chore: target named firestore db in prod rules deploy

shadowdevcode · shadowdevcode · commit ef201a64a97a · 2026-03-25T20:55:16.000+05:30
diff --git a/README.md b/README.md
@@ -206,8 +206,20 @@ These constraints are enforced in `firestore.rules` and validated by `test/rules
 ### Firebase
 - Firestore security rules source: `firestore.rules`
 - Local emulator config: `firebase.json`
+- App uses Firestore named database: `ai-studio-3900af62-0bf5-496a-a136-d1c8a0c4b8bd`
 - Confirm production Firebase Auth domain setup before release (Google provider and authorized domains)
 
+### Production Firestore Rules Runbook
+1. Authenticate Firebase CLI:
+   - `npx firebase login`
+2. Deploy production Firestore rules:
+   - `npm run rules:deploy:prod`
+3. Validate production owner view:
+   - Sign in as owner and open the pantry/unknown queue section.
+   - Confirm no `Unknown ingredient queue access denied` banner appears.
+4. Optional deploy diagnostics:
+   - `npm run rules:deploy:prod:dry`
+
 ## GitHub-Vercel Sync Workflow
 
 This project uses GitHub as the deployment source of truth.
@@ -261,6 +273,11 @@ This project uses GitHub as the deployment source of truth.
 ### Firestore rules tests fail with Java/emulator error
 - Install Java 17+ and confirm `java -version` resolves correctly in shell.
 
+### `Unknown ingredient queue access denied. Deploy latest Firestore rules and retry.`
+- Ensure Firebase CLI is authenticated: `npx firebase login`
+- Deploy rules to production (includes named Firestore DB target): `npm run rules:deploy:prod`
+- Retry owner view and confirm unknown queue loads.
+
 ### Google sign-in popup fails locally
 - Add `localhost` / `127.0.0.1` to Firebase Auth authorized domains.
 - Ensure browser popup blocking is disabled for local app.
diff --git a/firebase.json b/firebase.json
@@ -1,7 +1,14 @@
 {
-  "firestore": {
-    "rules": "firestore.rules"
-  },
+  "firestore": [
+    {
+      "database": "(default)",
+      "rules": "firestore.rules"
+    },
+    {
+      "database": "ai-studio-3900af62-0bf5-496a-a136-d1c8a0c4b8bd",
+      "rules": "firestore.rules"
+    }
+  ],
   "emulators": {
     "firestore": {
       "host": "127.0.0.1",
diff --git a/package.json b/package.json
@@ -12,6 +12,8 @@
     "lint": "tsc --noEmit",
     "unit:test": "node --import tsx test/unit/run.ts",
     "rules:test": "node test/rules/check-java.mjs && firebase emulators:exec --only firestore --project demo-rasoi-planner \"tsx test/rules/run.ts\"",
+    "rules:deploy:prod": "npx firebase deploy --only firestore:rules --project gen-lang-client-0862152879",
+    "rules:deploy:prod:dry": "npx firebase deploy --only firestore:rules --project gen-lang-client-0862152879 --debug",
     "e2e": "node test/e2e/run.mjs",
     "e2e:headed": "E2E_HEADLESS=false node test/e2e/run.mjs",
     "verify:local": "npm run lint && npm run unit:test && npm run build && npm run rules:test && npm run e2e",
