From 4f4bc435da50452e68165c974fe08a8b1d7c1299 Mon Sep 17 00:00:00 2001
From: chihlasm <michael@chihlas.com>
Date: Fri, 10 Apr 2026 06:51:53 +0000
Subject: [PATCH] docs: broaden admin_database docstring to cover non-admin
 BYPASSRLS use cases

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/app/core/admin_database.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/backend/app/core/admin_database.py b/backend/app/core/admin_database.py
index 1e84a132..26a5b7f7 100644
--- a/backend/app/core/admin_database.py
+++ b/backend/app/core/admin_database.py
@@ -2,8 +2,10 @@
 """
 Admin database engine — connects as resolutionflow_admin (BYPASSRLS).
 
-Use ONLY for /admin/* endpoints and internal tooling.
-Never use this engine from user-facing endpoints.
+Use ONLY where explicit application-level access control makes database-layer
+tenant filtering unnecessary: /admin/* endpoints, internal tooling, and public
+endpoints that enforce their own authorization before returning data (e.g.
+share access via opaque token + visibility check).
 """
 from collections.abc import AsyncGenerator