🔥 Firebase data foundation — activation status

Where the per-owner data-model activation stands · as of 2026-06-04

Built + tested · live run is Sam's
The foundation is built and isolation-tested 21/21 (per-owner rules + admin override). CC cannot run the live activation (sandbox has no interactive firebase login + no service-account key) — Sam runs it from his own terminal via the copy-paste kit, pasting each GATE result back to the planning chat.

Where it stands now

✅ Rules written + isolation test 21/21 (re-confirmed on emulator 2026-06-04).
✅ Kit finalized in the website repo: keyless backup + shape-adaptive migration (dry-run) + turnkey run doc.
✅ Sam is past firebase login + firebase use same-solutions-app (on the Blaze plan).
⏳ Live steps remain (below) — each gated.

Remaining steps (each gated — paste result before the next)

Authenticate + select project DONE — login + firebase use same-solutions-app.
Deploy security rules — firebase deploy --only firestore:rules.
Isolation test vs deployed rules — npm run test:rules → must be 21/21.
Verify admin read — sign into /manage as samuel.m.foran@gmail.com; data loads.
Disable public signup — Firebase Console → Auth → Sign-in method → Email/Password → off.
Backup (Blaze): firebase firestore:export gs://same-solutions-app.firebasestorage.app/backups/... → verify.
Migrate — DRY RUN — node scripts/migrate-blob.js (writes nothing); paste output back.
Migrate — commit — node scripts/migrate-blob.js --commit (only after backup verified); compare counts, no loss.
Flip features one at a time — shirt poll voting → party-items/RSVP → Aimee's hub login → true admin-only financials gate.

Safety: the verified-email admin path (samuel.m.foran@gmail.com) is the no-lockout safety net — the custom-claim step is optional. Backup before migrate is mandatory; the migration only ADDS per-owner docs and never deletes the blob in-run.

The kit (website repo: SUGARDUNK3RTON/samesolutionsllc-website)

📄 ACTIVATION-LOCAL-RUN.md — the copy-paste run (exact commands + gates).

📄 ACTIVATION-RUNBOOK.md — the ordered checklist.

Helpers: scripts/set-admin-claim.js (optional claim), scripts/backup-blob.js (keyless), scripts/migrate-blob.js (keyless, dry-run). Rules: firestore.rules. Design + migration plan: docs/firestore-data-model.md §5.

This single activation unlocks real member hubs, shirt-poll voting, party-items/RSVP, and true admin-only financials. Updated 2026-06-04.