Update realm-export.json with fixed UUID endianness, correct passwords,
mappers, and SSL configuration. Add ALTER DEFAULT PRIVILEGES for app_admin
in PostgreSQL init.sh to ensure proper role permissions.
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
- Replaced placeholder UUIDs (club-1-uuid, club-2-uuid) with real database UUIDs
- Updated all 5 test users via Keycloak database
- Restarted Keycloak to clear caches and apply changes
Impact:
- JWT tokens now contain real UUIDs in clubs claim
- API endpoints accept X-Tenant-Id with real UUIDs (returns 200 OK)
- Unblocks 46 remaining QA scenarios
Documentation:
- Created update-keycloak-club-uuids.py script for automation
- Added KEYCLOAK_UPDATE_GUIDE.md with step-by-step instructions
- Recorded learnings in notepad
Ref: .sisyphus/evidence/final-f3-manual-qa.md lines 465-512
- Removed invalid init.sql with syntax error (ALTER DEFAULT PRIVILEGES IN DATABASE unsupported)
- Added init.sh with corrected SQL using IN SCHEMA public
- Fixes PostgreSQL initialization for RLS and permissions setup
Ultraworked with Sisyphus <https://github.com/code-yeongyu/oh-my-opencode>
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
- Add docker-compose.yml (v3.9) with postgres:16-alpine and keycloak:26.1 services
- Configure PostgreSQL with separate workclub and keycloak databases
- Setup Keycloak with database backend, admin user, and realm import capability
- Create PostgreSQL init script to provision development databases and users
- Add placeholder realm-export.json for Keycloak realm configuration
- Configure healthchecks and app-network bridge for service discovery
- Document configuration and patterns in learnings.md
