chore(prisma): enforce frontend-owned schema rollout policy

docs/prisma-governance.md

@@ -0,0 +1,20 @@
+# Prisma governance
+
+## Single source of truth
+
+- Canonical Prisma schema: `frontend/prisma/schema.prisma`.
+- Service copies:
+  - `omni_chat/prisma/schema.prisma`
+  - `omni_outbound/prisma/schema.prisma`
+
+## Update flow
+
+1. Edit only `frontend/prisma/schema.prisma`.
+2. Run `./scripts/prisma-sync.sh`.
+3. Run `./scripts/prisma-check.sh`.
+4. Commit changed schema copies.
+
+## Rollout policy
+
+- Schema rollout (`prisma db push` / migrations) is allowed only in `frontend`.
+- `omni_chat` and `omni_outbound` must use generated Prisma client only.

omni_chat/README.md

@@ -19,3 +19,9 @@
 - `PORT` (default: `8090`)
 - `RECEIVER_FLOW_QUEUE_NAME` (default: `receiver.flow`)
 - `SENDER_FLOW_QUEUE_NAME` (default: `sender.flow`)
+
+## Prisma policy
+
+- Источник схемы: `frontend/prisma/schema.prisma`.
+- Локальная копия в `omni_chat/prisma/schema.prisma` обновляется только через `scripts/prisma-sync.sh`.
+- Миграции/`db push` выполняются только в `frontend`.

omni_outbound/README.md

@@ -14,3 +14,9 @@
 - `DATABASE_URL`
 - `SENDER_FLOW_QUEUE_NAME` (default: `sender.flow`)
 - `OUTBOUND_DELIVERY_QUEUE_NAME` (legacy alias, optional)
+
+## Prisma policy
+
+- Источник схемы: `frontend/prisma/schema.prisma`.
+- Локальная копия в `omni_outbound/prisma/schema.prisma` обновляется только через `scripts/prisma-sync.sh`.
+- Миграции/`db push` выполняются только в `frontend`.

scripts/prisma-check.sh

@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CANONICAL_SCHEMA="$ROOT_DIR/frontend/prisma/schema.prisma"
+TARGETS=(
+  "$ROOT_DIR/omni_chat/prisma/schema.prisma"
+  "$ROOT_DIR/omni_outbound/prisma/schema.prisma"
+)
+
+if [[ ! -f "$CANONICAL_SCHEMA" ]]; then
+  echo "[prisma-check] Canonical schema not found: $CANONICAL_SCHEMA" >&2
+  exit 1
+fi
+
+status=0
+
+for target in "${TARGETS[@]}"; do
+  if [[ ! -f "$target" ]]; then
+    echo "[prisma-check] Missing schema: $target" >&2
+    status=1
+    continue
+  fi
+
+  if ! cmp -s "$CANONICAL_SCHEMA" "$target"; then
+    echo "[prisma-check] Schema drift detected: $target" >&2
+    status=1
+  else
+    echo "[prisma-check] OK: $target"
+  fi
+done
+
+# Enforce one rollout point for schema changes:
+# only frontend is allowed to run db push/migration commands.
+if rg -n "prisma (db push|migrate|migrate deploy|migrate dev)" \
+  "$ROOT_DIR/omni_chat" "$ROOT_DIR/omni_outbound" \
+  --glob '!**/node_modules/**' \
+  --glob '!**/package-lock.json' \
+  --glob '!**/README.md' > /tmp/prisma_non_frontend_migrations.txt; then
+  echo "[prisma-check] Forbidden Prisma migration/db push command outside frontend:" >&2
+  cat /tmp/prisma_non_frontend_migrations.txt >&2
+  status=1
+else
+  echo "[prisma-check] OK: no migration/db push commands in omni services"
+fi
+
+if [[ "$status" -ne 0 ]]; then
+  echo "[prisma-check] Failed. Run scripts/prisma-sync.sh and commit schema updates." >&2
+  exit "$status"
+fi
+
+echo "[prisma-check] Passed."

scripts/prisma-sync.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CANONICAL_SCHEMA="$ROOT_DIR/frontend/prisma/schema.prisma"
+TARGETS=(
+  "$ROOT_DIR/omni_chat/prisma/schema.prisma"
+  "$ROOT_DIR/omni_outbound/prisma/schema.prisma"
+)
+
+if [[ ! -f "$CANONICAL_SCHEMA" ]]; then
+  echo "[prisma-sync] Canonical schema not found: $CANONICAL_SCHEMA" >&2
+  exit 1
+fi
+
+for target in "${TARGETS[@]}"; do
+  mkdir -p "$(dirname "$target")"
+  cp "$CANONICAL_SCHEMA" "$target"
+  echo "[prisma-sync] Updated $target"
+done
+
+echo "[prisma-sync] Done. Canonical source: $CANONICAL_SCHEMA"