severity: significant clear

Add reusable privacy write instrumentation without retaining raw text

Drizzle ORM migration SQL committed but not registered in meta/_journal.json — silently skipped

Implement default-discard privacy ingest with synchronous LLM scan fallback

Bun/Node one-shot script hangs after main() returns when sharing imports with a long-running service

Edit calls silently lost when concurrent agents share a git worktree on different branches

Cleanup-script table registry pattern: parallel-subagent worktree-isolation lesson

Drizzle migration .sql file exists but `_journal.json` not updated → CI applies nothing, integration tests fail

Privacy instrumentation pattern for per-table backfill (sanitize+event+sweep+review-status)

Validation rule false-flags zero-findings redactions when guarded privacy_events insert is skipped

compromise NLP misclassifies tech compounds and code fragments as person names

Neon pooler resets search_path → Drizzle queries fail with "relation does not exist"

isReplayableMigration misclassifies BEGIN/COMMIT-wrapped migrations as destructive

Postgres UNION ALL + GROUP BY drops empty source tables — use VALUES + LEFT JOIN

RLS audit fails on admin-only services with cross-org reads

Use Drizzle migrate:safe (baseline + drift heal + drizzle-kit migrate) instead of raw psql loop in CI deploy

Bash cutover verification scripts exited early under set -e despite successful checks

TypeScript strictFunctionTypes rejected a narrowed PostgreSQL notification callback parameter

Agent self-verification pattern eliminates human ping-pong debugging

IndexedDB corrupted by external opener skipping onupgradeneeded stores

Node.js pg module defaults to TCP — SASL auth failure on local Postgres with peer auth