chore(schema): canonical remediation — chitty_id, P/L/T/E/A, entities registry, R2 ACL

[chitcommit]

Summary

Greenfield canonical schema for Neon project steep-cloud-28172078. The database was empty pre-migration (confirmed via get_database_tables → []), so no production data preservation needed. Stacked on feat/hono-migration-phase-1 since canonical docs (CHARTER/CHITTY/register.json) and the Worker skeleton live there — merging to main direct would conflict.

• 3 migrations in drizzle/ establishing the canonical baseline: chitty_id varchar UNIQUE on every entity table, timestamptz created_at/updated_at with shared set_updated_at trigger, soft-delete deleted_at, GIN indexes on JSONB, and the entities registry with entity_type enum containing ALL FIVE P/L/T/E/A values.
• shared/schema.ts rewritten to mirror DDL with // @canon: chittycanon://gov/governance#core-types annotations on every entity_type-bearing table.
• Phase 3 plan documented (docs/migrations/phase3-users-chittyid-migration.md) — 5-step backward-compatible promotion of users.chitty_id to PK. Not executed in this PR.

Entity-type assignments (annotated per table)

Table	Type	Rationale
users	P	Natural actor with agency (canonical rule: actors are always Person, never Thing)
assets	T	Object without agency — the central ChittyAssets artifact
evidence	T	Document/artifact attached to an asset
timeline_events	E	Append-only occurrence in time
warranties	T	Contract-as-artifact (the document); coverage events go in timeline_events
insurance_policies	T	Policy document as artifact; claims go in timeline_events
legal_cases	E	Proceeding with docket/status progression
ai_analysis_results	E	Analysis run in time, append-only

sessions (legacy Replit Auth) and r2_object_acl (operational metadata) are not canonical entities and correctly lack chitty_id.

Soft references

Per-service tables do NOT FK to the entities registry. The registry is populated by app-layer triggers / batch reconciliation. Schema authority remains per-table.

Validation evidence (Neon preview branch br-spring-star-aky6u1mc)

All 63 DDL statements executed cleanly via run_sql_transaction. Read-back queries on the preview branch confirm:

• 11 tables present: ai_analysis_results, assets, entities, evidence, insurance_policies, legal_cases, r2_object_acl, sessions, timeline_events, users, warranties
• Every entity table has chitty_id UNIQUE + created_at timestamptz
• entity_type enum values = {P, L, T, E, A} — all five canonical types, A not omitted
• npm run check: zero errors in shared/schema.ts (pre-existing errors in legacy server/chittyCore.ts, server/chittyEcosystem.ts, client/__tests__/* are unrelated to this PR)

Test plan

• Neon GitHub integration auto-spawns preview branch on this PR
• Run npm run db:push against preview DATABASE_URL to confirm Drizzle reconciliation against DDL is a no-op
• Verify entity_type enum on preview is {P,L,T,E,A} exactly
• Confirm zero shared/schema.ts errors in npm run check
• After merge of feat/hono-migration-phase-1 → main, re-target this PR to main if needed

Out of scope

• Phase 3 users.id uuid → chitty_id PK migration (documented in docs/migrations/phase3-users-chittyid-migration.md)
• Rewriting legacy mock-based integration tests (global rule: pre-existing mocked tests may remain untouched)
• Fixing pre-existing typecheck errors in server/chittyCore.ts etc.

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4584f6ab-f275-488d-96c1-bf017ecab970

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/schema-canonical-remediation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7010f01fef

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Mirror ACL uniqueness in Drizzle schema

The new r2_object_acl table is missing the composite uniqueness constraint that exists in drizzle/0003_r2_object_acl.sql (UNIQUE (bucket, object_key, principal_chitty_id, permission)). Because this repo’s normal workflow uses npm run db:push from shared/schema.ts, environments bootstrapped from schema (or reconciled by push) can end up without that guard and accept duplicate grants for the same principal/object/permission tuple, which can make permission resolution ambiguous and break idempotent grant logic.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Define assets user_id index in schema source of truth

drizzle/0001_init.sql adds idx_assets_user_id, but shared/schema.ts does not define an index for assets.user_id; since this project deploys schema changes via drizzle-kit push (from shared/schema.ts), that index will not be created (or can be removed on reconciliation), causing user-scoped asset reads (getAsset, getUserAssets, getAssetStats) to degrade into increasingly expensive scans as asset volume grows.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Preserve evidence lookup indexes in Drizzle schema

The SQL migration creates idx_evidence_asset_id and idx_evidence_user_id, but shared/schema.ts does not declare either index for evidence; with drizzle-kit push using the schema file as source of truth, environments can miss these indexes and turn /api/assets/:assetId/evidence and per-user evidence reads into table scans as evidence volume increases.

Useful? React with 👍 / 👎.