{"ok":true,"checkedAt":"2026-06-02T19:08:24.390Z","contractVersion":"background-rls-audit-v0.1-2026-05","purpose":"Executable schema audit for background-networking row-level security and sensitive free-text storage boundaries.","validation":{"blockers":[],"checks":[{"evidence":"wish_profiles, wish_entries, profile_sources, source_connections, background_source_summaries, background_profile_signals, background_shadow_runs, background_profile_interview_answers, profile_syntheses, background_intent_claims, saved_searches, match_suggestions, match_consents, wish_notifications, match_explanation_snapshots, background_opportunity_briefs, background_match_feedback, background_intro_packets, background_grant_receipts, background_query_events, background_notification_preferences, profile_data_right_requests, match_reports, personal_delegates, helper_strategies, helper_runs, match_introduction_plans, match_introduction_tasks, privacy_grants, privacy_access_requests, match_concierge_requests, match_concierge_events, risk_signals, match_audit_events, background_collective_policies, background_mute_rules","id":"table-coverage","label":"Private, participant-linked, operator-review, helper, notification, and audit tables are covered","status":"pass"},{"evidence":"wish_profiles, wish_entries, profile_sources, source_connections, background_source_summaries, background_profile_interview_answers, profile_syntheses","id":"sensitive-storage-coverage","label":"Sensitive wish, source, connector, and synthesis text has ciphertext/version requirements","status":"pass"},{"evidence":"wish_profiles:true, wish_entries:true, profile_sources:true, source_connections:true, background_source_summaries:true, background_profile_signals:true, background_shadow_runs:true, background_profile_interview_answers:true, profile_syntheses:true, background_intent_claims:true, saved_searches:true, match_suggestions:true, match_consents:true, wish_notifications:true, match_explanation_snapshots:true, background_opportunity_briefs:true, background_match_feedback:true, background_intro_packets:true, background_grant_receipts:true, background_query_events:true, background_notification_preferences:true, profile_data_right_requests:true, match_reports:true, personal_delegates:true, helper_strategies:true, helper_runs:true, match_introduction_plans:true, match_introduction_tasks:true, privacy_grants:true, privacy_access_requests:true, match_concierge_requests:true, match_concierge_events:true, risk_signals:true, match_audit_events:true, background_collective_policies:true, background_mute_rules:true","id":"no-anon-private-policies","label":"Background private table requirements disallow anonymous table policies","status":"pass"},{"evidence":"match_suggestions:4, match_consents:2, background_opportunity_briefs:1, background_match_feedback:2, background_intro_packets:3, match_introduction_plans:3, match_introduction_tasks:1, background_mute_rules:1","id":"participant-helper-boundary","label":"Participant-linked match tables require participant helper checks","status":"pass"},{"evidence":"background_rls_audit_contract_smoke, background_rls_audit_schema_smoke, background_rls_audit_missing_rls_regression, background_rls_audit_sensitive_storage_regression, background_rls_audit_public_route_smoke","id":"schema-regression-tests","label":"Contract names executable schema regression tests","status":"pass"}],"contractVersion":"background-rls-audit-v0.1-2026-05","status":"pass","validatorName":"background-rls-audit-contract","validatorVersion":"background-rls-audit-validator-v0.1"},"publicContract":{"invariants":["Every private or participant-linked background-networking table must enable row-level security.","Private wishes, source summaries, saved searches, grants, notifications, helper records, and audit events must not define anonymous table policies.","Participant-visible match tables must use participant helper checks rather than public reads.","Sensitive free-text storage must provide ciphertext and encryption-version columns so application-level field encryption can fail closed.","The broad preview surface remains separated from private tables through wish_profile_previews and participant-safe match previews."],"tableRequirements":[{"table":"wish_profiles","category":"private_profile","minimumPolicyCount":3,"requiredPolicies":["wish_profiles_select_own","wish_profiles_insert_own","wish_profiles_update_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Private wish profiles must remain owner-scoped and never publicly readable."},{"table":"wish_entries","category":"private_profile","minimumPolicyCount":4,"requiredPolicies":["wish_entries_select_own_or_preview","wish_entries_insert_own","wish_entries_update_own","wish_entries_delete_own"],"requiredFragments":["profile_id = (select auth.uid())","visibility = 'preview'","public.wish_profile_is_previewable(profile_id)"],"disallowAnonPolicies":true,"rationale":"Wish entries may expose only preview-safe rows to signed-in viewers while private bodies stay owner-scoped."},{"table":"profile_sources","category":"private_source","minimumPolicyCount":4,"requiredPolicies":["profile_sources_select_own","profile_sources_insert_own","profile_sources_update_own","profile_sources_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Manual source notes and captured summaries are private owner-scoped records."},{"table":"source_connections","category":"private_source","minimumPolicyCount":4,"requiredPolicies":["source_connections_select_own","source_connections_insert_own","source_connections_update_own","source_connections_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"External source connector permissions are revocable, profile-owned consent records."},{"table":"background_source_summaries","category":"private_source","minimumPolicyCount":4,"requiredPolicies":["background_source_summaries_select_own","background_source_summaries_insert_own","background_source_summaries_update_own","background_source_summaries_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Reviewed source summaries are user-approved summaries, not raw ingestion, and remain owner-scoped."},{"table":"background_profile_signals","category":"private_source","minimumPolicyCount":4,"requiredPolicies":["background_profile_signals_select_own","background_profile_signals_insert_own","background_profile_signals_update_own","background_profile_signals_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Approved profile signals are derived from reviewed summaries and must stop at owner-scoped matching inputs."},{"table":"background_shadow_runs","category":"private_source","minimumPolicyCount":4,"requiredPolicies":["background_shadow_runs_select_own","background_shadow_runs_insert_own","background_shadow_runs_update_own","background_shadow_runs_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Shadow source-assist runs may retain redacted draft output only and must remain owner-scoped."},{"table":"background_profile_interview_answers","category":"private_profile","minimumPolicyCount":4,"requiredPolicies":["background_profile_interview_answers_select_own","background_profile_interview_answers_insert_own","background_profile_interview_answers_update_own","background_profile_interview_answers_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Structured elicitation answers may contain private intent and must stay profile-owned."},{"table":"profile_syntheses","category":"private_profile","minimumPolicyCount":3,"requiredPolicies":["profile_syntheses_select_own","profile_syntheses_insert_own","profile_syntheses_update_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Deterministic synthesis rows may contain sensitive summaries and must be owner-scoped."},{"table":"background_intent_claims","category":"private_profile","minimumPolicyCount":4,"requiredPolicies":["background_intent_claims_select_own","background_intent_claims_insert_own","background_intent_claims_update_own","background_intent_claims_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Intent claims summarize what deterministic matching thinks the user wants and must remain owner-scoped."},{"table":"saved_searches","category":"delegate_helper","minimumPolicyCount":4,"requiredPolicies":["saved_searches_select_own","saved_searches_insert_own","saved_searches_update_own","saved_searches_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Saved searches are private owner-owned query preferences."},{"table":"match_suggestions","category":"participant_match","minimumPolicyCount":3,"requiredPolicies":["match_suggestions_select_participants","match_suggestions_insert_participants","match_suggestions_update_participants"],"requiredFragments":["public.viewer_can_see_match_identity(id)","public.viewer_participates_in_match(id)","status = 'dismissed'","identity_revealed = false"],"disallowAnonPolicies":true,"rationale":"Match suggestions are participant-visible only through match identity helpers and limited dismiss updates."},{"table":"match_consents","category":"participant_match","minimumPolicyCount":3,"requiredPolicies":["match_consents_select_match_participants","match_consents_insert_own","match_consents_update_own"],"requiredFragments":["profile_id = (select auth.uid())","public.viewer_participates_in_match(match_id)"],"disallowAnonPolicies":true,"rationale":"Match consent records belong to match participants only."},{"table":"wish_notifications","category":"notification","minimumPolicyCount":3,"requiredPolicies":["wish_notifications_select_own","wish_notifications_insert_relevant","wish_notifications_update_own"],"requiredFragments":["profile_id = (select auth.uid())","public.viewer_participates_in_match(match_id)","public.profile_participates_in_match(match_id, profile_id)"],"disallowAnonPolicies":true,"rationale":"Wish notifications are recipient-owned and may only be inserted for relevant matches."},{"table":"match_explanation_snapshots","category":"audit_event","minimumPolicyCount":2,"requiredPolicies":["match_explanation_snapshots_select_own","match_explanation_snapshots_insert_own"],"requiredFragments":["profile_id = (select auth.uid())","public.viewer_participates_in_match(match_id)"],"disallowAnonPolicies":true,"rationale":"Match explanation snapshots expose redacted provenance only to the owning participant."},{"table":"background_opportunity_briefs","category":"participant_match","minimumPolicyCount":4,"requiredPolicies":["background_opportunity_briefs_select_own","background_opportunity_briefs_insert_own","background_opportunity_briefs_update_own","background_opportunity_briefs_delete_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Opportunity briefs are actionable but still profile-owned broad-preview records."},{"table":"background_match_feedback","category":"participant_match","minimumPolicyCount":3,"requiredPolicies":["background_match_feedback_select_own","background_match_feedback_insert_own","background_match_feedback_update_own"],"requiredFragments":["profile_id = (select auth.uid())","background_opportunity_briefs.profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Opportunity feedback records private relevance judgments and must stay owner-scoped."},{"table":"background_intro_packets","category":"participant_match","minimumPolicyCount":3,"requiredPolicies":["background_intro_packets_select_relevant","background_intro_packets_insert_requester","background_intro_packets_update_relevant"],"requiredFragments":["requester_profile_id = (select auth.uid())","counterparty_profile_id = (select auth.uid())","public.profile_participates_in_match(match_id, (select auth.uid()))"],"disallowAnonPolicies":true,"rationale":"Intro packets are visible only to requester and counterparty before operator review."},{"table":"background_grant_receipts","category":"privacy_grant","minimumPolicyCount":3,"requiredPolicies":["background_grant_receipts_select_relevant","background_grant_receipts_insert_own","background_grant_receipts_update_own"],"requiredFragments":["profile_id = (select auth.uid())","counterparty_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Grant receipts summarize consent scope and must remain visible only to relevant participants."},{"table":"background_query_events","category":"audit_event","minimumPolicyCount":2,"requiredPolicies":["background_query_events_select_own","background_query_events_insert_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Background query events are owner-scoped anti-enumeration telemetry."},{"table":"background_notification_preferences","category":"notification","minimumPolicyCount":3,"requiredPolicies":["background_notification_preferences_select_own","background_notification_preferences_insert_own","background_notification_preferences_update_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Background notification preferences are private owner-owned channel choices."},{"table":"profile_data_right_requests","category":"private_profile","minimumPolicyCount":3,"requiredPolicies":["profile_data_right_requests_select_own","profile_data_right_requests_insert_own","profile_data_right_requests_update_own_open"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Data-right requests may expose deletion/export status only to the requester."},{"table":"match_reports","category":"operator_review","minimumPolicyCount":2,"requiredPolicies":["match_reports_select_own","match_reports_insert_own_participant"],"requiredFragments":["reporter_profile_id = (select auth.uid())","public.viewer_participates_in_match(match_id)"],"disallowAnonPolicies":true,"rationale":"Match reports are submitted by participants and visible only to their reporter in-app."},{"table":"personal_delegates","category":"delegate_helper","minimumPolicyCount":3,"requiredPolicies":["personal_delegates_select_own","personal_delegates_insert_own","personal_delegates_update_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Personal delegates are owner-scoped helper preferences."},{"table":"helper_strategies","category":"delegate_helper","minimumPolicyCount":3,"requiredPolicies":["helper_strategies_select_own","helper_strategies_insert_own","helper_strategies_update_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Helper strategies are owner-scoped scan configuration."},{"table":"helper_runs","category":"delegate_helper","minimumPolicyCount":2,"requiredPolicies":["helper_runs_select_own","helper_runs_insert_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Helper runs are owner-scoped execution records."},{"table":"match_introduction_plans","category":"participant_match","minimumPolicyCount":3,"requiredPolicies":["match_introduction_plans_select_participants","match_introduction_plans_insert_participants","match_introduction_plans_update_own"],"requiredFragments":["profile_id = (select auth.uid())","counterparty_id = (select auth.uid())","public.viewer_participates_in_match(match_id)"],"disallowAnonPolicies":true,"rationale":"Introduction plans are visible only to the two match participants."},{"table":"match_introduction_tasks","category":"participant_match","minimumPolicyCount":2,"requiredPolicies":["match_introduction_tasks_select_own","match_introduction_tasks_update_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Introduction tasks are scoped to the owning participant."},{"table":"privacy_grants","category":"privacy_grant","minimumPolicyCount":3,"requiredPolicies":["privacy_grants_select_relevant","privacy_grants_insert_own","privacy_grants_update_own"],"requiredFragments":["profile_id = (select auth.uid())","counterparty_id = (select auth.uid())","status = 'granted'"],"disallowAnonPolicies":true,"rationale":"Privacy grants may be read by owners or granted counterparties and changed only by owners."},{"table":"privacy_access_requests","category":"privacy_grant","minimumPolicyCount":3,"requiredPolicies":["privacy_access_requests_select_relevant","privacy_access_requests_insert_requester","privacy_access_requests_update_relevant"],"requiredFragments":["owner_profile_id = (select auth.uid())","requester_profile_id = (select auth.uid())","public.profile_participates_in_match(match_id, (select auth.uid()))"],"disallowAnonPolicies":true,"rationale":"Privacy access requests are visible only to the requester and grant owner."},{"table":"match_concierge_requests","category":"operator_review","minimumPolicyCount":3,"requiredPolicies":["match_concierge_requests_select_relevant","match_concierge_requests_insert_requester","match_concierge_requests_update_requester_open"],"requiredFragments":["requester_profile_id = (select auth.uid())","target_profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Concierge requests are visible to the requester and target participant only."},{"table":"match_concierge_events","category":"operator_review","minimumPolicyCount":1,"requiredPolicies":["match_concierge_events_select_relevant"],"requiredFragments":["public.match_concierge_requests","requester_profile_id = (select auth.uid())","target_profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Concierge events inherit requester/target visibility from their concierge request."},{"table":"risk_signals","category":"operator_review","minimumPolicyCount":2,"requiredPolicies":["risk_signals_select_relevant","risk_signals_insert_relevant"],"requiredFragments":["profile_id = (select auth.uid())","public.viewer_participates_in_match(match_id)"],"disallowAnonPolicies":true,"rationale":"Risk signals are participant-relevant redacted safety records, not public search data."},{"table":"match_audit_events","category":"audit_event","minimumPolicyCount":2,"requiredPolicies":["match_audit_events_select_participants","match_audit_events_insert_participants"],"requiredFragments":["actor_profile_id = (select auth.uid())","public.viewer_participates_in_match(match_id)"],"disallowAnonPolicies":true,"rationale":"Match audit events expose only participant-relevant redacted audit records."},{"table":"background_collective_policies","category":"privacy_grant","minimumPolicyCount":3,"requiredPolicies":["background_collective_policies_select_accessible","background_collective_policies_insert_accessible","background_collective_policies_update_accessible"],"requiredFragments":["public.viewer_can_access_collective(collective_id)"],"disallowAnonPolicies":true,"rationale":"Collective policies set approval and disclosure defaults for accessible collective principals."},{"table":"background_mute_rules","category":"participant_match","minimumPolicyCount":3,"requiredPolicies":["background_mute_rules_select_own","background_mute_rules_insert_own","background_mute_rules_update_own"],"requiredFragments":["profile_id = (select auth.uid())"],"disallowAnonPolicies":true,"rationale":"Mute rules are private preferences for suppressing low-value opportunity briefs."}],"sensitiveStorageRequirements":[{"columns":[{"name":"sensitive_ciphertexts","typeFragment":"jsonb"},{"name":"sensitive_encryption_version","typeFragment":"text"}],"rationale":"Exact wish capabilities, constraints, verification notes, uncertainty, and brokerage notes must have encrypted storage slots.","table":"wish_profiles"},{"columns":[{"name":"body_ciphertext","typeFragment":"text"},{"name":"body_encryption_version","typeFragment":"text"}],"rationale":"Private wish-entry body text must have ciphertext and version columns.","table":"wish_entries"},{"columns":[{"name":"sensitive_ciphertexts","typeFragment":"jsonb"},{"name":"sensitive_encryption_version","typeFragment":"text"}],"rationale":"Manual source notes and excerpts must have encrypted storage slots.","table":"profile_sources"},{"columns":[{"name":"sensitive_ciphertexts","typeFragment":"jsonb"},{"name":"sensitive_encryption_version","typeFragment":"text"}],"rationale":"Source connector consent notes and summaries must have encrypted storage slots.","table":"source_connections"},{"columns":[{"name":"sensitive_ciphertexts","typeFragment":"jsonb"},{"name":"sensitive_encryption_version","typeFragment":"text"}],"rationale":"Reviewed source-summary text and purpose details must have encrypted storage slots.","table":"background_source_summaries"},{"columns":[{"name":"sensitive_ciphertexts","typeFragment":"jsonb"},{"name":"sensitive_encryption_version","typeFragment":"text"}],"rationale":"Structured interview answers and private intent updates must have encrypted storage slots.","table":"background_profile_interview_answers"},{"columns":[{"name":"sensitive_ciphertexts","typeFragment":"jsonb"},{"name":"sensitive_encryption_version","typeFragment":"text"}],"rationale":"Profile synthesis summaries must have encrypted storage slots.","table":"profile_syntheses"}],"schemaAuditMode":"repository_test","schemaAuditTest":"background_rls_audit_schema_smoke","contractTests":["background_rls_audit_contract_smoke","background_rls_audit_schema_smoke","background_rls_audit_missing_rls_regression","background_rls_audit_sensitive_storage_regression","background_rls_audit_public_route_smoke"]},"blockers":[]}