Phase 7 Review Regressions

Pull request: #29
Governing issue: #28
Fixture policy: Synthetic data only

Review findings repaired

Finding Permanent correction Regression evidence
Incident resolution could be attempted by an unrelated support operator PostgreSQL now permits the assigned owner, active global trust supervisor or administrator only; terminal resolution is immutable operations-reporting.e2e.spec.ts rejects unrelated support resolution before the owner resolves
Public-returning field text could contain precise location or private storage references Reusable PostgreSQL public-safe text checks cover work reasons, terminal text, summaries and observation notes operations-field-workflow.e2e.spec.ts rejects coordinate pairs and private object paths
Field-work creation failed because a PL/pgSQL variable shadowed an assignment column Forward-only migration qualifies assignment columns and preserves scope checks All field-work lifecycle tests create scoped assignments successfully
Reassignment migration assumed a generated foreign-key name Migration discovers the existing self-reference and replaces it with the deferred named constraint Migration verification and atomic reassignment test pass
Override fixture linked case evidence through an obsolete path Fixture now seeds the current mandatory evidence snapshot without the retired link insertion High-risk override evidence-gate and four-eyes tests pass
Expiry privacy assertion rejected the safe objectKeyIncluded: false flag Assertion now checks concrete serialized key fields and storage URLs Reporting expiry test confirms flags remain visible while storage metadata is absent
Missed-visit test advanced the item to in_progress before recording missed Fixture records missed from accepted, preserving the stricter lifecycle Parameterized field terminal-state regression passes for missed and unable_to_verify
Field repository audit request identifier conflicted with exactOptionalPropertyTypes Audit input accepts explicit string | undefined Strict TypeScript passes

Permanent gate coverage

Backend CI verifies:

  • formatting and ESLint;
  • strict TypeScript;
  • forward-only migration application and checksum verification;
  • database, integration, service and HTTP regressions with coverage;
  • production JavaScript build;
  • generated OpenAPI validation.

Operations portal CI verifies:

  • formatting, lint and strict TypeScript;
  • permission-aware navigation and actions;
  • keyboard and accessibility behavior;
  • loading, empty, overdue, denied, revoked and conflict states;
  • production Next.js build;
  • API-only architecture isolation.

Security assertions

The Phase 7 regressions prove that:

  • unassigned and revoked private evidence access fails;
  • field observations create no decisions or claims;
  • requester, self and duplicate high-risk approvals fail;
  • overrides cannot bypass mandatory evidence or publication policy;
  • unrelated support operators cannot resolve another owner's incident;
  • precise coordinates and private storage references cannot enter public-returning field text;
  • reporting output contains no storage paths, document content, private coordinates or disallowed identifiers;
  • the portal cannot import database or storage modules.

Deferred validation

Real provider/customer data, production storage, field-verification economics, legal/privacy review, representative devices/connectivity, maps, messaging, payments and public pilot operation remain outside this checkpoint and are retained by Issue #5 and later phases.