Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Version: 1.0.0
Last Updated: 2026-01-15
Status: Active
Overview
Test plan for verifying Supabase branching and Vercel integration before completing migration from Lovable Cloud to Supabase Cloud.
Purpose
- Verify data isolation between staging and production branches
- Confirm migration flow (schema changes merge, data does not)
- Validate Vercel environment variable configuration
- Ensure seed data safety mechanisms work correctly
Scope
| In Scope | Out of Scope |
|---|
| Supabase branching configuration | Application functionality testing |
| Data isolation verification | Performance testing |
| Vercel environment variables | Security penetration testing |
| Seed file safety checks | Load testing |
| Migration merge flow | End-to-end feature testing |
Architecture Overview
┌─────────────────────────────────────────────────────────────────┐
│ Git Repository │
├─────────────────┬──────────────────┬────────────────────────────┤
│ main branch │ staging branch │ feature branches │
└────────┬────────┴────────┬─────────┴──────────┬─────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────────────────────────────────────────────────────┐
│ Vercel Deployments │
├─────────────────┬──────────────────┬────────────────────────────┤
│ Production │ Staging │ Preview │
│ encoreos...app│ encoreos...dev │ auto-generated URL │
└────────┬────────┴────────┬─────────┴──────────┬─────────────────┘
│ │ │
│ prod anon key │ staging anon key │ staging anon key
▼ ▼ ▼
┌─────────────────────────────────────────────────────────────────┐
│ Supabase Project: zkgxozahyczcnzpwhbbf │
├─────────────────┬───────────────────────────────────────────────┤
│ Production DB │ Staging Branch DB │
│ (main project) │ (isolated data, shared schema when merged) │
└─────────────────┴───────────────────────────────────────────────┘
Key Points
- Same Project URL: All environments use
https://zkgxozahyczcnzpwhbbf.supabase.co (expected for branching)
- Different Anon Keys: Each branch has unique API keys (critical for isolation)
- Data Isolation: Staging data never transfers to production
- Schema Sync: Migrations merge from staging to production on PR merge
Prerequisites Checklist
Before running tests, verify these items in the respective dashboards:
Supabase Dashboard Verification
Vercel Dashboard Verification
GitHub Verification
Test Cases
T001: Data Isolation - Seed Data in Staging Only
Objective: Verify seed data applied to staging does not appear in production.
Preconditions:
- Staging branch is active
- Seed files exist in
supabase/seeds/
Test Steps:
-
Apply seed data to staging:
npx supabase db seed --linked
-
Verify seed data exists in staging:
-- Run against STAGING
SELECT COUNT(*) FROM pf_organizations WHERE id::text LIKE '00000000-%';
-- Expected: > 0 (seed organizations exist)
-
Verify seed data does NOT exist in production:
-- Run against PRODUCTION
SELECT COUNT(*) FROM pf_organizations WHERE id::text LIKE '00000000-%';
-- Expected: 0 (no seed organizations)
Expected Result: Staging has seed data, production has zero seed records.
Pass/Fail Criteria:
- PASS: Production seed count = 0, Staging seed count > 0
- FAIL: Any seed data appears in production
T002: Migration Flow - Schema Changes Merge
Objective: Verify schema changes from staging are applied to production on merge.
Preconditions:
- Feature branch with new migration exists
- Staging branch is synced with feature branch
Test Steps:
-
Create a test migration in staging:
-- Create test table (will be removed after test)
CREATE TABLE IF NOT EXISTS public.test_migration_verify (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
test_data TEXT,
created_at TIMESTAMPTZ DEFAULT NOW()
);
-
Commit migration to staging Git branch
-
Verify table exists in staging:
SELECT EXISTS (
SELECT FROM pg_tables WHERE tablename = 'test_migration_verify'
);
-- Expected: true
-
Create PR from staging to main and merge
-
Verify table now exists in production:
SELECT EXISTS (
SELECT FROM pg_tables WHERE tablename = 'test_migration_verify'
);
-- Expected: true
-
Clean up: Create migration to drop test table
Expected Result: Schema changes propagate from staging to production on merge.
Pass/Fail Criteria:
- PASS: Table appears in production after merge
- FAIL: Table does not appear, or appears before merge
T003: Migration Flow - Data Does Not Merge
Objective: Verify data inserted in staging does NOT transfer to production.
Preconditions:
- T002 has passed (test table exists in both environments)
Test Steps:
-
Insert test data in staging:
-- Run against STAGING
INSERT INTO test_migration_verify (test_data) VALUES ('staging_test_data');
-
Verify data exists in staging:
-- Run against STAGING
SELECT COUNT(*) FROM test_migration_verify WHERE test_data = 'staging_test_data';
-- Expected: 1
-
Verify data does NOT exist in production:
-- Run against PRODUCTION
SELECT COUNT(*) FROM test_migration_verify WHERE test_data = 'staging_test_data';
-- Expected: 0
Expected Result: Data remains isolated in staging branch.
Pass/Fail Criteria:
- PASS: Production has 0 test records, staging has 1
- FAIL: Any test data appears in production
T004: Vercel Integration - Correct API Keys Per Environment
Objective: Verify Vercel deployments connect to correct Supabase environment.
Preconditions:
- Production deployment is live
- Staging deployment is live (or preview deployment exists)
Test Steps:
-
Access production deployment:
- URL:
https://northsightrecovery.app or production Vercel URL
- Open browser DevTools → Network tab
- Observe API requests to Supabase
-
Verify production anon key in requests:
- Check
Authorization: Bearer <token> header
- Token should match production anon key
-
Access staging deployment:
- URL:
https://northsightrecovery.dev or staging Vercel URL
- Open browser DevTools → Network tab
-
Verify staging anon key in requests:
- Token should be DIFFERENT from production
Expected Result: Different anon keys used per environment.
Pass/Fail Criteria:
- PASS: Anon keys are different between environments
- FAIL: Same anon key used in both environments
T005: Seed Safety - Production Detection Works
Objective: Verify seed files have safety checks that prevent accidental production seeding.
Preconditions:
- Seed files exist with safety checks
- Access to test against production (carefully!)
Test Steps:
-
Review seed file safety check:
-- Expected pattern in seed files
DO $$
BEGIN
IF EXISTS (
SELECT 1 FROM pf_organizations
WHERE id NOT LIKE '00000000-%'
LIMIT 1
) THEN
RAISE WARNING 'Real data detected. Ensure you are connected to staging.';
END IF;
END $$;
-
Verify safety check is present in all seed files:
grep -l "Real data detected" supabase/seeds/**/*.sql
-
If production has real data, attempt to run seed (will warn/fail)
Expected Result: Seed files detect non-seed data and warn/fail.
Pass/Fail Criteria:
- PASS: Safety check present and functional
- FAIL: No safety check or check bypassed
T006: RLS Verification - Tenant Isolation Active
Objective: Verify Row Level Security policies are active for tenant isolation.
Preconditions:
- Database schema is deployed
Test Steps:
-
Count tables with RLS enabled:
SELECT COUNT(*) FROM pg_tables
WHERE schemaname = 'public' AND rowsecurity = true;
-- Expected: > 400 (most tables have RLS)
-
Verify critical tables have RLS:
SELECT tablename, rowsecurity FROM pg_tables
WHERE schemaname = 'public'
AND tablename IN ('pf_organizations', 'hr_employees', 'fa_accounts')
ORDER BY tablename;
-- Expected: All show rowsecurity = true
Expected Result: RLS enabled on all business tables.
Pass/Fail Criteria:
- PASS: All critical tables have RLS enabled
- FAIL: Any critical table missing RLS
Current Database State (Verified via MCP)
Date Verified: 2026-01-15
Staging Branch Status
| Check | Result | Status |
|---|
| Recent Migrations | 10 migrations visible (including RLS fixes) | ✅ |
| Seed Data Present | 0 organizations with seed IDs | ✅ Clean |
| Real Data Present | 0 organizations with real IDs | ✅ Clean |
| RLS Enabled Tables | 452 tables | ✅ |
| pf_organizations rows | 0 | ✅ Ready for seeding |
| hr_employees rows | 0 | ✅ Ready for seeding |
Key Tables Available
pf_organizations - Platform organizationshr_employees - HR employeeshr_* - 50+ HR module tablesrh_* - Recovery Housing tables (rh_alumni, rh_beds, etc.)fa_* - Finance module tablesfw_* - Forms/Workflow tables
Rollback Procedures
If Seed Data Accidentally Applied to Production
- Immediate Action: Do NOT merge any branches
- Identify seed records:
SELECT * FROM pf_organizations WHERE id::text LIKE '00000000-%';
- Delete seed records (if safe):
DELETE FROM pf_organizations WHERE id::text LIKE '00000000-%';
- Verify cleanup:
SELECT COUNT(*) FROM pf_organizations WHERE id::text LIKE '00000000-%';
-- Should return 0
If Migration Causes Issues
- Do NOT panic - Supabase branches are isolated
- For staging: Reset the branch
supabase branches reset <branch-id>
- For production: Create rollback migration
supabase migration new rollback_issue
# Write reverse DDL statements
If Vercel Environment Variables Wrong
- Go to Vercel Dashboard → Project → Settings → Environment Variables
- Update incorrect variable
- Trigger redeploy:
vercel --prod # for production
vercel # for preview
Sign-Off Checklist
Before proceeding with production migration, all items must be checked:
Pre-Migration Sign-Off
Final Approvals
| Role | Name | Date | Signature |
|---|
| Tech Lead | | | |
| DevOps | | | |
| QA Lead | | | |
Appendix: SQL Verification Queries
All queries used in this test plan are available in:
scripts/verify-data-isolation.sql
Quick Reference Queries
-- Check staging is clean (no seed data)
SELECT COUNT(*) FROM pf_organizations WHERE id::text LIKE '00000000-%';
-- Count RLS-enabled tables
SELECT COUNT(*) FROM pg_tables WHERE schemaname = 'public' AND rowsecurity = true;
-- View recent migrations
SELECT version, name FROM supabase_migrations.schema_migrations ORDER BY version DESC LIMIT 10;
-- Check table exists
SELECT EXISTS (SELECT FROM pg_tables WHERE tablename = 'your_table_name');
