TML-2458: drop vestigial MigrationMetadata.authorship and .signature

[wmadden]

closes TML-2458

At a glance

MigrationMetadata now has a tighter, fully-wired shape — the two unused optional fields are gone:

export interface MigrationMetadata {
  readonly migrationHash: string;
  readonly from: string | null;
  readonly to: string;
  readonly fromContract: Contract | null;
  readonly toContract: Contract;
  readonly hints: MigrationHints;
  readonly labels: readonly string[];
  readonly providedInvariants: readonly string[];
  readonly createdAt: string;
}

Before this PR, the same interface also declared authorship?: { author?; email? } and signature?: { keyId; value } | null. Neither field had any production producer (no CLI command, planner, or runtime path populated them) and the on-disk arktype schema rejects unknown fields, so they only encoded a feature that did not exist.

Decision

Remove MigrationMetadata.authorship and MigrationMetadata.signature and all their plumbing — they predate the contract-spaces work and were never wired. The migration's content-addressed identity already gives us the integrity guarantee that "signature" was speculatively going to provide; "authorship" had no roadmap. If we want signing or attribution later, we'll redesign the schema slot in the context of the contract-spaces / PPg work rather than reuse this one.

The SQL marker / db sign flow (the prisma_contract.marker row) is a separate, fully-wired concept and is untouched.

How it fits together

1. Drop the field declarations on MigrationMetadata in packages/1-framework/1-core/framework-components/src/control/control-migration-types.ts. The interface is the source of truth that everything else hangs off.
2. Drop the matching arktype entries from MigrationMetadataSchema in packages/1-framework/3-tooling/migration/src/io.ts. Schema keeps '+': 'reject', so any committed migration.json that happens to carry these fields now fails to load with MIGRATION.INVALID_MANIFEST — the desired forcing function (zero such files exist in this repo's examples/, projects/, or fixtures, so this is a no-op for everyone today).
3. Drop the signature strip-out in computeMigrationHash (ADR 199 — Storage-only migration identity). The strip is now redundant: the field doesn't exist, so there's nothing to strip. Hash output for any existing migration is unchanged because signature was never written in the first place.
4. Drop the authorship carry-forward in buildAttestedMetadata in packages/1-framework/3-tooling/migration/src/migration-base.ts. The only ifDefined use in the file went with it, so the import gets cleaned up too.
5. Bring the docs in line. The migration-tools README, docs/architecture docs/subsystems/7. Migration System.md, and ADRs 028 / 199 all described these fields by name (Subsystem 7 even had a dedicated Signatures section and a future prisma-next migration sign command); those references are gone, including the lifecycle "optional signature present" bullet and the policy-knob "optionally require a valid signature" line.

Behavior changes & evidence

• MigrationMetadata loses authorship? and signature?. Type definition: packages/1-framework/1-core/framework-components/src/control/control-migration-types.ts. Schema: packages/1-framework/3-tooling/migration/src/io.ts. Evidence: the now-removed accepts metadata with optional authorship field test (deletion in packages/1-framework/3-tooling/migration/test/io.test.ts); the existing '+': 'reject' paths in the same suite still cover unknown-field rejection.
• computeMigrationHash no longer strips signature from metadata. Implementation: packages/1-framework/3-tooling/migration/src/hash.ts. Evidence: the now-removed ignores signature on metadata case and the framed-tuple test's destructure update in packages/1-framework/3-tooling/migration/test/hash.test.ts — the surviving framed-tuple test still pins the canonical hashing pipeline byte-for-byte against an inline reference computation, so any drift in the hash framing would fail there.
• buildAttestedMetadata no longer carries authorship forward across re-emits. Implementation: packages/1-framework/3-tooling/migration/src/migration-base.ts. Evidence: every existing migration-base test continues to pass against the trimmed metadata shape (no test was deleted for this one — it was always exercising the carry-forward only as a side effect of fixtures that happened to set it).

Compatibility / migration / risk

• On-disk format: the schema now hard-rejects migration.json files that contain authorship or signature. Per the AGENTS.md "no backward-compat shims" rule, this is the desired posture; a repo-wide scan confirmed zero such files exist today (examples/, projects/, demo apps, integration fixtures all clean).
• Hash stability: unchanged. The fields were never written to disk, and computeMigrationHash already excluded them from the digest, so existing migrationHash values verify identically.
• Public type surface: removing fields from the exported MigrationMetadata interface is technically a breaking change to the type's shape. Practically it's a no-op — the fields were optional, never produced, and downstream consumers (CLI, planners, examples) compile clean (pnpm typecheck green across all 134 task targets).
• Test posture: pnpm test:packages is green (596 files / 8229 tests). Nothing else in the suite referenced these fields.

Follow-ups

None. This was a self-contained cleanup discovered during PR #434 review.

Alternatives considered

• Keep signature with a "not yet wired" comment. Considered because Subsystem 7 + ADR 028 had described it as the slot for PPg provenance. Rejected because there is no concrete PPg signing roadmap that would land in this slot, and migration content-addressing already gives us the integrity property a signature was intended to provide; if we ever wire signing, we will redesign the slot in the context of contract spaces / PPg, not reuse this one.
• Tolerate-and-drop schema shim ('authorship?': 'unknown', 'signature?': 'unknown') instead of hard-rejecting on read. Rejected because zero on-disk producers means no real risk, and a tolerance shim would silently swallow malformed manifests rather than surfacing them — the opposite of what '+': 'reject' is for.
• Keep ADR 028 untouched as a historical record while only updating ADR 199 + Subsystem 7. Rejected at the user's direction: ADR 028's field-list and example manifest were the most prominent place a reader would see the now-gone fields described as live, and adr-examples-must-match-code argues for keeping examples honest.

Summary by CodeRabbit

• Breaking Changes

  • Removed signature and authorship fields from migration manifests; manifests containing them are now rejected.
  • Migration signing command removed; verification and attestation rely on content/hash-based checks.
  • Migration identity/hash canonicalization changed, which may alter migration IDs when signature-related data differs.

• Chores

  • Preflight/CI guidance tightened to require hash-based verification.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR removes optional signature and authorship fields from migration metadata, updates documentation and types, includes signature in migration hash canonicalization, tightens manifest validation and attested-metadata construction, and updates tests accordingly.

Changes

Migration Signature and Authorship Field Removal

Layer / File(s)	Summary
Architecture Decision Records and System Documentation docs/architecture docs/adrs/ADR 028 - Migration Structure & Operations.md, docs/architecture docs/adrs/ADR 199 - Storage-only migration identity.md, docs/architecture docs/subsystems/7. Migration System.md	ADRs and subsystem docs are edited to remove references to optional signatures/authorship, delete the “Signatures” subsection, revise attestation/identity wording, adjust lifecycle/command synopses, and tighten CI policy wording.
Type Definition: MigrationMetadata Interface packages/1-framework/1-core/framework-components/src/control/control-migration-types.ts	MigrationMetadata interface removes authorship and signature optional fields; metadata now flows from providedInvariants directly to createdAt.
Migration Hash Computation and README packages/1-framework/3-tooling/migration/src/hash.ts, packages/1-framework/3-tooling/migration/README.md	computeMigrationHash no longer strips metadata.signature before canonicalization and hashing; README hash-framing text updated to match (only contracts/hints and ops excluded).
Migration Manifest Validation and Construction packages/1-framework/3-tooling/migration/src/io.ts, packages/1-framework/3-tooling/migration/src/migration-base.ts	MigrationMetadataSchema no longer accepts authorship/signature in migration.json; buildAttestedMetadata stops conditionally preserving existing?.authorship.
Test Updates for Hash and I/O Behavior packages/1-framework/3-tooling/migration/test/hash.test.ts, packages/1-framework/3-tooling/migration/test/io.test.ts	Tests removing assertions that signature was ignored by hashing, update framed-tuple hashing expectations to include signature, and replace authorship-acceptance test with a migrationHash: null manifest rejection test.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

A rabbit hops through migration code with glee,
Signatures and authors—stripped away, now free!
Hash and schema shift to match the brand new way,
No authorship to carry—just content today! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title precisely describes the main change: removal of vestigial authorship and signature fields from MigrationMetadata across the codebase.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch tml-2458-remove-vestigial-migrationmetadataauthorship-and-signature

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@prisma-next/mongo-runtime

npm i https://pkg.pr.new/@prisma-next/mongo-runtime@500

@prisma-next/family-mongo

npm i https://pkg.pr.new/@prisma-next/family-mongo@500

@prisma-next/sql-runtime

npm i https://pkg.pr.new/@prisma-next/sql-runtime@500

@prisma-next/family-sql

npm i https://pkg.pr.new/@prisma-next/family-sql@500

@prisma-next/extension-arktype-json

npm i https://pkg.pr.new/@prisma-next/extension-arktype-json@500

@prisma-next/extension-cipherstash

npm i https://pkg.pr.new/@prisma-next/extension-cipherstash@500

@prisma-next/middleware-telemetry

npm i https://pkg.pr.new/@prisma-next/middleware-telemetry@500

@prisma-next/mongo

npm i https://pkg.pr.new/@prisma-next/mongo@500

@prisma-next/extension-paradedb

npm i https://pkg.pr.new/@prisma-next/extension-paradedb@500

@prisma-next/extension-pgvector

npm i https://pkg.pr.new/@prisma-next/extension-pgvector@500

@prisma-next/extension-postgis

npm i https://pkg.pr.new/@prisma-next/extension-postgis@500

@prisma-next/postgres

npm i https://pkg.pr.new/@prisma-next/postgres@500

@prisma-next/sql-orm-client

npm i https://pkg.pr.new/@prisma-next/sql-orm-client@500

@prisma-next/sqlite

npm i https://pkg.pr.new/@prisma-next/sqlite@500

@prisma-next/target-mongo

npm i https://pkg.pr.new/@prisma-next/target-mongo@500

@prisma-next/adapter-mongo

npm i https://pkg.pr.new/@prisma-next/adapter-mongo@500

@prisma-next/driver-mongo

npm i https://pkg.pr.new/@prisma-next/driver-mongo@500

@prisma-next/contract

npm i https://pkg.pr.new/@prisma-next/contract@500

@prisma-next/utils

npm i https://pkg.pr.new/@prisma-next/utils@500

@prisma-next/config

npm i https://pkg.pr.new/@prisma-next/config@500

@prisma-next/errors

npm i https://pkg.pr.new/@prisma-next/errors@500

@prisma-next/framework-components

npm i https://pkg.pr.new/@prisma-next/framework-components@500

@prisma-next/operations

npm i https://pkg.pr.new/@prisma-next/operations@500

@prisma-next/ts-render

npm i https://pkg.pr.new/@prisma-next/ts-render@500

@prisma-next/contract-authoring

npm i https://pkg.pr.new/@prisma-next/contract-authoring@500

@prisma-next/ids

npm i https://pkg.pr.new/@prisma-next/ids@500

@prisma-next/psl-parser

npm i https://pkg.pr.new/@prisma-next/psl-parser@500

@prisma-next/psl-printer

npm i https://pkg.pr.new/@prisma-next/psl-printer@500

@prisma-next/cli

npm i https://pkg.pr.new/@prisma-next/cli@500

@prisma-next/emitter

npm i https://pkg.pr.new/@prisma-next/emitter@500

@prisma-next/migration-tools

npm i https://pkg.pr.new/@prisma-next/migration-tools@500

prisma-next

npm i https://pkg.pr.new/prisma-next@500

@prisma-next/vite-plugin-contract-emit

npm i https://pkg.pr.new/@prisma-next/vite-plugin-contract-emit@500

@prisma-next/mongo-codec

npm i https://pkg.pr.new/@prisma-next/mongo-codec@500

@prisma-next/mongo-contract

npm i https://pkg.pr.new/@prisma-next/mongo-contract@500

@prisma-next/mongo-value

npm i https://pkg.pr.new/@prisma-next/mongo-value@500

@prisma-next/mongo-contract-psl

npm i https://pkg.pr.new/@prisma-next/mongo-contract-psl@500

@prisma-next/mongo-contract-ts

npm i https://pkg.pr.new/@prisma-next/mongo-contract-ts@500

@prisma-next/mongo-emitter

npm i https://pkg.pr.new/@prisma-next/mongo-emitter@500

@prisma-next/mongo-schema-ir

npm i https://pkg.pr.new/@prisma-next/mongo-schema-ir@500

@prisma-next/mongo-query-ast

npm i https://pkg.pr.new/@prisma-next/mongo-query-ast@500

@prisma-next/mongo-orm

npm i https://pkg.pr.new/@prisma-next/mongo-orm@500

@prisma-next/mongo-query-builder

npm i https://pkg.pr.new/@prisma-next/mongo-query-builder@500

@prisma-next/mongo-lowering

npm i https://pkg.pr.new/@prisma-next/mongo-lowering@500

@prisma-next/mongo-wire

npm i https://pkg.pr.new/@prisma-next/mongo-wire@500

@prisma-next/sql-contract

npm i https://pkg.pr.new/@prisma-next/sql-contract@500

@prisma-next/sql-errors

npm i https://pkg.pr.new/@prisma-next/sql-errors@500

@prisma-next/sql-operations

npm i https://pkg.pr.new/@prisma-next/sql-operations@500

@prisma-next/sql-schema-ir

npm i https://pkg.pr.new/@prisma-next/sql-schema-ir@500

@prisma-next/sql-contract-psl

npm i https://pkg.pr.new/@prisma-next/sql-contract-psl@500

@prisma-next/sql-contract-ts

npm i https://pkg.pr.new/@prisma-next/sql-contract-ts@500

@prisma-next/sql-contract-emitter

npm i https://pkg.pr.new/@prisma-next/sql-contract-emitter@500

@prisma-next/sql-lane-query-builder

npm i https://pkg.pr.new/@prisma-next/sql-lane-query-builder@500

@prisma-next/sql-relational-core

npm i https://pkg.pr.new/@prisma-next/sql-relational-core@500

@prisma-next/sql-builder

npm i https://pkg.pr.new/@prisma-next/sql-builder@500

@prisma-next/target-postgres

npm i https://pkg.pr.new/@prisma-next/target-postgres@500

@prisma-next/target-sqlite

npm i https://pkg.pr.new/@prisma-next/target-sqlite@500

@prisma-next/adapter-postgres

npm i https://pkg.pr.new/@prisma-next/adapter-postgres@500

@prisma-next/adapter-sqlite

npm i https://pkg.pr.new/@prisma-next/adapter-sqlite@500

@prisma-next/driver-postgres

npm i https://pkg.pr.new/@prisma-next/driver-postgres@500

@prisma-next/driver-sqlite

npm i https://pkg.pr.new/@prisma-next/driver-sqlite@500

commit: e4d8690

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/1-framework/3-tooling/migration/README.md`:
- Around line 20-22: Replace the phrase "identity-affecting" with a
non-ambiguous term such as "non-identity" (or "excluded from identity") in the
sentence that currently reads "Strip identity-affecting fields (`migrationHash`,
`fromContract`, `toContract`, `hints`)..." so it becomes e.g. "Strip
non-identity fields (`migrationHash`, `fromContract`, `toContract`, `hints`)..."
and update any nearby occurrences in the same section that refer to identity
inclusion/exclusion (look for the exact string "identity-affecting", the field
names `migrationHash`, `fromContract`, `toContract`, `hints`, and the word
"canonicalize") to keep wording consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 79c032fe-ac90-4a7b-9a0e-f9ebb0112059

📥 Commits

Reviewing files that changed from the base of the PR and between 655d794 and 552bbbf.

📒 Files selected for processing (10)

• docs/architecture docs/adrs/ADR 028 - Migration Structure & Operations.md
• docs/architecture docs/adrs/ADR 199 - Storage-only migration identity.md
• docs/architecture docs/subsystems/7. Migration System.md
• packages/1-framework/1-core/framework-components/src/control/control-migration-types.ts
• packages/1-framework/3-tooling/migration/README.md
• packages/1-framework/3-tooling/migration/src/hash.ts
• packages/1-framework/3-tooling/migration/src/io.ts
• packages/1-framework/3-tooling/migration/src/migration-base.ts
• packages/1-framework/3-tooling/migration/test/hash.test.ts
• packages/1-framework/3-tooling/migration/test/io.test.ts

💤 Files with no reviewable changes (5)

• packages/1-framework/1-core/framework-components/src/control/control-migration-types.ts
• packages/1-framework/3-tooling/migration/src/migration-base.ts
• packages/1-framework/3-tooling/migration/test/hash.test.ts
• packages/1-framework/3-tooling/migration/src/io.ts
• packages/1-framework/3-tooling/migration/test/io.test.ts