diff --git a/docs/prisma-governance.md b/docs/prisma-governance.md new file mode 100644 index 0000000..31085ea --- /dev/null +++ b/docs/prisma-governance.md @@ -0,0 +1,20 @@ +# Prisma governance + +## Single source of truth + +- Canonical Prisma schema: `frontend/prisma/schema.prisma`. +- Service copies: + - `omni_chat/prisma/schema.prisma` + - `omni_outbound/prisma/schema.prisma` + +## Update flow + +1. Edit only `frontend/prisma/schema.prisma`. +2. Run `./scripts/prisma-sync.sh`. +3. Run `./scripts/prisma-check.sh`. +4. Commit changed schema copies. + +## Rollout policy + +- Schema rollout (`prisma db push` / migrations) is allowed only in `frontend`. +- `omni_chat` and `omni_outbound` must use generated Prisma client only. diff --git a/omni_chat/README.md b/omni_chat/README.md index b04021e..1b2a598 100644 --- a/omni_chat/README.md +++ b/omni_chat/README.md @@ -19,3 +19,9 @@ - `PORT` (default: `8090`) - `RECEIVER_FLOW_QUEUE_NAME` (default: `receiver.flow`) - `SENDER_FLOW_QUEUE_NAME` (default: `sender.flow`) + +## Prisma policy + +- Источник схемы: `frontend/prisma/schema.prisma`. +- Локальная копия в `omni_chat/prisma/schema.prisma` обновляется только через `scripts/prisma-sync.sh`. +- Миграции/`db push` выполняются только в `frontend`. diff --git a/omni_outbound/README.md b/omni_outbound/README.md index a38eb37..c7ae740 100644 --- a/omni_outbound/README.md +++ b/omni_outbound/README.md @@ -14,3 +14,9 @@ - `DATABASE_URL` - `SENDER_FLOW_QUEUE_NAME` (default: `sender.flow`) - `OUTBOUND_DELIVERY_QUEUE_NAME` (legacy alias, optional) + +## Prisma policy + +- Источник схемы: `frontend/prisma/schema.prisma`. +- Локальная копия в `omni_outbound/prisma/schema.prisma` обновляется только через `scripts/prisma-sync.sh`. +- Миграции/`db push` выполняются только в `frontend`. diff --git a/scripts/prisma-check.sh b/scripts/prisma-check.sh new file mode 100755 index 0000000..099cca6 --- /dev/null +++ b/scripts/prisma-check.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +CANONICAL_SCHEMA="$ROOT_DIR/frontend/prisma/schema.prisma" +TARGETS=( + "$ROOT_DIR/omni_chat/prisma/schema.prisma" + "$ROOT_DIR/omni_outbound/prisma/schema.prisma" +) + +if [[ ! -f "$CANONICAL_SCHEMA" ]]; then + echo "[prisma-check] Canonical schema not found: $CANONICAL_SCHEMA" >&2 + exit 1 +fi + +status=0 + +for target in "${TARGETS[@]}"; do + if [[ ! -f "$target" ]]; then + echo "[prisma-check] Missing schema: $target" >&2 + status=1 + continue + fi + + if ! cmp -s "$CANONICAL_SCHEMA" "$target"; then + echo "[prisma-check] Schema drift detected: $target" >&2 + status=1 + else + echo "[prisma-check] OK: $target" + fi +done + +# Enforce one rollout point for schema changes: +# only frontend is allowed to run db push/migration commands. +if rg -n "prisma (db push|migrate|migrate deploy|migrate dev)" \ + "$ROOT_DIR/omni_chat" "$ROOT_DIR/omni_outbound" \ + --glob '!**/node_modules/**' \ + --glob '!**/package-lock.json' \ + --glob '!**/README.md' > /tmp/prisma_non_frontend_migrations.txt; then + echo "[prisma-check] Forbidden Prisma migration/db push command outside frontend:" >&2 + cat /tmp/prisma_non_frontend_migrations.txt >&2 + status=1 +else + echo "[prisma-check] OK: no migration/db push commands in omni services" +fi + +if [[ "$status" -ne 0 ]]; then + echo "[prisma-check] Failed. Run scripts/prisma-sync.sh and commit schema updates." >&2 + exit "$status" +fi + +echo "[prisma-check] Passed." diff --git a/scripts/prisma-sync.sh b/scripts/prisma-sync.sh new file mode 100755 index 0000000..23c880f --- /dev/null +++ b/scripts/prisma-sync.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +CANONICAL_SCHEMA="$ROOT_DIR/frontend/prisma/schema.prisma" +TARGETS=( + "$ROOT_DIR/omni_chat/prisma/schema.prisma" + "$ROOT_DIR/omni_outbound/prisma/schema.prisma" +) + +if [[ ! -f "$CANONICAL_SCHEMA" ]]; then + echo "[prisma-sync] Canonical schema not found: $CANONICAL_SCHEMA" >&2 + exit 1 +fi + +for target in "${TARGETS[@]}"; do + mkdir -p "$(dirname "$target")" + cp "$CANONICAL_SCHEMA" "$target" + echo "[prisma-sync] Updated $target" +done + +echo "[prisma-sync] Done. Canonical source: $CANONICAL_SCHEMA"