feat(T023): add disabled local Postgres compile harness stub

Author: artemhobotun

docs/LOCAL_POSTGRES_COMPILE_HARNESS_STUB.md

@@ -0,0 +1,10 @@
+# Local Postgres Compile Harness Stub
+
+T023 is disabled-by-default.
+It does not start Postgres.
+It does not execute SQL.
+It does not call Docker, psql, or Supabase CLI.
+It does not connect to any database.
+It only records a disabled status report.
+Future actual local compile execution requires a separate explicit gate.
+Live Supabase remains later and requires explicit approval.

docs/backend/supabase/local-compile-harness/local-postgres-compile-harness-stub.manifest.json

@@ -0,0 +1,33 @@
+{
+  "stub_id": "pg-compile-harness-stub-001",
+  "version": "0.23.0",
+  "status": "disabled",
+  "no_execution_now": true,
+  "future_gate_required": true,
+  "source_design_manifest": "docs/backend/supabase/local-compile-harness/local-postgres-compile-harness.manifest.json",
+  "source_sql_files": [
+    "docs/backend/supabase/rehearsal/001_ai_scan_storage_schema.rehearsal.sql",
+    "docs/backend/supabase/rehearsal/001_ai_scan_storage_schema.rollback.rehearsal.sql"
+  ],
+  "forbidden_now": [
+    "docker",
+    "docker compose",
+    "psql",
+    "supabase cli",
+    "supabase link",
+    "supabase db push",
+    "live database URLs",
+    "service role keys",
+    "anon keys",
+    "wrangler deploy",
+    "GitHub Actions scanner mode",
+    "SARIF",
+    "PR annotations"
+  ],
+  "allowed_now": [
+    "read local manifest files",
+    "read local SQL rehearsal files",
+    "produce deterministic disabled status report",
+    "validate safety boundary"
+  ]
+}

docs/backend/supabase/rehearsal/migration-rehearsal.manifest.json

@@ -1,5 +1,5 @@
 {
-  "schema_version": "0.20.0",
+  "schema_version": "0.23.0",
   "rehearsal_type": "caesar-ai-scan-supabase-migration-rehearsal",
   "rehearsal_status": "local_only_not_applied",
   "source_contract": {

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "caesar-ai-scan",
-  "version": "0.22.0",
+  "version": "0.23.0",
   "description": "Static-analysis CLI and CI/CD tool to inventory AI dependencies, framework usage, vector DBs, and credentials.",
   "type": "module",
   "main": "src/cli.mjs",
@@ -38,7 +38,9 @@
     "validate:sql-compile-rehearsal": "node scripts/validate-sql-compile-rehearsal.mjs",
     "postgres:compile-harness-report": "node scripts/build-local-postgres-compile-harness-report.mjs",
     "validate:postgres-compile-harness": "node scripts/validate-local-postgres-compile-harness.mjs",
-    "check:all-offline": "npm run check:syntax && npm run scan:sample && npm run validate:samples && npm run validate:rule-pack-v1 && npm run review:sample && npm run validate:review && npm run pack:sample && npm run validate:pack && npm run scope:sample && npm run validate:scope && npm run validate:history && npm run inventory:sample && npm run validate:inventory && npm run bundle:sample && npm run validate:bundle && npm run import:sample && npm run validate:import && npm run build:site && npm run validate:site && npm run api:sample && npm run dashboard:sample && npm run validate:dashboard && npm run validate:local-api && npm run validate:backend-boundary && npm run store:sample && npm run validate:store && npm run supabase:mapping-sample && npm run validate:supabase-draft && npm run worker:route-sample && npm run validate:worker-boundary && npm run supabase:migration-rehearsal-report && npm run validate:supabase-rehearsal && npm run sql:compile-rehearsal-report && npm run validate:sql-compile-rehearsal && npm run postgres:compile-harness-report && npm run validate:postgres-compile-harness",
+    "postgres:compile-harness-stub": "node scripts/run-local-postgres-compile-harness-stub.mjs",
+    "validate:postgres-compile-harness-stub": "node scripts/validate-local-postgres-compile-harness-stub.mjs",
+    "check:all-offline": "npm run check:syntax && npm run scan:sample && npm run validate:samples && npm run validate:rule-pack-v1 && npm run review:sample && npm run validate:review && npm run pack:sample && npm run validate:pack && npm run scope:sample && npm run validate:scope && npm run validate:history && npm run inventory:sample && npm run validate:inventory && npm run bundle:sample && npm run validate:bundle && npm run import:sample && npm run validate:import && npm run build:site && npm run validate:site && npm run api:sample && npm run dashboard:sample && npm run validate:dashboard && npm run validate:local-api && npm run validate:backend-boundary && npm run store:sample && npm run validate:store && npm run supabase:mapping-sample && npm run validate:supabase-draft && npm run worker:route-sample && npm run validate:worker-boundary && npm run supabase:migration-rehearsal-report && npm run validate:supabase-rehearsal && npm run sql:compile-rehearsal-report && npm run validate:sql-compile-rehearsal && npm run postgres:compile-harness-report && npm run validate:postgres-compile-harness && npm run postgres:compile-harness-stub && npm run validate:postgres-compile-harness-stub",
     "api:sample": "node scripts/generate-api-projection.mjs",
     "dashboard:sample": "node scripts/build-static-dashboard-demo.mjs",
     "validate:dashboard": "node scripts/validate-static-dashboard.mjs",

package.json

@@ -0,0 +1,17 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Local Postgres Compile Harness Stub Schema",
+  "type": "object",
+  "properties": {
+    "stub_id": { "type": "string" },
+    "version": { "type": "string" },
+    "status": { "type": "string", "enum": ["disabled"] },
+    "no_execution_now": { "type": "boolean" },
+    "future_gate_required": { "type": "boolean" },
+    "source_design_manifest": { "type": "string" },
+    "source_sql_files": { "type": "array", "items": { "type": "string" } },
+    "forbidden_now": { "type": "array", "items": { "type": "string" } },
+    "allowed_now": { "type": "array", "items": { "type": "string" } }
+  },
+  "required": ["stub_id", "version", "status", "no_execution_now", "future_gate_required"]
+}

schemas/local-postgres-compile-harness-stub.schema.json

@@ -1,5 +1,5 @@
 {
-  "schema_version": "0.22.0",
+  "schema_version": "0.23.0",
   "rehearsal_type": "caesar-ai-scan-supabase-migration-rehearsal",
   "rehearsal_status": "local_only_not_applied",
   "source_contract": {

schemas/supabase-migration-rehearsal.schema.json

@@ -0,0 +1,24 @@
+import { readFileSync, writeFileSync } from 'fs';
+import { join } from 'path';
+
+const stubManifestPath = join(process.cwd(), 'docs/backend/supabase/local-compile-harness/local-postgres-compile-harness-stub.manifest.json');
+const reportOutputPath = join(process.cwd(), 'site/data/rehearsal/local-postgres-compile-harness-stub-report.json');
+
+const stubManifest = JSON.parse(readFileSync(stubManifestPath, 'utf8'));
+
+const report = {
+  timestamp: new Date().toISOString(),
+  stub_id: stubManifest.stub_id,
+  status: "disabled",
+  executed_sql: false,
+  invoked_docker: false,
+  invoked_psql: false,
+  invoked_supabase_cli: false,
+  connected_to_database: false,
+  applied_migrations: false,
+  requires_future_gate: true,
+  notes: "Stub enabled in safe mode. No execution attempted."
+};
+
+writeFileSync(reportOutputPath, JSON.stringify(report, null, 2));
+console.log('Stub report generated successfully.');

scripts/run-local-postgres-compile-harness-stub.mjs

@@ -0,0 +1,24 @@
+import { readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+
+const reportPath = join(process.cwd(), 'site/data/rehearsal/local-postgres-compile-harness-stub-report.json');
+const manifestPath = join(process.cwd(), 'docs/backend/supabase/local-compile-harness/local-postgres-compile-harness-stub.manifest.json');
+
+if (!existsSync(reportPath)) {
+  console.error('Report file does not exist.');
+  process.exit(1);
+}
+
+const report = JSON.parse(readFileSync(reportPath, 'utf8'));
+
+if (report.status !== 'disabled' || report.executed_sql || report.invoked_docker || report.invoked_psql || report.invoked_supabase_cli || report.connected_to_database || report.applied_migrations || !report.requires_future_gate) {
+  console.error('Report indicates forbidden activity.');
+  process.exit(1);
+}
+
+if (!existsSync(manifestPath)) {
+    console.error('Manifest file missing.');
+    process.exit(1);
+}
+
+console.log('Validation passed.');

scripts/validate-local-postgres-compile-harness-stub.mjs

@@ -106,8 +106,8 @@ async function validate() {
   const forwardSql = await fs.readFile(FORWARD_SQL, 'utf8');
   const rollbackSql = await fs.readFile(ROLLBACK_SQL, 'utf8');
 
-  if (schema.schema_version !== '0.22.0') {
-    throw new Error('Schema version must be 0.22.0');
+  if (schema.schema_version !== '0.23.0') {
+    throw new Error('Schema version must be 0.23.0');
   }
   if (manifest.rehearsal_status !== 'local_only_not_applied') {
     throw new Error('Manifest rehearsal_status must be local_only_not_applied');
@@ -140,8 +140,8 @@ async function validate() {
     }
   }
 
-  if (pkg.version !== '0.22.0') {
-    throw new Error('package.json version must be 0.22.0');
+  if (pkg.version !== '0.23.0') {
+    throw new Error('package.json version must be 0.23.0');
   }
   if (!pkg.scripts['validate:supabase-rehearsal'] || !pkg.scripts['supabase:migration-rehearsal-report']) {
     throw new Error('package.json missing supabase rehearsal scripts');