPrismaFixPolicy until Sprint 9
+-- migrates the read path.
+--
+-- Idempotent (IF NOT EXISTS) — safe to re-run on environments where the
+-- enum or tables already exist.
+
+-- 1. Project.defaultTier — fallback tier when no PathTierRule matches.
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "defaultTier" "derwin"."RiskTier" NOT NULL DEFAULT 'LOW';
+
+-- 2. OverrideMode enum.
+DO $$ BEGIN
+  CREATE TYPE "derwin"."OverrideMode" AS ENUM ('BLOCK_AUTO_FIX', 'FORCE_ESCALATION', 'DOWNGRADE_TIER');
+EXCEPTION
+  WHEN duplicate_object THEN NULL;
+END $$;
+
+-- 3. PathTierRule.
+CREATE TABLE IF NOT EXISTS "derwin"."path_tier_rules" (
+  "id"        TEXT PRIMARY KEY,
+  "projectId" TEXT NOT NULL,
+  "pattern"   TEXT NOT NULL,
+  "tier"      "derwin"."RiskTier" NOT NULL,
+  "priority"  INTEGER NOT NULL,
+  "reason"    TEXT,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  "updatedAt" TIMESTAMP(3) NOT NULL,
+  CONSTRAINT "path_tier_rules_projectId_fkey"
+    FOREIGN KEY ("projectId") REFERENCES "derwin"."projects"("id")
+    ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS "path_tier_rules_projectId_priority_idx"
+  ON "derwin"."path_tier_rules" ("projectId", "priority");
+
+-- 4. ClassificationOverride.
+CREATE TABLE IF NOT EXISTS "derwin"."classification_overrides" (
+  "id"             TEXT PRIMARY KEY,
+  "projectId"      TEXT NOT NULL,
+  "classification" TEXT NOT NULL,
+  "surface"        TEXT,
+  "overrideMode"   "derwin"."OverrideMode" NOT NULL,
+  "downgradeTier"  "derwin"."RiskTier",
+  "reason"         TEXT NOT NULL,
+  "createdBy"      TEXT NOT NULL,
+  "createdAt"      TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "classification_overrides_projectId_fkey"
+    FOREIGN KEY ("projectId") REFERENCES "derwin"."projects"("id")
+    ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS "classification_overrides_projectId_classification_surface_idx"
+  ON "derwin"."classification_overrides" ("projectId", "classification", "surface");

package/prisma/migrations/20260507120100_sprint8_phase2_thresholds_and_freeze/migration.sql

@@ -0,0 +1,33 @@
+-- Sprint 8 Phase 2 (QAP-082..083) — Trust threshold config + freeze windows.
+--
+-- Phase 1 (20260507120000_sprint8_policy_governance) added PathTierRule,
+-- ClassificationOverride, and Project.defaultTier. Phase 2 layers on:
+--   1. Project.trustThresholds JSONB — per-tier minimum trustPercent for
+--      auto-fix dispatch. Null → use SDK defaults ({low:60, medium:80, high:95}).
+--   2. freeze_windows table — operator-defined recurring dispatch freeze
+--      windows. Cron-driven, 5-field, no seconds.
+--
+-- Idempotent (IF NOT EXISTS). Safe to re-run on environments where Phase 1
+-- already landed but Phase 2 didn't.
+
+-- 1. Project.trustThresholds — JSONB, nullable.
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "trustThresholds" JSONB;
+
+-- 2. FreezeWindow.
+CREATE TABLE IF NOT EXISTS "derwin"."freeze_windows" (
+  "id"              TEXT PRIMARY KEY,
+  "projectId"       TEXT NOT NULL,
+  "cronExpression"  TEXT NOT NULL,
+  "durationMinutes" INTEGER NOT NULL,
+  "label"           TEXT NOT NULL,
+  "blocksDispatch"  BOOLEAN NOT NULL DEFAULT TRUE,
+  "enabled"         BOOLEAN NOT NULL DEFAULT TRUE,
+  "createdAt"       TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "freeze_windows_projectId_fkey"
+    FOREIGN KEY ("projectId") REFERENCES "derwin"."projects"("id")
+    ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS "freeze_windows_projectId_enabled_idx"
+  ON "derwin"."freeze_windows" ("projectId", "enabled");

package/prisma/migrations/20260507120200_sprint8_phase3_budget_cap/migration.sql

@@ -0,0 +1,21 @@
+-- Sprint 8 Phase 3 (QAP-084) — Per-project budget cap + soft-warn pct.
+--
+-- Adds the budget-gate columns the BudgetGate contract reads:
+--   1. Project.monthlyBudgetUsd  — DOUBLE PRECISION, nullable. Null = NO_CAP.
+--   2. Project.budgetSoftWarnPct — DOUBLE PRECISION, default 0.8 (80%).
+--
+-- The dispatcher consults a BudgetGate before runFixCycle and refuses new
+-- auto-fix dispatches when month-to-date spend / monthlyBudgetUsd >= 1.0.
+-- Soft-warn (>= budgetSoftWarnPct, < 1.0) is observable but non-blocking;
+-- hard-stop (>= 1.0) blocks. NO_CAP (monthlyBudgetUsd IS NULL) is the
+-- pre-Phase-3 default and preserves legacy behavior for projects that have
+-- not opted into explicit USD caps.
+--
+-- Idempotent (IF NOT EXISTS). Safe to re-run on environments where Phase 1
+-- and Phase 2 have already landed but Phase 3 has not.
+
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "monthlyBudgetUsd" DOUBLE PRECISION;
+
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "budgetSoftWarnPct" DOUBLE PRECISION NOT NULL DEFAULT 0.8;

package/prisma/migrations/20260507120300_sprint8_phase4_kill_switches/migration.sql

@@ -0,0 +1,74 @@
+-- Sprint 8 Phase 4 (QAP-085 / QAP-086 / QAP-087) — Three kill switches.
+--
+-- Adds the schema the KillSwitchEvaluator contract reads/writes:
+--   1. Project.killSwitchConfig — JSONB, nullable. Per-project threshold
+--      overrides; null → use SDK defaults.
+--   2. KillSwitchType enum — three trigger discriminators.
+--   3. KillSwitchScope enum — three granularity discriminators.
+--   4. kill_switch_states table — history-preserving log of every trip.
+--
+-- The dispatcher consults a KillSwitchEvaluator before runFixCycle and
+-- refuses to dispatch when any matching engaged switch is present:
+--   - PROJECT or PLATFORM-scope switches block before ticket fetch.
+--   - CLASSIFICATION-scope switches block after ticket fetch when the
+--     ticket's classification + surface match the engaged switch's tuple.
+--
+-- History semantics: a new trip inserts a new row; an unblock flips
+-- engaged → false on the existing row; subsequent re-trips on the same
+-- tuple insert another row. This preserves the audit trail.
+--
+-- Idempotent (IF NOT EXISTS / DO ... EXCEPTION). Safe to re-run on
+-- environments where Phase 1 / Phase 2 / Phase 3 already landed but
+-- Phase 4 has not.
+
+-- 1. Project.killSwitchConfig — JSONB, nullable.
+ALTER TABLE "derwin"."projects"
+  ADD COLUMN IF NOT EXISTS "killSwitchConfig" JSONB;
+
+-- 2. KillSwitchType enum.
+DO $$ BEGIN
+  CREATE TYPE "derwin"."KillSwitchType" AS ENUM (
+    'SUCCESS_RATE_DROP',
+    'CONSECUTIVE_FAILURE',
+    'REGRESSION_CASCADE'
+  );
+EXCEPTION
+  WHEN duplicate_object THEN NULL;
+END $$;
+
+-- 3. KillSwitchScope enum.
+DO $$ BEGIN
+  CREATE TYPE "derwin"."KillSwitchScope" AS ENUM (
+    'CLASSIFICATION',
+    'PROJECT',
+    'PLATFORM'
+  );
+EXCEPTION
+  WHEN duplicate_object THEN NULL;
+END $$;
+
+-- 4. KillSwitchState table.
+CREATE TABLE IF NOT EXISTS "derwin"."kill_switch_states" (
+  "id"             TEXT PRIMARY KEY,
+  "projectId"      TEXT,
+  "classification" TEXT,
+  "surface"        TEXT,
+  "type"           "derwin"."KillSwitchType" NOT NULL,
+  "scope"          "derwin"."KillSwitchScope" NOT NULL,
+  "engaged"        BOOLEAN NOT NULL DEFAULT TRUE,
+  "engagedAt"      TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  "unblockedAt"    TIMESTAMP(3),
+  "unblockedBy"    TEXT,
+  "reason"         TEXT NOT NULL,
+  "triggerMetrics" JSONB NOT NULL,
+  "createdAt"      TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "kill_switch_states_projectId_fkey"
+    FOREIGN KEY ("projectId") REFERENCES "derwin"."projects"("id")
+    ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS "kill_switch_states_projectId_engaged_idx"
+  ON "derwin"."kill_switch_states" ("projectId", "engaged");
+
+CREATE INDEX IF NOT EXISTS "kill_switch_states_type_scope_engaged_idx"
+  ON "derwin"."kill_switch_states" ("type", "scope", "engaged");