You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Make target-contributed-psl-blocks an explicit step in the running order
TML-2537 was only referenced in passing inside the other steps; it is
Will-owned, in flight, and on the critical path (gates postgres-rls's
PSL policy {} surface), so it now reads as its own numbered step.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Will Madden <madden@prisma.io>
Copy file name to clipboardExpand all lines: projects/supabase-integration/README.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -86,12 +86,13 @@ This separation also answers "how do we test RLS before the runtime exists": **p
86
86
The foundation + `control-policy` are done, so the remaining work is highly parallel. Capacity: Will runs ~2 concurrent lanes alongside [target-contributed-psl-blocks](../target-contributed-psl-blocks/spec.md) (TML-2537) in flight; Serhii owns `explicit-namespace-dsl`.
87
87
88
88
1. **Lane 1 — `extension-supabase` M1 + walking skeleton.** Stands up `examples/supabase` on the stock Postgres runtime and authors `bootstrapSupabaseShim`. Unblocked by the done foundation + control-policy alone.
89
-
2. **Lane 2 — `cross-contract-refs`.** Chosen *before* `postgres-rls` despite RLS being the longer/riskier pole: within a single serial lane, order doesn't change total wall-clock, and cross-contract-refs is **fully unblocked end-to-end** whereas RLS's must-have PSL surface is gated on TML-2537. Doing cross-contract-refs first lets TML-2537 finish in parallel, so `postgres-rls` can then run TS + PSL in one clean pass instead of stalling mid-project. It also lands the contract-aggregate/brand machinery the rest leans on, and delivers the headline `Profile → auth.User` FK early — validating the skeleton with something real before wading into the riskier RLS work.
90
-
3. **Then — `postgres-rls`** (TS + PSL in one pass) the moment TML-2537 lands / a lane frees. **`runtime-target-layer`** is a cheap interleave (~50–100 LOC core) slotted whenever convenient; it's the substrate `SupabaseRuntime` extends in `extension-supabase` M2.
91
-
4. **In parallel throughout — `explicit-namespace-dsl` (Serhii).** The launch blocker; depends only on the landed TML-2605.
92
-
5. **Integration — `extension-supabase` M2→M4.** Role binding (`asUser`/`asAnon`/`asServiceRole`), the live-query RLS e2e, real-Supabase acceptance, close-out.
89
+
2. **Lane 2 — `cross-contract-refs`.** Chosen *before* `postgres-rls` despite RLS being the longer/riskier pole: within a single serial lane, order doesn't change total wall-clock, and cross-contract-refs is **fully unblocked end-to-end** whereas RLS's must-have PSL surface is gated on TML-2537 (step 3). Doing cross-contract-refs first lets TML-2537 finish in parallel, so `postgres-rls` can then run TS + PSL in one clean pass instead of stalling mid-project. It also lands the contract-aggregate/brand machinery the rest leans on, and delivers the headline `Profile → auth.User` FK early — validating the skeleton with something real before wading into the riskier RLS work.
90
+
3. **In flight (Will) — [`target-contributed-psl-blocks`](../target-contributed-psl-blocks/spec.md) (TML-2537).** Not a constituent but on the critical path: it's the PSL-block extensibility substrate that lets the Postgres pack contribute the `policy {}` keyword, so it **gates `postgres-rls`'s PSL surface** (PSL authoring is must-have for launch). Landing it is the pivot that lets step 4 run as a single TS + PSL lane rather than stalling.
91
+
4. **Then — `postgres-rls`** (TS + PSL in one pass) the moment TML-2537 (step 3) lands / a lane frees. **`runtime-target-layer`** is a cheap interleave (~50–100 LOC core) slotted whenever convenient; it's the substrate `SupabaseRuntime` extends in `extension-supabase` M2.
92
+
5. **In parallel throughout — `explicit-namespace-dsl` (Serhii).** The launch blocker; depends only on the landed TML-2605.
93
+
6. **Integration — `extension-supabase` M2→M4.** Role binding (`asUser`/`asAnon`/`asServiceRole`), the live-query RLS e2e, real-Supabase acceptance, close-out.
93
94
94
-
"Longest pole first" is the right call for *parallel* lanes, so `postgres-rls` should move onto its own lane as early as one frees — which coincides with TML-2537 landing (also unblocking RLS-PSL).
95
+
"Longest pole first" is the right call for *parallel* lanes, so `postgres-rls` should move onto its own lane as early as one frees — which coincides with TML-2537 (step 3) landing.
0 commit comments