fix(audit): GDPR/merge — M6 (drop false merge-reversibility claims), M7 (GDPR export adds 4 PII tables), L14 (docstring), L15 (hard-delete breadcrumb note)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-02 13:07:21 +02:00
parent aedbcfd58d
commit ebe5fe6ed8
3 changed files with 81 additions and 14 deletions
--- a/src/lib/services/client-hard-delete.service.ts
+++ b/src/lib/services/client-hard-delete.service.ts
@@ -25,6 +25,15 @@
 *     audit history is preserved without blocking the delete.
 *   - non-cascade non-nullable FKs (interests, reservations, surviving
 *     row in client_merge_log) are deleted explicitly inside the tx.
+ *   - the `clients.merged_into_client_id` self-FK is ON DELETE SET NULL
+ *     (migration 0042). If THIS client was a merge winner, any archived
+ *     loser whose `merged_into_client_id` points here has that pointer
+ *     auto-NULLed by the cascade when this row is deleted. That silently
+ *     severs the loser's redirect breadcrumb (the loser is no longer
+ *     resolvable to a surviving record) but is benign: no FK violation,
+ *     no orphaned/cross-tenant data, and the loser stays archived. We do
+ *     NOT proactively re-home those pointers — the winner is gone, so
+ *     there is nothing valid left to redirect to.
 */

 import { timingSafeEqual } from 'node:crypto';