From a24eb84e1341117447cf44243ff4297abeecbfff Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Sat, 7 Mar 2026 04:04:53 -0800
Subject: [PATCH] fix(provisioning): prevent search_path pool contamination via
 SET LOCAL + RESET

- Change SET search_path to SET LOCAL in tenant schema template (002)
  so it reverts on COMMIT and doesn't contaminate the connection pool
- Add RESET search_path before queryRunner.release() as defensive measure
- Add ALTER TABLE public.tenants admin_email DROP NOT NULL to migration 007
  to sync the direct server change back to source

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../src/migrations/002-create-tenant-schema-template.sql     | 2 +-
 .../database/src/migrations/007-add-phone-to-users.sql       | 5 +++++
 packages/shared/database/src/tenant-provisioning.service.ts  | 3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/packages/shared/database/src/migrations/002-create-tenant-schema-template.sql b/packages/shared/database/src/migrations/002-create-tenant-schema-template.sql
index b052596..6d76529 100644
--- a/packages/shared/database/src/migrations/002-create-tenant-schema-template.sql
+++ b/packages/shared/database/src/migrations/002-create-tenant-schema-template.sql
@@ -3,7 +3,7 @@
 
 CREATE SCHEMA IF NOT EXISTS it0_t_{TENANT_ID};
 
-SET search_path TO it0_t_{TENANT_ID};
+SET LOCAL search_path TO it0_t_{TENANT_ID};
 
 -- Agent Sessions
 CREATE TABLE agent_sessions (
diff --git a/packages/shared/database/src/migrations/007-add-phone-to-users.sql b/packages/shared/database/src/migrations/007-add-phone-to-users.sql
index ca2a67c..6e5f29f 100644
--- a/packages/shared/database/src/migrations/007-add-phone-to-users.sql
+++ b/packages/shared/database/src/migrations/007-add-phone-to-users.sql
@@ -1,5 +1,10 @@
 -- Add phone field to users tables (public schema + all tenant schemas)
 -- phone is nullable, unique when present
+-- Also make tenants.admin_email nullable (phone-only registrations have no email)
+
+-- 0. Make tenants.admin_email nullable
+ALTER TABLE public.tenants
+  ALTER COLUMN admin_email DROP NOT NULL;
 
 -- 1. Public schema users table (auth-service managed, platform admins & default tenant)
 ALTER TABLE public.users
diff --git a/packages/shared/database/src/tenant-provisioning.service.ts b/packages/shared/database/src/tenant-provisioning.service.ts
index 5da913a..37a8955 100644
--- a/packages/shared/database/src/tenant-provisioning.service.ts
+++ b/packages/shared/database/src/tenant-provisioning.service.ts
@@ -44,9 +44,12 @@ export class TenantProvisioningService {
       }
 
       await queryRunner.commitTransaction();
+      // Reset search_path to prevent connection pool contamination
+      await queryRunner.query('RESET search_path');
       this.logger.log(`Tenant schema ${schemaName} provisioned successfully.`);
     } catch (err) {
       await queryRunner.rollbackTransaction();
+      await queryRunner.query('RESET search_path').catch(() => {});
       this.logger.error(`Failed to provision tenant ${tenantId}:`, err);
       throw err;
     } finally {