backend/alembic/versions/70a5dd746e83_enable_rls_phase2.py

@@ -20,8 +20,6 @@ Create Date: 2026-04-10 06:54:49.431817
 from typing import Sequence, Union
 
 from alembic import op
-import sqlalchemy as sa
-
 
 # revision identifiers, used by Alembic.
 revision: str = '70a5dd746e83'
@@ -41,8 +39,11 @@ _CURRENT_ACCOUNT = (
 _STANDARD_USING = f"account_id = {_CURRENT_ACCOUNT}"
 
 # Visibility-aware policy for step_library — public steps (visibility='public')
-# must be visible to ALL tenants regardless of account_id, mirroring
-# build_step_visibility_filter() in app/core/filters.py.
+# must be visible to ALL tenants regardless of account_id. This covers the
+# visibility='public' arm of build_step_visibility_filter() in app/core/filters.py.
+# The created_by arm (private steps visible to their author) is covered
+# transitively: private steps share account_id with their creator, so the
+# account_id match handles it. This relies on account_id NOT NULL on step_library.
 _STEP_LIBRARY_USING = f"account_id = {_CURRENT_ACCOUNT} OR visibility = 'public'"
 
 # Standard tables: strict tenant isolation, no cross-tenant visibility.