What's new
- Added the BORD-714 RLS and tenant-policy audit under
docs/ops/db-hardening. - The audit classifies all 70 live public tables by tenant-scoping model, policy shape, risk verdict, and follow-up issue.
Security and operations
- Confirms live Supabase has RLS enabled on 70/70 public base tables.
- Corrects the BORD-713 policy-count summary to 109 public RLS policies after a JSON-safe live catalog re-query.
- Identifies high-risk tables that still need negative tenant-access tests before policy correctness can be considered proven.