# Multi-tenant PostgreSQL with RLS and Schema Isolation

## Module
Attestor

## Status
VERIFIED

## Description
Module-scoped PostgreSQL schemas with RLS policies, tenant-scoped tables with required columns (id, tenant_id, created_at, updated_at), JSONB-first patterns, and queue patterns (SKIP LOCKED).

## Implementation Details
- **DbContext**: `src/Attestor/__Libraries/StellaOps.Attestor.Persistence/ProofChainDbContext.cs` -- EF Core DbContext with tenant-scoped queries, RLS policy application, and schema isolation.
- **Entities**:
  - `Entities/DsseEnvelopeEntity.cs` -- persisted DSSE envelope with tenant_id, created_at, updated_at.
  - `Entities/RekorEntryEntity.cs` -- persisted Rekor log entry with tenant_id.
  - `Entities/SbomEntryEntity.cs` -- persisted SBOM entry with tenant_id.
  - `Entities/SpineEntity.cs` -- persisted proof spine with tenant_id.
  - `Entities/TrustAnchorEntity.cs` -- persisted trust anchor with tenant_id.
  - `Entities/VerdictLedgerEntry.cs` -- persisted verdict ledger entry with tenant_id.
  - `Entities/AuditLogEntity.cs` -- audit log with tenant_id.
- **Repositories**:
  - `Repositories/IProofChainRepository.cs` -- repository interface for proof chain entities.
  - `Repositories/IVerdictLedgerRepository.cs` -- repository interface for verdict ledger.
  - `Repositories/PostgresVerdictLedgerRepository.cs` -- PostgreSQL implementation with tenant-scoped queries.
- **Migrations**: `Migrations/` -- EF Core migrations defining schema, RLS policies, and indexes.
- **Queue**: `StellaOps.Attestor.Core/Queue/IRekorSubmissionQueue.cs` -- durable queue using SKIP LOCKED pattern for concurrent processing.
- **Services**: `__Libraries/StellaOps.Attestor.Persistence/Services/` -- data access services.
- **Performance**: `__Libraries/StellaOps.Attestor.Persistence/Perf/` -- performance-related configurations.
- **Tests**: `__Tests/StellaOps.Attestor.Persistence.Tests/`

## E2E Test Plan
- [ ] Create entities (DsseEnvelope, RekorEntry, Spine) for tenant A and verify they are not visible when querying as tenant B (RLS enforcement)
- [ ] Verify all entities have required columns: `id`, `tenant_id`, `created_at`, `updated_at`
- [ ] Create a `VerdictLedgerEntry` via `PostgresVerdictLedgerRepository` and verify it is persisted with correct tenant_id
- [ ] Submit items to `IRekorSubmissionQueue` from multiple tenants and verify SKIP LOCKED processing handles concurrent consumers without duplicates
- [ ] Verify JSONB columns store and retrieve complex predicate data correctly
- [ ] Run a migration against a fresh database and verify the schema is created with RLS policies enabled
- [ ] Verify `AuditLogEntity` captures creation/update events with tenant context

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |