feat(l1): create internal_tickets table with RLS

Tenant-scoped fallback ticket model for accounts without PSA integration. Tracks customer-name, problem-statement, status lifecycle (open/walking/ resolved/escalated), and optional links to flow/proposal/ai_session/ assigned engineer + PSA promotion ID. Account-scoped RLS policy uses app.current_account_id session setting. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 12:30:51 -04:00
parent c576c6609e
commit 394f729595
3 changed files with 198 additions and 0 deletions
--- a/backend/alembic/versions/a1e6a018af02_create_internal_tickets.py
+++ b/backend/alembic/versions/a1e6a018af02_create_internal_tickets.py
@@ -0,0 +1,79 @@
+"""create_internal_tickets
+
+Revision ID: a1e6a018af02
+Revises: ff6fe5895ea2
+Create Date: 2026-05-28 16:29:32.624317
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+
+# revision identifiers, used by Alembic.
+revision: str = 'a1e6a018af02'
+down_revision: Union[str, None] = 'ff6fe5895ea2'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+_NULL_UUID = "00000000-0000-0000-0000-000000000000"
+_CURRENT_ACCOUNT = (
+    f"COALESCE(NULLIF(current_setting('app.current_account_id', TRUE), ''), "
+    f"'{_NULL_UUID}')::uuid"
+)
+
+
+def upgrade() -> None:
+    op.create_table(
+        'internal_tickets',
+        sa.Column('id', postgresql.UUID(as_uuid=True), nullable=False),
+        sa.Column('account_id', postgresql.UUID(as_uuid=True), nullable=False),
+        sa.Column('created_by_user_id', postgresql.UUID(as_uuid=True), nullable=False),
+        sa.Column('customer_name', sa.String(120), nullable=True),
+        sa.Column('customer_contact', sa.String(200), nullable=True),
+        sa.Column('problem_statement', sa.Text(), nullable=False),
+        sa.Column('status', sa.String(30), nullable=False, server_default='open'),
+        sa.Column('flow_id', postgresql.UUID(as_uuid=True), nullable=True),
+        sa.Column('flow_proposal_id', postgresql.UUID(as_uuid=True), nullable=True),
+        sa.Column('ai_session_id', postgresql.UUID(as_uuid=True), nullable=True),
+        sa.Column('assigned_user_id', postgresql.UUID(as_uuid=True), nullable=True),
+        sa.Column('resolution_notes', sa.Text(), nullable=True),
+        sa.Column('psa_promoted_ticket_id', sa.String(64), nullable=True),
+        sa.Column('created_at', sa.DateTime(timezone=True), nullable=False, server_default=sa.text('now()')),
+        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=False, server_default=sa.text('now()')),
+        sa.Column('resolved_at', sa.DateTime(timezone=True), nullable=True),
+        sa.PrimaryKeyConstraint('id'),
+        sa.ForeignKeyConstraint(['account_id'], ['accounts.id'], ondelete='CASCADE'),
+        sa.ForeignKeyConstraint(['created_by_user_id'], ['users.id'], ondelete='RESTRICT'),
+        sa.ForeignKeyConstraint(['flow_id'], ['trees.id'], ondelete='SET NULL'),
+        sa.ForeignKeyConstraint(['flow_proposal_id'], ['flow_proposals.id'], ondelete='SET NULL'),
+        sa.ForeignKeyConstraint(['ai_session_id'], ['ai_sessions.id'], ondelete='SET NULL'),
+        sa.ForeignKeyConstraint(['assigned_user_id'], ['users.id'], ondelete='SET NULL'),
+        sa.CheckConstraint(
+            "status IN ('open', 'walking', 'resolved', 'escalated')",
+            name='ck_internal_tickets_status',
+        ),
+    )
+    op.create_index('ix_internal_tickets_account_id', 'internal_tickets', ['account_id'])
+    op.create_index('ix_internal_tickets_status', 'internal_tickets', ['status'])
+    op.create_index('ix_internal_tickets_assigned_user_id', 'internal_tickets', ['assigned_user_id'])
+
+    op.execute("ALTER TABLE internal_tickets ENABLE ROW LEVEL SECURITY")
+    op.execute("ALTER TABLE internal_tickets FORCE ROW LEVEL SECURITY")
+    op.execute(f"""
+        CREATE POLICY tenant_isolation ON internal_tickets
+            USING (account_id = {_CURRENT_ACCOUNT})
+            WITH CHECK (account_id = {_CURRENT_ACCOUNT})
+    """)
+
+
+def downgrade() -> None:
+    op.execute("DROP POLICY IF EXISTS tenant_isolation ON internal_tickets")
+    op.execute("ALTER TABLE internal_tickets DISABLE ROW LEVEL SECURITY")
+    op.execute("ALTER TABLE internal_tickets NO FORCE ROW LEVEL SECURITY")
+    op.drop_index('ix_internal_tickets_assigned_user_id', 'internal_tickets')
+    op.drop_index('ix_internal_tickets_status', 'internal_tickets')
+    op.drop_index('ix_internal_tickets_account_id', 'internal_tickets')
+    op.drop_table('internal_tickets')
--- a/backend/app/models/init.py
+++ b/backend/app/models/init.py
@@ -66,6 +66,7 @@ from .oauth_identity import OAuthIdentity  # noqa: F401
 from .plan_billing import PlanBilling  # noqa: F401
 from .sales_lead import SalesLead  # noqa: F401
 from .stripe_event import StripeEvent  # noqa: F401
+from .internal_ticket import InternalTicket  # noqa: F401

 __all__ = [
    "User",
@@ -146,4 +147,5 @@ __all__ = [
    "PlanBilling",
    "SalesLead",
    "StripeEvent",
+    "InternalTicket",
 ]
--- a/backend/app/models/internal_ticket.py
+++ b/backend/app/models/internal_ticket.py
@@ -0,0 +1,117 @@
+"""Internal ticket model.
+
+Fallback ticket table for L1 intake when the account has no PSA integration.
+Tracks the customer-facing problem, resolution lifecycle, and optional links
+to a flow, flow proposal, AI session, and assigned engineer.
+"""
+import uuid
+from datetime import datetime, timezone
+from typing import Optional, TYPE_CHECKING
+
+from sqlalchemy import String, Text, DateTime, ForeignKey, CheckConstraint
+from sqlalchemy import text as sa_text
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+from sqlalchemy.dialects.postgresql import UUID
+
+from app.core.database import Base
+
+if TYPE_CHECKING:
+    from app.models.account import Account
+    from app.models.user import User
+    from app.models.tree import Tree
+    from app.models.flow_proposal import FlowProposal
+    from app.models.ai_session import AISession
+
+
+class InternalTicket(Base):
+    """A fallback support ticket for accounts without a PSA integration.
+
+    status lifecycle:
+    - open: Submitted, not yet picked up.
+    - walking: L1 technician is actively walking the flow.
+    - resolved: Issue resolved; resolution_notes captured.
+    - escalated: Could not resolve; requires higher-tier intervention.
+    """
+    __tablename__ = "internal_tickets"
+    __table_args__ = (
+        CheckConstraint(
+            "status IN ('open', 'walking', 'resolved', 'escalated')",
+            name="ck_internal_tickets_status",
+        ),
+    )
+
+    id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True), primary_key=True, default=uuid.uuid4
+    )
+    account_id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("accounts.id", ondelete="CASCADE"),
+        nullable=False,
+        index=True,
+    )
+    created_by_user_id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("users.id", ondelete="RESTRICT"),
+        nullable=False,
+    )
+
+    # ── Customer info ──
+    customer_name: Mapped[Optional[str]] = mapped_column(String(120), nullable=True)
+    customer_contact: Mapped[Optional[str]] = mapped_column(String(200), nullable=True)
+    problem_statement: Mapped[str] = mapped_column(Text(), nullable=False)
+
+    # ── Lifecycle ──
+    status: Mapped[str] = mapped_column(
+        String(30), nullable=False, server_default=sa_text("'open'"), index=True,
+    )
+
+    # ── Optional links ──
+    flow_id: Mapped[Optional[uuid.UUID]] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("trees.id", ondelete="SET NULL"),
+        nullable=True,
+    )
+    flow_proposal_id: Mapped[Optional[uuid.UUID]] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("flow_proposals.id", ondelete="SET NULL"),
+        nullable=True,
+    )
+    ai_session_id: Mapped[Optional[uuid.UUID]] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("ai_sessions.id", ondelete="SET NULL"),
+        nullable=True,
+    )
+    assigned_user_id: Mapped[Optional[uuid.UUID]] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("users.id", ondelete="SET NULL"),
+        nullable=True,
+        index=True,
+    )
+
+    # ── Resolution ──
+    resolution_notes: Mapped[Optional[str]] = mapped_column(Text(), nullable=True)
+    psa_promoted_ticket_id: Mapped[Optional[str]] = mapped_column(
+        String(64), nullable=True,
+        comment="External PSA ticket ID when this ticket is promoted to a PSA system",
+    )
+
+    # ── Timestamps ──
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), default=lambda: datetime.now(timezone.utc)
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        default=lambda: datetime.now(timezone.utc),
+        onupdate=lambda: datetime.now(timezone.utc),
+    )
+    resolved_at: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+    )
+
+    # ── Relationships ──
+    account: Mapped["Account"] = relationship("Account")
+    created_by: Mapped["User"] = relationship("User", foreign_keys=[created_by_user_id])
+    assigned_user: Mapped[Optional["User"]] = relationship("User", foreign_keys=[assigned_user_id])
+    flow: Mapped[Optional["Tree"]] = relationship("Tree")
+    flow_proposal: Mapped[Optional["FlowProposal"]] = relationship("FlowProposal")
+    ai_session: Mapped[Optional["AISession"]] = relationship("AISession")