{
  "schemaVersion": "imladri.db-sandbox-hardening-status.v1",
  "status": "active",
  "updatedAt": "2026-06-10",
  "claimBoundary": "The DB sandbox claim is production-like only when the scheduled GitHub workflow runs with a real Postgres URL secret. Without that secret, local unit coverage still passes but real cloud/database hardening is credential-gated.",
  "requiredSecretNames": [
    "TEST_POSTGRES_DATABASE_URL",
    "NORTHWIND_DATABASE_URL",
    "PRODUCTION_DB_SANDBOX_DATABASE_URL"
  ],
  "coveredByStrictWorkflow": [
    "Unit DB sandbox transaction/session/clone checks",
    "Native Postgres branch compatibility",
    "Profile API DB sandbox create/transaction/proof/destroy flow",
    "Postgres compatibility checks",
    "Postgres edge guard checks",
    "Northwind fixture provisioning",
    "No leftover branch schemas",
    "No leftover branch databases"
  ],
  "productionRuntimeEvidence": [
    "DigitalOcean/Droplet runtime layout documents northwind as the production buyer-flow DB sandbox target.",
    "Droplet ops include daily Postgres backups, SHA-256 sidecars, restore tooling, runtime monitoring, and backup freshness alerts.",
    "Production buyer-flow smoke exercises the Worker-to-runtime DB sandbox create, transaction, proof, and destroy API path."
  ],
  "workflow": "https://github.com/MAdArab872/imladri/actions/workflows/db-sandbox-hardening.yml",
  "runtimeRunbook": "/deploy/droplet/README.md",
  "opsRunbook": "/deploy/droplet/ops/README.md",
  "research": "/research/sandboxing"
}