From ea320a20877e1bd01ca09f24f83b5014c8a01a16 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 13 May 2026 21:14:43 +0800 Subject: [PATCH] db(awooop): add inbound truth-chain envelope columns --- ...inbound_truth_chain_columns_2026-05-13.sql | 21 +++++++++++++++++++ ...nd_truth_chain_columns_2026-05-13_down.sql | 6 ++++++ 2 files changed, 27 insertions(+) create mode 100644 apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13.sql create mode 100644 apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13_down.sql diff --git a/apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13.sql b/apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13.sql new file mode 100644 index 00000000..548515ea --- /dev/null +++ b/apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13.sql @@ -0,0 +1,21 @@ +-- AwoooP Phase 7 T15b: inbound event truth-chain columns +-- +-- Purpose: +-- Telegram cards are only the notification surface. Operators need a +-- redacted replay envelope for inbound alerts so Alertmanager, Sentry, and +-- SignOz events can be correlated with incidents, approvals, logs, and +-- automation decisions without storing raw secrets or PII. + +ALTER TABLE awooop_conversation_event + ADD COLUMN IF NOT EXISTS content_redacted TEXT, + ADD COLUMN IF NOT EXISTS redaction_version VARCHAR(32) NOT NULL DEFAULT 'audit_sink_v1', + ADD COLUMN IF NOT EXISTS source_envelope JSONB NOT NULL DEFAULT '{}'::jsonb; + +COMMENT ON COLUMN awooop_conversation_event.content_redacted IS + 'Full inbound event content after audit_sink redaction; raw unredacted payload text is not stored.'; + +COMMENT ON COLUMN awooop_conversation_event.redaction_version IS + 'Redaction algorithm/version used for content_redacted and source_envelope.'; + +COMMENT ON COLUMN awooop_conversation_event.source_envelope IS + 'Redacted source metadata for inbound replay/audit, including payload hash, provider, source refs, and log correlation hints.'; diff --git a/apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13_down.sql b/apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13_down.sql new file mode 100644 index 00000000..1341fffa --- /dev/null +++ b/apps/api/migrations/awooop_phase7_inbound_truth_chain_columns_2026-05-13_down.sql @@ -0,0 +1,6 @@ +-- Rollback for AwoooP Phase 7 T15b inbound truth-chain columns. +-- Safe only if no consumers depend on the redacted replay fields. + +ALTER TABLE awooop_conversation_event DROP COLUMN IF EXISTS source_envelope; +ALTER TABLE awooop_conversation_event DROP COLUMN IF EXISTS redaction_version; +ALTER TABLE awooop_conversation_event DROP COLUMN IF EXISTS content_redacted;