diff --git a/workplans/RREG-WP-0002-production-hardening.md b/workplans/RREG-WP-0002-production-hardening.md index 4e12e7e..68b9c6b 100644 --- a/workplans/RREG-WP-0002-production-hardening.md +++ b/workplans/RREG-WP-0002-production-hardening.md @@ -24,7 +24,7 @@ are reviewable; approved registry truth is explicit. ```task id: RREG-WP-0002-T01 -status: todo +status: in_progress priority: high state_hub_task_id: "a27142a6-c160-4453-ab59-50a7db92f9c4" ``` @@ -106,3 +106,33 @@ Versioned API path or explicit compatibility policy. Golden OpenAPI snapshot tes schema-diff check. More response examples for discovery and change-review endpoints. Error response schema for common 400/404 cases. Acceptance: breaking changes are deliberate and visible in tests; agent-facing endpoints have stable models. + +## Schema migration guard for vocabulary_ref (EP-CAP-003) + +```task +id: RREG-WP-0002-T07 +status: todo +priority: medium +state_hub_task_id: "6f06d8bb-0ed9-47f1-8b3e-40f725e6ece6" +``` + +Audit the `ApprovedAbility` and `ApprovedCapability` (and `ApprovedFeature`) name +fields to ensure no constraints would make adding a future nullable `vocabulary_ref` +column a painful migration. Specifically verify: + +- No CHECK constraints that assume name is the sole identity of an ability/capability +- No unique indexes on name alone (name + vocabulary_ref will be the future key) +- No foreign keys from other tables pointing at name as a natural key +- `ReviewDecision` records reference row IDs, not name strings + +This is a guard task, not an implementation task — no new columns needed now. The +goal is to confirm the v0.1 schema leaves the door open. Document the finding in +a short ADR note or inline comment. + +Context: EP-CAP-003 (Custodian State Hub, capabilities domain) — capability names +are free-text in v0.1 but will eventually need anchoring to a named vocabulary +version as terminology standardises from local ontology toward domain standard and +commodity specification. EP-CAP-002 documents the related constraint that SBOM +evidence can only corroborate or contradict capability claims, never generate them; +the confidence scoring model will need named evidence factors when SBOM +cross-referencing is added.