Re-run Phase A walkthrough against the seeded baseline (demo seeder
+ Keycloak ID pinning fix + person seeding). 14 slugs gain
screenshot-v2.png; 10 previously-skipped slugs are now reachable.
INDEX.md gains:
- A Phase A v2 run-metadata block alongside the original v1 metadata.
- Status upgrades for the 10 newly-reachable slugs (✗ → ✓ v2).
- 10 cross-check findings (Phase A v2 findings section) comparing
seeded evidence against the 7a.1 research doc — including the
two-revoke-paths divergence in confirm-modal copy, per-org Issue
Grant being plan-only, the empty-product-name interpolation defect
on revoke-and-transition, and the rules form supporting only
`limit` rules despite schema supporting boolean.
Adds a README.md documenting Phase A's overwrite-in-place contract
(non-LLM-keyed evidence reflecting current stack state).
Add a `seed-demo` subcommand (cmd/seed_demo.go + internal/demoseed/)
that inserts a fixed reference catalog into the member-console DB so
the operator panel has rows to walk through for UX research. Catalog:
6 demo-* products (4 by product_type + 2 extra plans), 1 plan ladder
with 3 tiers, 1 entitlement set with 2 rules (limit + boolean), and 1
grant on Alice's personal org (once she's logged in).
Person rows for bob/carlos/diana are seeded via provisioning.AutoProvision
keyed on the pinned Keycloak UUIDs — no longer fragile now that
seed-keycloak.sh's partialImport switch preserves the pinned id. Alice
is intentionally NOT pre-seeded so the lazy-creation OIDC flow stays
exercised on every fresh stack.
Idempotency: list+filter by `name` for catalog rows, by `oidc_subject`
for persons. Re-running is a no-op for created rows; warns + skips
the grant if alice hasn't logged in yet.
Host-side invocation only — run `./test/seed-demo.sh` after
bootstrap-stack.sh. Mirrors how member-console itself runs on the
host (config + secrets live under test/).
Two OpenSpec changes folded in: 2026-05-10-member-console-demo-seeder
(the seeder) and 2026-05-11-demo-seeder-persons (the persons follow-up
unlocked by the Keycloak fix).
Deterministic capture of the operator panel: per-slug evidence
(screenshots, console/network dumps, a11y and tab-order data) stored
under docs/operator-ux-walkthrough-evidence. Add Phase A task briefing
and update status files to mark 7a progress and note downstream issues
Add a fedwiki-render compose service and render.sh to resolve real
Keycloak user UUIDs and render .tpl templates into testdata on compose
up.
Convert hardcoded FedWiki testdata into templates, add seed-stack.sh
helper,
and update compose/env and .gitignore to run seeding before starting
fedwiki.
Add default_plan_ladder_id with a forward data migration and update
the runtime to resolve the ladder's rank-0 tier at use-time. Regenerate
sqlc, update auto-provisioning, ReapplyDefaultsForPool, operator UI and
tests; add GetTierByLadderRank and pool/provision query helpers. Add a
CSP-safe confirm-action modal and wire operator actions to it. Close
plan-sole-writer safety gaps and serialize IssueGrant with a FOR UPDATE
pool lock to prevent ladder races.
Introduce extends_grant_id on grants (models, CreateGrant param and
SQL), add
GetGrantLineage recursive query, and enforce same-org/immutability
guards via
migration triggers. Implement TransitionTarget.Extend with validation
and an
extend path that issues a chained grant + provision. Update docs, specs
and
tests accordingly.
Introduce operator enrollment partials and handlers that route plan-tier
granting and revocation through entitlements.Transition(). Add
member-facing
tier labels, plan architecture and grant-plan-safety documentation, plus
unit and e2e tests. Also add small querier helpers and wire Temporal
client
hooks for trial expiration scheduling.
Add ConnectPlain to open the DB without the custom search_path and
switch migration and CLI flows to run on that plain connection.
Wrap multi-statement goose migrations with StatementBegin/End to
ensure statements are executed atomically. Move Stripe price outbox
seeding into a dedicated stripe migration.
Drop redundant schema prefixes from all sqlc-generated Go types. Since
each module generates into its own package, the package already provides
the namespace — billing.Account is unambiguous without
billing.BillingAccount.
Changes:
- Add rename: blocks to all 6 sqlc.yaml files mapping schema-prefixed
names to clean idiomatic names (e.g. BillingBillingAccount → Account,
IdentityPerson → Person, OrganizationOrganization → Organization)
- Rename billing.billing_accounts → billing.accounts (table name
repeated
the schema; the schema already provides that context)
- Rename integration.integration_outbox → integration.outbox (same
reason)
- Regenerate all sqlc output across billing, identity, organization,
entitlements, stripe, and fedwiki modules
- Update all calling code (server, workflows, provisioning, tests) to
use
the new names
- Add internal/db/sqlc_schemas.sql — sqlc-only schema declarations so
every module can resolve schema-qualified names without including the
full db migrations
- Update docs/database-management.md with the naming convention and
standard sqlc.yaml template
Convention going forward: table names must not repeat the schema name;
generated types carry no schema prefix; the Go package provides the
namespace (like http.Request, not http.HttpRequest).
Add entitlement_sets and entitlement_set_rules with seed data and a
migration that backfills products, grants, and pool_provisions, then
removes product_entitlement_rules. Update Go models, sqlc queries,
materialization, and grant/provision flows to use entitlement_set_id.
Fix assembleMigrations to assign stable per-module numeric namespaces.
Move DB docs to docs/database-management.md and add design/specs/tests.
