ENG-1232 Create group table and use it in space access functions

[maparent]

https://linear.app/discourse-graphs/issue/ENG-1232/create-group-table-and-use-it-in-space-access-functions

This is the second stage: Group table used in space access.

https://www.loom.com/share/39fdfa9ca9db45bb880f6846cd630729

Summary by CodeRabbit

• New Features
  • Introduced group membership system enabling users to be organized into groups with admin-based access control.
  • Enhanced access control with group-aware permissions for secure management of resources and user access.
  • Added group membership verification to support role-based access across the platform.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[linear]

ENG-1232 Create group table and use it in space access functions

[supabase]

Updates to Preview Branch (eng-1232-create-group-table-and-use-it-in-space-access-functions) ↗︎

Deployments	Status	Updated
Database	✅	Fri, 02 Jan 2026 02:10:33 UTC
Services	✅	Fri, 02 Jan 2026 02:10:33 UTC
APIs	✅	Fri, 02 Jan 2026 02:10:33 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks	Status	Updated
Configurations	✅	Fri, 02 Jan 2026 02:10:33 UTC
Migrations	✅	Fri, 02 Jan 2026 02:10:34 UTC
Seeding	✅	Fri, 02 Jan 2026 02:10:34 UTC
Edge Functions	✅	Fri, 02 Jan 2026 02:10:35 UTC

---

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

[maparent]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[maparent]

@CodeRabbit I changed the base, review from 1231 only.

[coderabbitai]

📝 Walkthrough

Walkthrough

Introduces a group-based access control system with a new group_membership table, security-aware functions (my_user_accounts, in_group, is_group_admin, group_exists), and Row-Level Security policies enabling group-scoped resource sharing alongside existing user-based access patterns.

Changes

Cohort / File(s)	Summary
Type Definitions packages/database/src/dbTypes.ts	Added TypeScript type definitions for new group_membership table (columns: admin, group_id, member_id) and four new database functions (in_group, is_group_admin, group_exists, my_user_accounts).
Database Migration & Schema packages/database/supabase/migrations/20260101183250_group_access.sql, packages/database/supabase/schemas/account.sql	Created group_membership table with composite primary key (member_id, group_id) and FK constraints to auth.users. Implemented four SECURITY DEFINER functions for group/membership checks. Enabled RLS on group_membership with four policies (SELECT, INSERT, UPDATE, DELETE). Created helper functions for user/space context (my_user_accounts, my_space_ids, in_space, etc.). Added public.my_accounts view. Updated existing access functions to leverage group membership context.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Eng 424 : RLS security #266: Modifies RLS policies and access-related SQL functions (in_space, account_in_shared_space) that are extended by this PR's group membership integration.
• ENG-950 Refactor the concept query function with new security-scoped views to avoid RLS slowdown #482: Updates database schema/types and RLS-aware access logic with my_user_accounts and my_space_ids helpers that overlap with this PR's new security function implementations.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main changes: creating a group table and integrating it into space access functions, which matches the core objectives of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# Get details about PR #661
echo "=== PR #661 Details ==="
gh pr view 661 --json number,title,baseRefName,headRefName,body,commits

echo ""
echo "=== Check for PR #1231 ==="
gh pr view 1231 --json number,title,state 2>&1 || echo "PR #1231 not found"

echo ""
echo "=== Recent commits in PR #661 ==="
gh pr view 661 --json commits --jq '.commits[] | "\(.oid[0:7]) \(.messageHeadline)"' | head -20

Length of output: 996

---

@maparent I understand - you've changed the base branch to eng-1231-migrate-spaceaccess-to-use-user-ids-not-platformaccount-ids, so I'll review only the changes specific to ENG-1232 (the group table creation and its use in space access functions), excluding the changes from ENG-1231.

I'll trigger the review now.

---

🧠 Learnings used

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 165
File: packages/database/supabase/migrations/20250504202930_content_tables.sql:37-45
Timestamp: 2025-05-20T03:11:07.917Z
Learning: When reviewing SQL migrations in this codebase, understand that historical migration files should not be modified once they're applied. Instead, issues should be fixed in subsequent migrations or schema definition files. This is why maparent indicated "migration, not changing. corrected in schema."

---

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 0
File: :0-0
Timestamp: 2025-08-30T17:03:26.927Z
Learning: For maparent: Takes a focused approach to PR scope - acknowledges good suggestions that are out of scope for current PR rather than expanding scope.

---

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 0
File: :0-0
Timestamp: 2025-10-08T18:55:18.029Z
Learning: In the discourse-graph database schema, security views like `my_concepts`, `my_contents`, and `my_documents` were introduced to significantly improve query performance. Direct table access had dismal performance, while the view-based approach provides substantial performance gains.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

packages/database/supabase/migrations/20260101183250_group_access.sql (3)

63-71: Potential issue: my_user_accounts() returns NULL when user is unauthenticated.

auth.uid() returns NULL for unauthenticated requests. The UNION will include this NULL in the result set. Functions that join on my_user_accounts() may behave unexpectedly if NULL is matched.

Consider filtering out NULL:

🔎 Proposed fix to exclude NULL from results

 CREATE OR REPLACE FUNCTION public.my_user_accounts() RETURNS SETOF UUID
 STABLE SECURITY DEFINER
 SET search_path = ''
 LANGUAGE sql
 AS $$
-    SELECT auth.uid() UNION
+    SELECT auth.uid() WHERE auth.uid() IS NOT NULL
+    UNION
     SELECT group_id FROM public.group_membership
     WHERE member_id = auth.uid();
 $$;

---

123-139: Consider adding indexes for performance on common access patterns.

The my_accounts view joins LocalAccess, SpaceAccess, and my_user_accounts(). For large datasets, queries could be slow without indexes on group_membership(member_id) and group_membership(group_id).

🔎 Proposed indexes for group_membership

CREATE INDEX IF NOT EXISTS group_membership_member_id_idx ON public.group_membership (member_id);
CREATE INDEX IF NOT EXISTS group_membership_group_id_idx ON public.group_membership (group_id);

---

145-145: Remove or document the commented-out ALTER TYPE.

The commented-out ALTER TYPE public."ContentVariant" ADD VALUE 'full' appears unrelated to group access. Either remove it or add a comment explaining why it's preserved here.

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f2d41ef and 07de7b5.

📒 Files selected for processing (3)

• packages/database/src/dbTypes.ts
• packages/database/supabase/migrations/20260101183250_group_access.sql
• packages/database/supabase/schemas/account.sql

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/main.mdc)

**/*.{ts,tsx}: Use Tailwind CSS for styling where possible
When refactoring inline styles, use tailwind classes
Prefer type over interface in TypeScript
Use explicit return types for functions
Avoid any types when possible
Prefer arrow functions over regular function declarations
Use named parameters (object destructuring) when a function has more than 2 parameters
Use PascalCase for components and types
Use camelCase for variables and functions
Use UPPERCASE for constants
Function names should describe their purpose clearly
Prefer early returns over nested conditionals for better readability

Files:

• packages/database/src/dbTypes.ts

🧠 Learnings (9)

📚 Learning: 2025-07-13T16:47:14.352Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 0
File: :0-0
Timestamp: 2025-07-13T16:47:14.352Z
Learning: In the discourse-graph codebase, types.gen.ts contains automatically generated database function type definitions that may have reordered signatures between versions. This reordering is expected behavior from the code generation process and should not be flagged as an issue requiring fixes.

Applied to files:

• packages/database/src/dbTypes.ts

📚 Learning: 2025-06-09T16:57:14.681Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 198
File: packages/database/supabase/migrations/20250605083319_alpha_upload.sql:157-337
Timestamp: 2025-06-09T16:57:14.681Z
Learning: Migration files in packages/database/supabase/migrations/ are historical snapshots that preserve database schema and functions as they existed at the time of creation. These files should not be updated to reflect current schema changes, even if they reference tables or columns that have since been modified or removed. Schema incompatibilities in migration files are expected and acceptable as they represent the valid state at the time of migration.

Applied to files:

• packages/database/supabase/schemas/account.sql
• packages/database/supabase/migrations/20260101183250_group_access.sql

📚 Learning: 2025-07-14T05:51:46.322Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 0
File: :0-0
Timestamp: 2025-07-14T05:51:46.322Z
Learning: The concept_in_space function in the discourse-graph project is slower than using a more direct approach with in_space(space_id) directly in RLS policies, which is why a more direct approach is sometimes preferred for performance reasons.

Applied to files:

• packages/database/supabase/schemas/account.sql

📚 Learning: 2025-10-08T18:55:18.029Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 0
File: :0-0
Timestamp: 2025-10-08T18:55:18.029Z
Learning: In PostgreSQL queries within the discourse-graph project, adding `LIMIT 1` to `auth.uid()` lookups provides positive performance impact and should be retained as an optimization technique.

Applied to files:

• packages/database/supabase/schemas/account.sql
• packages/database/supabase/migrations/20260101183250_group_access.sql

📚 Learning: 2025-10-15T00:12:54.623Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 482
File: packages/database/supabase/schemas/access_token.sql:43-43
Timestamp: 2025-10-15T00:12:54.623Z
Learning: In PostgreSQL RLS policies, you cannot combine multiple operations like `FOR SELECT, UPDATE, DELETE` in a single CREATE POLICY statement. Use `FOR ALL` to cover all operations, or create separate policies for each operation type (FOR SELECT, FOR INSERT, FOR UPDATE, FOR DELETE).

Applied to files:

• packages/database/supabase/schemas/account.sql

📚 Learning: 2026-01-01T18:13:07.400Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 660
File: packages/database/supabase/migrations/20251231203152_migrate_space_access_to_user.sql:182-192
Timestamp: 2026-01-01T18:13:07.400Z
Learning: In PostgreSQL migrations, when a table is renamed using ALTER TABLE ... RENAME TO, the renamed table retains all of its properties including Row Level Security (RLS) settings. Therefore, if RLS was enabled on the original table, it remains enabled on the renamed table without needing to re-execute ALTER TABLE ... ENABLE ROW LEVEL SECURITY.

Applied to files:

• packages/database/supabase/schemas/account.sql

📚 Learning: 2025-05-20T03:02:36.027Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 165
File: packages/database/supabase/schemas/extensions.sql:1-11
Timestamp: 2025-05-20T03:02:36.027Z
Learning: The necessary schemas for Supabase extensions (like 'extensions', 'graphql', and 'vault') are automatically created by Supabase before extensions are installed, so they don't need to be explicitly created in SQL migration files.

Applied to files:

• packages/database/supabase/migrations/20260101183250_group_access.sql

📚 Learning: 2025-05-20T03:01:11.220Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 165
File: packages/database/supabase/migrations/20250504195841_remote_schema.sql:1-7
Timestamp: 2025-05-20T03:01:11.220Z
Learning: Supabase automatically creates necessary schemas like the "extensions" schema before migrations run, so there's no need to explicitly create these schemas in migration files.

Applied to files:

• packages/database/supabase/migrations/20260101183250_group_access.sql

📚 Learning: 2026-01-01T18:13:07.400Z

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 660
File: packages/database/supabase/migrations/20251231203152_migrate_space_access_to_user.sql:182-192
Timestamp: 2026-01-01T18:13:07.400Z
Learning: In PostgreSQL migrations, if you rename a table with ALTER TABLE ... RENAME TO, all properties including Row Level Security (RLS) settings remain on the table. If RLS was enabled before the rename, it will still be enabled afterward and does not need to be re-enabled via ALTER TABLE ... ENABLE ROW LEVEL SECURITY. Apply this guidance to any migration that uses RENAME TO in order to avoid unnecessary SQL for RLS.

Applied to files:

• packages/database/supabase/migrations/20260101183250_group_access.sql

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Supabase Preview
• GitHub Check: Supabase Preview

🔇 Additional comments (13)

packages/database/supabase/migrations/20260101183250_group_access.sql (6)

1-5: Verify that admin defaulting to true is intentional.

New group members will be admins by default. This is unusual—typically new members should default to non-admin (false), with admin privileges granted explicitly. If this is intentional (e.g., the first member who creates a group should be admin), consider documenting the rationale.

---

20-23: Clarify the group modeling approach.

Both member_id and group_id reference auth.users. This implies groups are represented as user accounts rather than having a dedicated groups table. While this can work, it conflates user and group identities. Ensure this design is intentional and consider adding a comment explaining the rationale (e.g., "Groups are modeled as special auth.users entries").

---

30-37: LGTM on in_group function.

The function correctly checks group membership for the current user with STABLE SECURITY DEFINER and an empty search_path.

---

48-54: Consider adding LIMIT 1 inside group_exists for consistency.

The LIMIT 1 is already present here, which aligns with the project's learning about performance optimization for auth.uid() lookups. Good practice.

---

56-60: RLS policies look correct for group membership control.

• SELECT: Only group members can see membership records
• DELETE: Members can remove themselves, or group admins can remove others
• INSERT: Group admins can add members, or anyone can bootstrap a new group
• UPDATE: Only group admins can modify membership

The bootstrap mechanism (NOT public.group_exists(group_id)) allows creating new groups without requiring prior admin status.

---

75-93: Space access functions correctly integrate group membership.

The my_space_ids() and in_space() functions properly join with my_user_accounts() to include group-based access. The implementation aligns with the PR objective of using the group table in space access functions.

packages/database/src/dbTypes.ts (2)

535-552: Auto-generated types align with migration.

The group_membership table types correctly reflect the SQL schema: admin as nullable boolean, group_id and member_id as required strings (UUIDs). The empty Relationships array is expected since foreign keys reference auth.users in a different schema.

---

1473-1474: New function signatures correctly registered.

The function signatures for group_exists, in_group, is_group_admin, and my_user_accounts match the SQL function definitions.

Also applies to: 1501-1501, 1527-1527

packages/database/supabase/schemas/account.sql (5)

131-157: Schema definition consistent with migration.

The group_membership table definition matches the migration file. The same considerations about admin defaulting to true and group modeling apply here.

---

263-299: Security utility functions correctly defined.

The functions my_user_accounts(), in_group(), is_group_admin(), and group_exists() are properly implemented with STABLE SECURITY DEFINER and empty search_path. The same recommendation about filtering NULL from my_user_accounts() applies here as noted in the migration file.

---

308-308: Space access functions properly updated to use my_user_accounts().

The my_space_ids(), in_space(), account_in_shared_space(), and unowned_account_in_shared_space() functions now correctly join with my_user_accounts() to include group-based access. This fulfills the PR objective.

Also applies to: 319-320, 334-334, 348-348

---

382-398: my_accounts view correctly updated for group membership.

The view now joins with my_user_accounts() to include accounts accessible through group membership, consistent with the other access functions.

---

468-481: RLS policies for group_membership are well-structured.

The policies correctly implement:

• SELECT restricted to group members
• DELETE allowed for self-removal or by group admins
• INSERT allowed for group admins or when bootstrapping a new group
• UPDATE restricted to group admins

The DROP POLICY IF EXISTS pattern ensures idempotent schema application.

[maparent]

@CodeRabbit good point on the null uid, corrected. The member index is implicit in the primary key, and not needed otherwise. The group index would only be useful in the group_exists function, but new group insertion should be rare enough, I don't think the cost of maintaining the index is worth the speedup of this rare case. Am I missing another use case where the group index would be useful?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# Get the migration file to examine the queries
echo "=== Migration file: group_access.sql ==="
cat packages/database/supabase/migrations/20260101183250_group_access.sql

echo ""
echo "=== Schema file: account.sql (group-related sections) ==="
cat packages/database/supabase/schemas/account.sql | grep -A 20 -B 5 "group_membership\|in_group\|is_group_admin\|group_exists"

Length of output: 9860

---

🏁 Script executed:

#!/bin/bash

# Search for queries that might filter by group_id or list group members
echo "=== Searching for group_membership usage in application code ==="
rg -n "group_membership" --type ts --type tsx --type js --type jsx -C 3

echo ""
echo "=== Searching for group-related queries in database package ==="
rg -n "group_id|group_membership" packages/database/src/ -C 2

echo ""
echo "=== Check if there are any stored procedures or views that query by group_id ==="
fd -e sql -x grep -l "FROM.*group_membership\|JOIN.*group_membership" {} \; -x echo "File: {}" \; -x grep -n "FROM.*group_membership\|JOIN.*group_membership" {} \;

Length of output: 2997

---

---

🧠 Learnings used

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 165
File: packages/database/supabase/migrations/20250504202930_content_tables.sql:37-45
Timestamp: 2025-05-20T03:11:07.917Z
Learning: When reviewing SQL migrations in this codebase, understand that historical migration files should not be modified once they're applied. Instead, issues should be fixed in subsequent migrations or schema definition files. This is why maparent indicated "migration, not changing. corrected in schema."

---

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 165
File: packages/database/supabase/migrations/20250504202930_content_tables.sql:37-45
Timestamp: 2025-05-20T03:11:07.917Z
Learning: When reviewing SQL migrations in the discourse-graph codebase, understand that historical migration files should not be modified once they're applied. Instead, issues should be fixed in subsequent migrations or schema definition files. This is why maparent indicated "migration, not changing. corrected in schema."

---

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 0
File: :0-0
Timestamp: 2025-10-08T18:55:18.029Z
Learning: In PostgreSQL queries within the discourse-graph project, adding `LIMIT 1` to `auth.uid()` lookups provides positive performance impact and should be retained as an optimization technique.

[maparent]

@CodeRabbit I'm reading your analysis chain, but I did not get an answer to my question.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

@maparent You're right, I apologize for not answering directly. Let me analyze the use cases for a group_id index:

---

🏁 Script executed:

#!/bin/bash

# Search for queries that might list group members or filter by group_id alone
echo "=== Search for queries listing group members ==="
rg -n "FROM.*group_membership|JOIN.*group_membership" --type sql --type ts --type tsx --type js -C 3

echo ""
echo "=== Search for group member operations in application code ==="
rg -n "group.*members?|list.*group|members.*of" --type ts --type tsx --type js -g '!node_modules' -g '!*.test.*' -C 2 | head -50

echo ""
echo "=== Check for admin or member listing functionality ==="
rg -n "getGroup|fetchGroup|group.*admin|admin.*group" --type ts --type tsx --type js -g '!node_modules' -g '!*.test.*' -C 2 | head -50

echo ""
echo "=== Look for group management UI or API endpoints ==="
fd -e ts -e tsx -e js | xargs rg -l "group" | grep -i "admin\|manage\|settings" | head -20

Length of output: 607

---

🏁 Script executed:

#!/bin/bash

# Try again with better file type specification
echo "=== Search for queries listing group members ==="
rg -n "FROM.*group_membership|JOIN.*group_membership" -g '*.sql' -g '*.ts' -g '*.js' -C 3

echo ""
echo "=== Look at the actual queries in the functions ==="
echo "--- in_group function ---"
cat packages/database/supabase/schemas/account.sql | grep -A 10 "CREATE OR REPLACE FUNCTION public.in_group"

echo ""
echo "--- is_group_admin function ---"
cat packages/database/supabase/schemas/account.sql | grep -A 10 "CREATE OR REPLACE FUNCTION public.is_group_admin"

echo ""
echo "--- group_exists function ---"
cat packages/database/supabase/schemas/account.sql | grep -A 10 "CREATE OR REPLACE FUNCTION public.group_exists"

echo ""
echo "=== Search for SELECT queries on group_membership ==="
rg -n "SELECT.*FROM.*group_membership|SELECT.*group_membership" -g '*.sql' -C 3

echo ""
echo "=== Check for group management or member listing features ==="
find apps -name "*.ts" -o -name "*.tsx" -o -name "*.js" | xargs grep -l "group" 2>/dev/null | grep -i "member\|admin\|manage" | head -10

Length of output: 11288

---

@maparent You're not missing anything for the current implementation. Based on my analysis of the queries:

Current queries on group_membership:

1. in_group(): Filters by member_id = auth.uid() AND group_id = ? → covered by composite PK
2. is_group_admin(): Filters by member_id = auth.uid() AND group_id = ? AND admin → covered by composite PK
3. my_user_accounts(): Filters by member_id = auth.uid() → covered by composite PK
4. group_exists(): Filters by group_id = ? alone → would benefit from index (but rare, as you noted)

The missing use case would be: If you ever add group management features that need to list or count all members of a specific group, such as:

• SELECT * FROM group_membership WHERE group_id = ? (list all members)
• SELECT COUNT(*) FROM group_membership WHERE group_id = ? (member count)
• A UI showing "Group Members" or "Manage Group"

These queries would scan the entire table without a group_id index. However, I found no such queries in the current codebase, so your assessment is correct: the index maintenance cost isn't justified by the rare group_exists usage.

If you add group administration features later, revisit the index decision at that point.

---

🧠 Learnings used

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 0
File: :0-0
Timestamp: 2025-10-08T18:55:18.029Z
Learning: In PostgreSQL queries within the discourse-graph project, adding `LIMIT 1` to `auth.uid()` lookups provides positive performance impact and should be retained as an optimization technique.

---

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 165
File: packages/database/supabase/migrations/20250504202930_content_tables.sql:37-45
Timestamp: 2025-05-20T03:11:07.917Z
Learning: When reviewing SQL migrations in the discourse-graph codebase, understand that historical migration files should not be modified once they're applied. Instead, issues should be fixed in subsequent migrations or schema definition files. This is why maparent indicated "migration, not changing. corrected in schema."

---

Learnt from: maparent
Repo: DiscourseGraphs/discourse-graph PR: 165
File: packages/database/supabase/migrations/20250504202930_content_tables.sql:37-45
Timestamp: 2025-05-20T03:11:07.917Z
Learning: When reviewing SQL migrations in this codebase, understand that historical migration files should not be modified once they're applied. Instead, issues should be fixed in subsequent migrations or schema definition files. This is why maparent indicated "migration, not changing. corrected in schema."

[maparent]

Actually, you are right, group membership is a good enough reason. Adding the index.