digital-identity-platform-docs
digital-identity-platform-docs / supabase/functions/enforce-plan-compliance
supabase/functions/enforce-plan-compliance
Fileoverview
Plan Compliance Safety Job
A scheduled job that iterates all active container subscriptions and enforces plan entitlements as a safety net for missed webhook events.
Cloudflare Architecture Context
| Attribute | Value |
|---|---|
| Classification | 🔵 BACKEND-ONLY (Cron) |
| Position | After Cloudflare (works with billing data) |
| Receives Public Traffic | No (pg_cron or manual trigger) |
| Latency Sensitive | No |
| Safe to Retry | Yes (idempotent entitlement checks) |
| Failure Behavior | Logs errors per container, continues |
Endpoint
POST /functions/v1/enforce-plan-compliance
Authentication
Protected by x-cron-secret header (not JWT).
Behavior
- Fetches all containers with active subscriptions
- Calls
rpc_enforce_plan_entitlements()for each container - Reports summary of any corrections made
Schedule
Intended to run daily via external cron or Supabase scheduled functions.
Environment Variables
- CRON_SECRET: Secret to authenticate cron calls
- SUPABASE_URL: Supabase project URL
- SUPABASE_SERVICE_ROLE_KEY: Service role key for admin operations