db(awooop): add inbound truth-chain envelope columns

apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13.sql

@@ -0,0 +1,21 @@
+-- AwoooP Phase 7 T15b: inbound event truth-chain columns
+--
+-- Purpose:
+--   Telegram cards are only the notification surface. Operators need a
+--   redacted replay envelope for inbound alerts so Alertmanager, Sentry, and
+--   SignOz events can be correlated with incidents, approvals, logs, and
+--   automation decisions without storing raw secrets or PII.
+
+ALTER TABLE awooop_conversation_event
+    ADD COLUMN IF NOT EXISTS content_redacted TEXT,
+    ADD COLUMN IF NOT EXISTS redaction_version VARCHAR(32) NOT NULL DEFAULT 'audit_sink_v1',
+    ADD COLUMN IF NOT EXISTS source_envelope JSONB NOT NULL DEFAULT '{}'::jsonb;
+
+COMMENT ON COLUMN awooop_conversation_event.content_redacted IS
+    'Full inbound event content after audit_sink redaction; raw unredacted payload text is not stored.';
+
+COMMENT ON COLUMN awooop_conversation_event.redaction_version IS
+    'Redaction algorithm/version used for content_redacted and source_envelope.';
+
+COMMENT ON COLUMN awooop_conversation_event.source_envelope IS
+    'Redacted source metadata for inbound replay/audit, including payload hash, provider, source refs, and log correlation hints.';

apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13_down.sql

@@ -0,0 +1,6 @@
+-- Rollback for AwoooP Phase 7 T15b inbound truth-chain columns.
+-- Safe only if no consumers depend on the redacted replay fields.
+
+ALTER TABLE awooop_conversation_event DROP COLUMN IF EXISTS source_envelope;
+ALTER TABLE awooop_conversation_event DROP COLUMN IF EXISTS redaction_version;
+ALTER TABLE awooop_conversation_event DROP COLUMN IF EXISTS content_redacted;