Production Green Baseline - 2026-01-18
Tag:prod-green-2026-01-18HEAD SHA:
7cd7f2848f6077e3abcf4ca7a5c4f451a94d2144Date: 2026-01-18
1. What’s Green (Verified)
Dashboard Functionality
- ✅ Dashboards load (CEO/Business Insights/etc.)
- ✅ Agent Mapping works
- ✅ Export Agent IDs CSV downloads successfully
- ✅ Hierarchy builder search/select works
- ✅ Hierarchy exports (enriched CSV) work
API & CORS
- ✅ CORS preflight succeeds (OPTIONS no longer 404)
- ✅ Explicit OPTIONS handlers deployed for hierarchy endpoints
- ✅ Logout only on 401 (no logout loops on 403/404)
- ✅ BigQuery resolver SQL fixed (triple-quote syntax error resolved)
Backend Deployments
- ✅
payroll-backend-prodrevision00164-khbdeployed with OPTIONS handlers - ✅
payroll-backend-prodrevision00161-g9ndeployed with SQL fix - ✅ All hierarchy endpoints respond correctly
2. Canonical 3-Service Split (DO NOT CHANGE)
Metrics + Dashboards
- Service:
payroll-pipeline-cbs - URL:
https://payroll-pipeline-cbs-238826317621.us-central1.run.app - Env Var:
NEXT_PUBLIC_API_URL - Endpoints:
/api/v1/ceo-metrics,/api/v1/commissions,/api/v1/top-agents,/api/v1/top-businesses,/api/v1/growth-loss*
Admin Config Plane (Rate Plans + Admin Config)
- Service:
payroll-pipeline-cbs(Config Plane) - URL:
https://payroll-pipeline-cbs-evndxpcirq-uc.a.run.app - Env Var:
NEXT_PUBLIC_PIPELINE_API_URL - Endpoints:
/api/v1/admin/rate-plans/*,/api/v1/admin/*(other admin config)
System of Record (Hierarchy + Resolver + Exports)
- Service:
payroll-backend-prod - URL:
https://payroll-backend-prod-238826317621.us-central1.run.app - Env Var:
NEXT_PUBLIC_HIERARCHY_API_URL - Endpoints:
/api/v1/admin/hierarchy/*,/api/v1/admin/agents/resolver
3. DO NOT CHANGE Guardrails
Routing & Environment Variables
- ❌ DO NOT point
NEXT_PUBLIC_API_URLtopayroll-backend-prod - ❌ DO NOT remove selective routing or query-string stripping in
getBaseUrlForPath() - ❌ DO NOT remove explicit OPTIONS handlers for hierarchy endpoints
- ❌ DO NOT unify services without an explicit phase plan + full verification
Security & RBAC
- ❌ DO NOT weaken RBAC/auth
- ❌ DO NOT remove
X-Org-Idheader requirements for hierarchy endpoints - ❌ DO NOT change Super Admin allowlist behavior
Code Quality
- ❌ DO NOT remove deterministic hashing (
op_hash,batch_hash,record_hash) - ❌ DO NOT remove SCD2 overlap predicates
- ❌ DO NOT remove cycle detection
4. Deployed Backend Pointers
payroll-backend-prod (System of Record)
-
Current Active Revision:
payroll-backend-prod-00164-khb - Deployment Date: 2026-01-18
-
Commit:
7cd7f2848f6077e3abcf4ca7a5c4f451a94d2144 - Changes: Explicit OPTIONS handlers for all hierarchy endpoints
-
Previous Revision:
payroll-backend-prod-00161-g9n - Deployment Date: 2026-01-18
- Changes: BigQuery resolver SQL fix (triple-quote syntax error)
payroll-pipeline-cbs (Metrics + Config Plane)
- Service URL:
https://payroll-pipeline-cbs-238826317621.us-central1.run.app - Config Plane URL:
https://payroll-pipeline-cbs-evndxpcirq-uc.a.run.app - Status: Active and serving metrics + admin config
5. Smoke Test Checklist
Test 1: Metrics Endpoint
- Expected Host:
payroll-pipeline-cbs-238826317621.us-central1.run.app - Expected Status:
200 OK - Routing: Uses
NEXT_PUBLIC_API_URL
Test 2: Admin Config Endpoint
- Expected Host:
payroll-pipeline-cbs-evndxpcirq-uc.a.run.app(orpayroll-pipeline-cbs-238826317621.us-central1.run.app) - Expected Status:
200 OK - Routing: Uses
NEXT_PUBLIC_PIPELINE_API_URL
Test 3: Hierarchy Resolver Endpoint
- Expected Host:
payroll-backend-prod-238826317621.us-central1.run.app - Expected Status:
200 OK(both GET and OPTIONS) - Routing: Uses
NEXT_PUBLIC_HIERARCHY_API_URL - CORS: OPTIONS must return 200 with CORS headers (not 404)
6. Recent Fixes Applied
CORS OPTIONS Preflight Fix
- Issue: OPTIONS requests returning 404 on hierarchy endpoints
- Fix: Added explicit OPTIONS handlers for all hierarchy endpoints
- Commit:
7cd7f2848f6077e3abcf4ca7a5c4f451a94d2144 - Deployed:
payroll-backend-prod-00164-khb
BigQuery SQL Syntax Fix
- Issue: Triple-quote syntax error in resolver query
- Fix: Corrected SQL string escaping in
get_agent_resolver_export() - Deployed:
payroll-backend-prod-00161-g9n
Frontend Query String Routing Fix
- Issue: Query strings not stripped before path matching
- Fix: Added
path.split('?')[0]ingetBaseUrlForPath() - Commit:
ddf0ced
Frontend Selective Routing
- Issue: Hierarchy endpoints hitting wrong service
- Fix: Added
NEXT_PUBLIC_HIERARCHY_API_URLwith selective routing - Commit:
9753681
7. Known Working State
Frontend (Vercel)
- URL:
https://payroll-pipeline-cbs.vercel.app - Environment Variables:
NEXT_PUBLIC_API_URL=https://payroll-pipeline-cbs-238826317621.us-central1.run.appNEXT_PUBLIC_PIPELINE_API_URL=https://payroll-pipeline-cbs-evndxpcirq-uc.a.run.appNEXT_PUBLIC_HIERARCHY_API_URL=https://payroll-backend-prod-238826317621.us-central1.run.app
Backend Services
- payroll-backend-prod: System of Record (hierarchy, resolver, exports)
- payroll-pipeline-cbs: Metrics + Config Plane (rate plans, admin config)
8. Verification Commands
Check Current Deployments
Test OPTIONS Preflight
200 OK with CORS headers (not 404)
Notes
- This baseline represents a stable, verified state after CORS fixes and SQL fixes
- All three services are operational and correctly routed
- Frontend is configured with correct environment variables
- Hierarchy endpoints have explicit OPTIONS handlers for CORS preflight
- No known blockers or critical issues