Fix: correct access_mode default to policy_required in factory and docs

jumpbetweenrows · jumpbetweenrows · commit f4e5b2b45a38 · 2026-03-07T18:58:07.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,7 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - `PolicyHook` replaces hardcoded `RLSHook`; supports `row_filter`, `column_mask`, and `column_access` obligation types
   - Template variables (`{user.tenant}`, `{user.username}`, `{user.id}`) with parse-then-substitute injection safety
   - Wildcard matching (`schema: "*"`, `table: "*"`) in obligation definitions
-  - `access_mode` field on datasources: `"open"` (default) or `"policy_required"` (no policy = empty results)
+  - `access_mode` field on datasources: `"policy_required"` (default) or `"open"` (no policy = full access)
   - Optimistic concurrency on policy updates via `version` field (409 Conflict on mismatch)
   - Immutable `policy_version` snapshots on every policy mutation for audit traceability
   - Deny policies short-circuit with error before plan execution
diff --git a/admin-ui/src/test/factories.ts b/admin-ui/src/test/factories.ts
@@ -73,7 +73,7 @@ export function makeDataSource(overrides: Partial<DataSource> = {}): DataSource
     ds_type: 'postgres',
     config: { host: 'localhost', port: 5432, db: 'mydb', user: 'postgres' },
     is_active: true,
-    access_mode: 'open',
+    access_mode: 'policy_required',
     last_sync_at: null,
     last_sync_result: null,
     created_at: '2024-01-01T00:00:00Z',
diff --git a/permission_stories.md b/permission_stories.md
@@ -469,7 +469,7 @@ The following stories are implemented in the current release via the policy syst
 **Key design decisions for P0:**
 - Policies assign directly to users or all users (`user_id = NULL`). No roles/groups.
 - `is_admin` grants management API access only — does NOT bypass data policies.
-- Datasource `access_mode`: `"open"` (default) or `"policy_required"`.
+- Datasource `access_mode`: `"policy_required"` (default) or `"open"`.
 - Version snapshots for audit: every policy mutation increments `version` and creates a `policy_version` snapshot.
 - Template variables (`{user.tenant}`, etc.) use parse-then-substitute — immune to injection.
 
