Production adapter setup
Integration Console
Control the local DB/auth-ready contracts, provider modes and production cutover checklist from one operational settings surface.
Scenario contract
ScenarioStore.v1
The API shape is stable for a future DB adapter.
Role actors
5
Demo users map to future RBAC claims.
Provider modes
6
Mock/local providers expose production targets.
Preflight
1/5
Snapshot migration readiness before real DB/auth cutover.
Cutover steps
0/6
Completed gates versus infrastructure tasks.
Connection
0/4
Redacted endpoint readiness for the selected adapter.
Integration Readiness Copilot
2/9 integration gates are ready for db-auth-session-adapter.
Recommended integration action
Record adapter connection evidence
Connection checks show 0/4; record the redacted endpoint packet before dry-run.
Provider contracts
6 local-to-production provider contracts are visible.
Session adapter
ScenarioStore.v1 runs with mock-auth-header for the local demo contract.
Migration preflight
Preflight is 1/5 with snapshot checksum bfg-eba94650.
Migration runbook
Runbook is 1/6 with decision BLOCKED_PENDING_PREFLIGHT.
Release handoff
Release is 3/5 with decision BLOCKED_PENDING_DRY_RUN.
Rollback drill
Rollback is 0/4 with decision BLOCKED_PENDING_DRY_RUN.
Integration blocker checklist
Production readiness decision
Infrastructure decision prompt
db-auth-session-adapter is selected for rehearsal, but BLOCKED_PENDING_DRY_RUN keeps real DB/auth cutover blocked until infrastructure owners choose the live provider.
Decision needed
Choose the real DB/auth provider before wiring production
Release gates show 3/5; data cutover remains 0/5. Keep demo evidence open, but do not claim production readiness.
Selected adapter target
db-auth-session-adapter
The target is ready for local replay, not live production traffic.
Auth/RBAC owner
OIDC/RBAC
OIDC, roles and secret handling need owner confirmation before code wiring.
Go/no-go decision
BLOCKED_PENDING_DRY_RUN
Local demo can proceed while production remains blocked.
Provider selection acceptance
Provider selection acceptance stub
Anna Kowalska must accept db-auth-session-adapter before live DB/auth wiring starts; BLOCKED_PENDING_DRY_RUN remains the only allowed production decision.
Live DB/auth provider
db-auth-session-adapter
Anna Kowalska must select the real provider contract for db-auth-session-adapter.
Auth/RBAC owner
OIDC/RBAC
Anna Kowalska must confirm roles, claims and secret handling before live users are connected.
Tenant and secrets boundary
single-tenant-local
db-auth-session-adapter remains blocked until tenant isolation and managed secrets are accepted.
Live wiring go/no-go
BLOCKED_PENDING_DRY_RUN
BLOCKED_PENDING_DRY_RUN stays locked until provider, auth and rollback owners sign off.
Infrastructure selection decision
ProductionInfrastructureDecision.v1 blocker
Anna Kowalska must choose hosting, region, runtime ownership and secrets/backup boundaries for db-auth-session-adapter; BLOCKED_PENDING_DRY_RUN stays locked until this decision exists.
Hosting provider and account
db-auth-session-adapter
Anna Kowalska must select the live hosting account/provider before db-auth-session-adapter receives production traffic.
Anna Kowalska owns this infrastructure decision before real DB/auth wiring.
Region and data residency
EU region pending
EU region, data residency and backup locality must be confirmed before live DB/auth wiring.
Anna Kowalska owns this infrastructure decision before real DB/auth wiring.
Runtime operations owner
Managed runtime pending
On-call, deploy, monitoring and incident owner must be named for db-auth-session-adapter.
Anna Kowalska owns this infrastructure decision before real DB/auth wiring.
Secrets and backup boundary
Secrets/backup pending
Managed secrets, backup/RPO and restore owner must be accepted before BLOCKED_PENDING_DRY_RUN can change.
Anna Kowalska owns this infrastructure decision before real DB/auth wiring.
Reviewer proof path
Use these routes to show the blocker, evidence and audit trail without pretending live infrastructure exists.
Guarded DB/auth wiring
ProductionDbAuthAdapterWiring.v1 preflight
Local contract wiring for db-auth-session-adapter can start after infrastructure acceptance (0/4); production traffic remains disabled until live credentials are supplied.
Infrastructure acceptance
Requires accepted hosting, EU region, runtime owner and secrets/backup ownership for db-auth-session-adapter.
db-auth-session-adapter.infrastructureAcceptance
Endpoint contract
Uses the redacted adapter endpoint contract without opening a live external connection.
db-auth-session-adapter.endpointContract
Tenant context
Maps organization and tenant claims before any live database write is allowed.
db-auth-session-adapter.tenantContext
OIDC/RBAC claims
Prepares role claims for MD, dispatcher, accountant, driver and client scopes.
db-auth-session-adapter.oidcRbacClaims
RLS policy draft
Confirms the tenant-scoped RLS policy plan is ready for migration review.
db-auth-session-adapter.rlsPolicyDraft
Secrets and backup boundary
Keeps secrets, backup/RPO and restore ownership tied to the accepted infrastructure decision.
db-auth-session-adapter.secretsBackupBoundary
Live credentials
Blocked until a human supplies reviewed provider credentials outside the local demo workspace.
db-auth-session-adapter.liveCredentials
Production traffic stays disabled
Decision=BLOCKED_PENDING_INFRASTRUCTURE_OR_CREDENTIALS; traffic=production_traffic_disabled. Live credentials and secrets are not present in the MVP workspace.
Preflight not run; infrastructure status: blocked.
Provider contracts
Mock-first providers with production targets
Every external dependency has a local mode for the MVP and a named production replacement path.
Scenario store
Persists the demo scenario today and defines the future database session contract.
Current mode
file-local
Target mode
Postgres/RLS
Auth and RBAC
Role headers drive the MVP while preserving user, tenant and permission boundaries.
Current mode
mock-auth-header
Target mode
OIDC/RBAC
Document intelligence
Local OCR outputs are shaped like production extraction responses.
Current mode
local-ocr
Target mode
Document AI
KSeF e-invoice
Mock invoice packages keep the finance flow ready for a regulated API.
Current mode
mock-ksef
Target mode
KSeF API
Maps and ETA
Local ETA logic can be swapped for a live maps and traffic provider.
Current mode
local-eta
Target mode
Maps/ETA API
Driver offline sync
Service worker and trip cache define the future background-sync boundary.
Current mode
service-worker
Target mode
Background sync
Live session
Current adapter state
Storage adapter
file-local
Auth mode
mock-auth-header
Tenant mode
single-tenant-local
Last write
Not written yet
RBAC map
Role-scoped actors
The same actor ids and permissions are sent through scenario API headers and can become auth claims later.
Anna Kowalska
user_md_anna ยท BFG Control
Marek Zielinski
user_dispatcher_marek ยท Dispatch desk
Olena Shevchenko
user_accountant_olena ยท Finance
Petro Tarasenko
driver_tarasenko ยท BFG Driver
Lviv Farma Distribution
cp_client_lviv_farma ยท Client Portal
Production cutover
DB/auth migration checklist
Accept each owner-led cutover rehearsal so the local DB/auth checklist becomes audit evidence.
Contracts frozen
Scenario envelope, actor headers and metadata fields are covered by smoke tests.
Owner: Anna Kowalska ยท Managing Director
Role headers mapped
Managing Director, Dispatcher, Accountant, Driver and Client contexts are visible.
Owner: Marek Zielinski ยท Dispatcher
Scenario store rehearsal
Confirm the file-local adapter payload is ready for DB replay.
Owner: Marek Zielinski ยท Dispatcher
Database schema
Create tenant, user, permission and scenario-state tables for the production adapter.
Owner: Olena Shevchenko ยท Accountant
Secrets and auth
Wire the selected OIDC/RBAC provider without adding paid-key requirements to the MVP.
Owner: Olena Shevchenko ยท Accountant
Migration and rollback
Backfill local demo state into the DB adapter and keep a rollback path for demos.
Owner: Anna Kowalska ยท Managing Director
Adapter decision board
Production adapter decision board
Track the exact DB/auth adapter choice, environment readiness, secrets, schema, migration, rollback and release approvals before production cutover.
Adapter selection status
db-auth-session-adapter
Staging target is explicitly selected while the local MVP keeps the file adapter for demos.
Owner
Anna Kowalska
Managing Director
Evidence
Target locked
Environment readiness
Staging to production
Contracts and replayable Scenario Store payload must be accepted before the DB/auth environment opens.
Owner
Marek Zielinski
Dispatcher
Evidence
0/2 checks accepted
Secrets and RBAC owner
OIDC/RBAC handoff
Role headers and secret handling must both be accepted before real user auth is wired.
Owner
Olena Shevchenko
Accountant
Evidence
0/2 checks accepted
Schema and RLS
Postgres/RLS
Tenant, user, permission and scenario-state tables need owner acceptance before adapter migration.
Owner
Olena Shevchenko
Accountant
Evidence
0/1 checks accepted
Migration dry-run
Seed backfill rehearsal
The local demo state needs a dry-run path into the DB adapter before reviewer cutover.
Owner
Anna Kowalska
Managing Director
Evidence
0/1 checks accepted
Rollback window
File-local fallback
Keep the file-local adapter ready until migration and replay evidence are accepted together.
Owner
Anna Kowalska
Managing Director
Evidence
0/2 checks accepted
Release owner approvals
6 owner checks
All owner-led cutover rehearsals must be accepted before production release sign-off.
Owner
Anna Kowalska
Managing Director
Evidence
0/6 checks accepted
Migration runbook
Production migration runbook
Portable SQL/RLS outline and operator checklist for replaying the current ScenarioStore snapshot into the selected DB/auth adapter without live secrets.
Freeze snapshot
0 / bfg-feb1d61b
Carry BFGScenarioSnapshot.v1 rows and checksum into the migration packet.
Schema and RLS
0/6
Tenant, user, snapshot and audit tables are mapped for the selected adapter.
Actor claims
5
Demo actors and permissions become future DB/auth claims.
Adapter replay
0/4 + 0/5
Connection and dry-run evidence prove the target can replay the payload.
Checksum verification
1/5
Preflight readiness and checksum close the migration verification loop.
Rollback seal
BLOCKED_PENDING_DRY_RUN
Release and rollback decisions remain bound to the local fallback adapter.
ProductionAdapterMigrationRunbook.v1 SQL Outline
ProductionAdapterMigrationRunbook.v1 targets db-auth-session-adapter with checksum bfg-feb1d61b; keep it as a reviewer-safe migration rehearsal outline until real infrastructure is connected.
-- ProductionAdapterMigrationRunbook.v1
-- source=BFGScenarioSnapshot.v1
-- target=db-auth-session-adapter
-- session=grant-demo-local
-- checksum=bfg-feb1d61b
-- rows=0
-- runbook_decision=BLOCKED_PENDING_PREFLIGHT
create schema if not exists bfg_flowcontrol;
create table if not exists bfg_flowcontrol.tenants (
tenant_id text primary key,
name text not null,
created_at timestamptz not null default now()
);
create table if not exists bfg_flowcontrol.users (
user_id text primary key,
tenant_id text not null references bfg_flowcontrol.tenants(tenant_id),
role_key text not null,
display_name text not null,
permissions text[] not null default '{}'
);
create table if not exists bfg_flowcontrol.scenario_snapshots (
snapshot_id text primary key,
tenant_id text not null references bfg_flowcontrol.tenants(tenant_id),
checksum text not null,
schema_version text not null,
payload jsonb not null,
created_at timestamptz not null default now()
);
create table if not exists bfg_flowcontrol.audit_events (
event_id text primary key,
tenant_id text not null references bfg_flowcontrol.tenants(tenant_id),
actor_id text not null references bfg_flowcontrol.users(user_id),
source text not null,
payload jsonb not null,
created_at timestamptz not null default now()
);
alter table bfg_flowcontrol.users enable row level security;
alter table bfg_flowcontrol.scenario_snapshots enable row level security;
alter table bfg_flowcontrol.audit_events enable row level security;
drop policy if exists bfg_tenant_users on bfg_flowcontrol.users;
drop policy if exists bfg_tenant_snapshots on bfg_flowcontrol.scenario_snapshots;
drop policy if exists bfg_tenant_audit on bfg_flowcontrol.audit_events;
create policy bfg_tenant_users on bfg_flowcontrol.users
using (tenant_id = current_setting('bfg.tenant_id', true));
create policy bfg_tenant_snapshots on bfg_flowcontrol.scenario_snapshots
using (tenant_id = current_setting('bfg.tenant_id', true));
create policy bfg_tenant_audit on bfg_flowcontrol.audit_events
using (tenant_id = current_setting('bfg.tenant_id', true));Runbook decision BLOCKED_PENDING_PREFLIGHT; 1/6 migration checks are ready.
Data cutover
Production data cutover console
Turn the migration runbook into batch-level tenant, operations, finance and audit replay evidence before any live DB/auth adapter is connected.
Tenant and RBAC seed
5 actors
Demo actors and permissions become the first tenant/user seed for the DB/auth adapter.
Operations replay
0 rows
Orders, driver events, client requests and dispatch evidence stay replayable.
Finance ledger
0 rows
KSeF and payment events are separated for regulated finance migration.
Audit trail
0 rows
Risk, cutover, connection, dry-run and sign-off evidence stay attached.
Snapshot freeze
0 rows
BFGScenarioSnapshot.v1 rows and checksum are locked before transfer.
Tenant/RLS seed
1/6
Runbook tables and RLS outline are ready for the target adapter.
Batch replay
0/4 + 0/5
Connection and dry-run evidence prove the payload can replay safely.
Audit parity
1/4
All batch groups have data and preflight evidence.
Rollback seal
BLOCKED_PENDING_DRY_RUN
Release and rollback packets keep the file-local fallback explicit.
ProductionDataCutoverPlan.v1 packet
db-auth-session-adapter packages 5 batch rows with checksum bfg-e7a2d068; use it as the reviewer-safe data cutover plan until production infrastructure is selected.
ProductionDataCutoverPlan.v1 target=db-auth-session-adapter session=grant-demo-local snapshot_schema=BFGScenarioSnapshot.v1 snapshot_checksum=bfg-e7a2d068 snapshot_rows=0 batch_rows=5 batches=1/4 steps=0/5 connection=0/4 dry_run=0/5 runbook_decision=BLOCKED_PENDING_PREFLIGHT release_decision=BLOCKED_PENDING_DRY_RUN rollback_decision=BLOCKED_PENDING_DRY_RUN cutover_decision=BLOCKED_PENDING_DATA_CUTOVER
Decision BLOCKED_PENDING_DATA_CUTOVER; 0/5 cutover checks and 1 batch groups are ready.
Adapter connection
Production adapter connection wizard
Record redacted endpoint, TLS/RBAC and write-probe evidence for the selected DB/auth adapter without storing secrets.
Endpoint reachability
Selected adapter endpoint is named and reachable through the approved network path.
Waiting for connection check
TLS fingerprint
Certificate fingerprint is captured as a redacted reviewer-safe value.
Waiting for connection check
RBAC session
Demo actor claims map to the future tenant/user authorization boundary.
Waiting for connection check
Write probe
A no-secret write/read probe can be replayed before live infrastructure cutover.
Waiting for connection check
ProductionAdapterConnection.v1 packet
Adapter target
db-auth-session-adapter
Redacted endpoint
Not recorded
Endpoint fingerprint
Fingerprint not recorded
Record the packet once endpoint reachability, TLS, RBAC and write probe are confirmed.
Adapter dry-run
Production adapter dry-run transcript
Run a local transcript that replays the file-backed scenario into the selected DB/auth adapter contract without requiring live infrastructure.
Scenario snapshot export
Freeze draft orders, driver events, finance events and reviewer evidence before migration.
Waiting for dry-run
Schema map validation
Map Scenario Store fields to tenant, user, order, document and audit tables.
Waiting for dry-run
RBAC claims rehearsal
Replay demo actor ids as future auth claims with role-scoped permissions.
Waiting for dry-run
Adapter replay transcript
Write and read the scenario payload through the selected DB/auth adapter contract.
Waiting for dry-run
Rollback checkpoint
Keep the file-local fallback and replay id available until production cutover is approved.
Waiting for dry-run
ProductionAdapterDryRun.v1 checkpoint
db-auth-session-adapter
Run the dry-run to create a replayable adapter checkpoint for reviewers.
Migration preflight
Snapshot migration preflight
Reviewer-safe DB/auth rehearsal report built from the current BFGScenarioSnapshot.v1 payload, adapter target and rollback evidence.
Snapshot payload
0 rows
BFGScenarioSnapshot.v1 is frozen with row count and checksum.
Schema map
1/7
Adapter decision and cutover evidence identify tenant/user/order/document/audit tables.
RBAC claims
5 actors
Demo actor ids and permissions are ready to become auth claims.
Adapter replay
0/5
ProductionAdapterDryRun.v1 proves write/read compatibility for the selected adapter.
Rollback evidence
Blocked
Release and rollback packets keep the file-local fallback explicit.
ProductionAdapterMigrationPreflight.v1 report
BFGScenarioSnapshot.v1 has 0 rows and checksum bfg-eba94650; use this report to rehearse DB/auth migration before connecting live infrastructure.
ProductionAdapterMigrationPreflight.v1 schema=BFGScenarioSnapshot.v1 target=db-auth-session-adapter session=grant-demo-local checksum=bfg-eba94650 rows=0 adapter_contract=ScenarioStore.v1 dry_run=0/5 connection=0/4 rollback_decision=BLOCKED_PENDING_DRY_RUN
Release handoff
Production release env export
Reviewer-ready env values show the exact local adapter mode, target, rollback owner and go/no-go decision.
Env vars
9
Nine release values are generated from session metadata.
Adapter target
1/7
The selected DB/auth target is visible.
Dry-run transcript
0/5
Replay transcript proves local payload compatibility.
Rollback
file-local
Fallback adapter remains explicit.
Owner evidence
0/6
Cutover owner checks are linked to Scenario Store.
Release env block
BFG_RELEASE_ENVIRONMENT=local-demo BFG_RELEASE_TARGET=db-auth-session-adapter BFG_SCENARIO_ADAPTER=ScenarioStore.v1 BFG_STORAGE_ADAPTER=file-local BFG_AUTH_MODE=mock-auth-header BFG_TENANT_MODE=single-tenant-local BFG_ROLLBACK_OWNER=user_md_anna BFG_RELEASE_EVIDENCE=ProductionAdapterDryRun.v1 BFG_RELEASE_DECISION=BLOCKED_PENDING_DRY_RUN
Decision BLOCKED_PENDING_DRY_RUN; 3/5 release handoff gates are ready.
Rollback drill
Production rollback drill
Ops can rehearse the fallback owner, storage adapter and audit packet before real infrastructure cutover.
Freeze window
BLOCKED_PENDING_DRY_RUN
Production remains blocked until the local go/no-go decision is reviewed.
Owner acknowledgement
Anna Kowalska
Managing Director owns the rollback decision and audit packet.
Storage fallback
file-local
The file-local adapter remains the explicit rollback path.
Audit packet
ProductionRollbackDrill.v1
Release and rollback evidence are tied to one exportable packet.
Rollback audit packet
BFG_ROLLBACK_DECISION=BLOCKED_PENDING_DRY_RUN BFG_ROLLBACK_OWNER=user_md_anna BFG_ROLLBACK_STORAGE=file-local BFG_ROLLBACK_AUTH=mock-auth-header BFG_ROLLBACK_EVIDENCE=ProductionReleaseHandoff.v1 BFG_ROLLBACK_PACKET=ProductionRollbackDrill.v1
Decision BLOCKED_PENDING_DRY_RUN; 0/4 rollback checks are ready for Anna Kowalska.
Environments
Adapter rollout plan
Local demo
file-local
Runs now with file-local scenario state and mock provider contracts.
Staging
db-auth-session-adapter
Next target for DB persistence, auth claims and provider secrets.
Production
tenant-rbac-adapter
Final tenant-scoped adapter with real auth and external provider audit logs.