diff --git a/packages/shared/database/src/migrations/002-create-tenant-schema-template.sql b/packages/shared/database/src/migrations/002-create-tenant-schema-template.sql
index b052596..6d76529 100644
--- a/packages/shared/database/src/migrations/002-create-tenant-schema-template.sql
+++ b/packages/shared/database/src/migrations/002-create-tenant-schema-template.sql
@@ -3,7 +3,7 @@
 
 CREATE SCHEMA IF NOT EXISTS it0_t_{TENANT_ID};
 
-SET search_path TO it0_t_{TENANT_ID};
+SET LOCAL search_path TO it0_t_{TENANT_ID};
 
 -- Agent Sessions
 CREATE TABLE agent_sessions (
diff --git a/packages/shared/database/src/migrations/007-add-phone-to-users.sql b/packages/shared/database/src/migrations/007-add-phone-to-users.sql
index ca2a67c..6e5f29f 100644
--- a/packages/shared/database/src/migrations/007-add-phone-to-users.sql
+++ b/packages/shared/database/src/migrations/007-add-phone-to-users.sql
@@ -1,5 +1,10 @@
 -- Add phone field to users tables (public schema + all tenant schemas)
 -- phone is nullable, unique when present
+-- Also make tenants.admin_email nullable (phone-only registrations have no email)
+
+-- 0. Make tenants.admin_email nullable
+ALTER TABLE public.tenants
+  ALTER COLUMN admin_email DROP NOT NULL;
 
 -- 1. Public schema users table (auth-service managed, platform admins & default tenant)
 ALTER TABLE public.users
diff --git a/packages/shared/database/src/tenant-provisioning.service.ts b/packages/shared/database/src/tenant-provisioning.service.ts
index 5da913a..37a8955 100644
--- a/packages/shared/database/src/tenant-provisioning.service.ts
+++ b/packages/shared/database/src/tenant-provisioning.service.ts
@@ -44,9 +44,12 @@ export class TenantProvisioningService {
       }
 
       await queryRunner.commitTransaction();
+      // Reset search_path to prevent connection pool contamination
+      await queryRunner.query('RESET search_path');
       this.logger.log(`Tenant schema ${schemaName} provisioned successfully.`);
     } catch (err) {
       await queryRunner.rollbackTransaction();
+      await queryRunner.query('RESET search_path').catch(() => {});
       this.logger.error(`Failed to provision tenant ${tenantId}:`, err);
       throw err;
     } finally {