l1-workspace.spec.ts covers:
- L1 user lands on /l1, intakes a problem, takes notes (autosave), resolves
- L1 cannot access /pilot, /trees/new, /escalations (route guards)
- Engineer with can_cover_l1 sees the L1 Workspace nav + coverage banner
- escalate-without-walk path via direct API call returns escalated session
Seed script adds l1@resolutionflow.example.com (l1_tech) and
engineer-coverage@resolutionflow.example.com (engineer + can_cover_l1).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Discovered during Phase 9 QA: seed_test_users.py was missing the
cancel_at_period_end column in its subscriptions INSERT, but the
column is NOT NULL (added in 016_add_subscription_tables.py).
Result: seed crashed with NotNullViolationError before any users
were created, blocking auth in fresh dev environments.
Pre-existing on main; not introduced by the FlowPilot migration
branch. Default value: false.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
RLS is now enabled on the users table. The seed script was using the
app-role connection (DATABASE_URL) which has no tenant context at seed
time — all SELECTs return 0 rows and INSERTs are blocked by FORCE RLS.
Falls back to DATABASE_URL if ADMIN_DATABASE_URL is not set (local dev
without roles configured).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add seed_test_users.py for creating 4 dev accounts (super admin, pro
solo, team admin, team engineer) via direct SQL. Fix seed scripts to
create flows as drafts to bypass publish validation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
