PR_26177_OWNER_050-environment-governance-model

[ToolboxAid]

Summary

• Established Local (VS Code) -> DEV -> IST -> UAT -> PROD as the official environment model.
• Defined the environment invariance rule: the deployable artifact is identical across environments; only .env values and environment-managed secret values differ.
• Defined one shared API/service contract across Local (VS Code), DEV, IST, UAT, and PROD.
• Defined Supabase Auth, Supabase Postgres, and Cloudflare R2 as required services in every environment.
• Defined required Cloudflare R2 top-level prefixes: /local/, /dev/, /ist/, /uat/, and /prod/.
• Documented that all environments receive approved guest seed data for all tools.
• Clarified that SQLite is deprecated/retired and is not an active runtime database.
• Updated .env.example comments/placeholders to use the official model and local R2 prefixes.
• No runtime code, UI, engine core, secret, DDL, or storage implementation changes were made.

Confirmations

• Base branch: main
• Source branch: PR_26177_OWNER_050-environment-governance-model
• Branch validation: PASS
• git diff --check: PASS
• Playwright: not impacted and not run because no runtime files changed
• Repo-structured ZIP exists: tmp/PR_26177_OWNER_050-environment-governance-model_delta.zip
• Merge status: not merged

Instruction Compliance

• PASS: Current branch was main before branch creation.
• PASS: PR name includes OWNER team token.
• PASS: Team OWNER owns environment strategy and governance.
• PASS: Scope is documentation/governance only except approved .env.example comments/placeholders.
• PASS: No runtime, UI, engine core, start_of_day, migration, DDL, or secret files changed.
• PASS: Required reports and ZIP artifact are produced for the BUILD.

Validation

• PASS: git diff --check.
• PASS: Documentation review confirmed the official environment model, invariance rule, shared API/service contract, required services, R2 prefixes, guest seed data rule, and SQLite retired status.
• SKIP: Playwright was not run because no runtime files changed.

Manual Validation Notes

• Confirmed the active Project Instructions define Local (VS Code) -> DEV -> IST -> UAT -> PROD.
• Confirmed the new addendum defines the same environment model.
• Confirmed the environment invariance rule states the deployable artifact is identical across environments.
• Confirmed only .env values and environment-managed secret values differ by environment.
• Confirmed one shared API/service contract is required across all environments.
• Confirmed Supabase Auth, Supabase Postgres, and Cloudflare R2 are required in every environment.
• Confirmed R2 top-level prefixes are /local/, /dev/, /ist/, /uat/, and /prod/.
• Confirmed all environments receive approved guest seed data for all tools.
• Confirmed SQLite is documented as deprecated/retired and not an active runtime database.
• Confirmed .env.example comments/placeholders align to the official model.

Changed Files

• .env.example
• docs_build/dev/BUILD_PR.md
• docs_build/dev/PROJECT_INSTRUCTIONS.md
• docs_build/dev/ProjectInstructions/PROJECT_INSTRUCTIONS.md
• docs_build/dev/ProjectInstructions/README.txt
• docs_build/dev/ProjectInstructions/addendums/environment_governance_model.md
• docs_build/dev/ProjectInstructions/addendums/postgres_only.md
• docs_build/dev/ProjectInstructions/addendums/release_gate.md
• docs_build/dev/admin-notes/index.txt
• docs_build/dev/reports/PR_26177_OWNER_050-environment-governance-model.md
• docs_build/dev/reports/PR_26177_OWNER_050-environment-governance-model_branch-validation.md
• docs_build/dev/reports/PR_26177_OWNER_050-environment-governance-model_requirement-checklist.md
• docs_build/dev/reports/PR_26177_OWNER_050-environment-governance-model_validation-lane.md
• docs_build/dev/reports/PR_26177_OWNER_050-environment-governance-model_manual-validation-notes.md
• docs_build/dev/reports/PR_26177_OWNER_050-environment-governance-model_instruction-compliance-checklist.md
• docs_build/dev/reports/codex_changed_files.txt
• docs_build/dev/reports/codex_review.diff

Reports Used

• docs_build/dev/reports/PR_26177_OWNER_050-environment-governance-model.md
• docs_build/dev/reports/PR_26177_OWNER_050-environment-governance-model_manual-validation-notes.md

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3ef2f910c2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep backup prefix accepted by validation

If a Local .env is created from this example and the R2 credentials are filled in, backup storage will still be rejected: loadBackupStorageConfig only accepts /dev/backups/postgres/, /ist/backups/postgres/, /uat/backups/postgres/, and /prd/backups/postgres/ in src/dev-runtime/storage/storage-config.mjs:27-32, then returns a validation error for anything else. The new /local/backups/postgres/ default therefore leaves Create Backup/config checks unavailable for the documented Local setup unless the runtime allow-list is updated in the same change.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Keep local asset prefix accepted by storage validation

When a developer copies this .env.example for Local and supplies the R2 connection values, project asset storage is reported invalid because loadStorageConfig validates GAMEFOUNDRY_STORAGE_PROJECTS_PREFIX against STORAGE_PROJECTS_ALLOWED_PREFIXES, which currently contains only /dev/projects/, /ist/projects/, /uat/projects/, and /prod/projects/ in src/dev-runtime/storage/storage-config.mjs:11-18. This new /local/projects/ default is not accepted, so the documented Local configuration cannot enable asset storage without a matching runtime allow-list update.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Align guest seed rule with an executable lane

For IST/UAT/PROD this new requirement is not currently satisfiable by the checked-in seed workflow: scripts/apply-database-seed.mjs hard-refuses any database name other than gamefoundry_dev, and docs_build/database/README.md/runbook.md document only a DEV seed lane with later approval required for non-DEV. As written, operators have an approved all-environments seed requirement but no approved command path to apply it outside DEV, so either add/scope that lane or keep this rule conditional until it exists.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Update System Health to report the PROD prefix

This establishes /prod/ as the official PROD R2 prefix, but System Health still models production as PRD with storage folder /prd in src/dev-runtime/server/local-api-router.mjs and the static Admin page also displays /prd. Even when /prod/projects/ is configured, the runtime maps it back to the PRD model and reports /prd, so the operator-facing health/reference map will contradict the new governance unless those mappings are updated with the rule.

Useful? React with 👍 / 👎.