{
  "version": "v0.6",
  "step": "Step 5.3 AGenWork Cloud Twin Data Model Foundation",
  "sourceBaseline": "AGWGSCode v2.3FR2.txt",
  "sourceHashSha256": "df133b5ad391cef69fd1ca8e592cc2be23367cf6ad920b8258d9648995857366",
  "productionCutover": false,
  "productionDataConnected": false,
  "productionSourceOfTruth": "Google Apps Script + Google Sheets",
  "cloudTwinTargetDataLayer": "Cloudflare D1",
  "profileImageStorage": "Firebase Storage retained for initial twin",
  "tableCount": 51,
  "fieldCount": 850,
  "phases": [
    {
      "phase": "5.3",
      "name": "Schema foundation",
      "status": "created",
      "description": "Create D1-compatible schema and table mapping from AGenWork sheet model."
    },
    {
      "phase": "5.4",
      "name": "D1 database creation",
      "status": "next",
      "description": "Create Cloudflare D1 database and apply schema.sql."
    },
    {
      "phase": "5.5",
      "name": "Export/import tooling",
      "status": "not_started",
      "description": "Generate controlled Google Sheets export to D1 import workflow with validation reports."
    },
    {
      "phase": "5.6",
      "name": "Auth/session API",
      "status": "not_started",
      "description": "Build Cloudflare-native auth/session tables and APIs without affecting production AGenWork."
    },
    {
      "phase": "5.7",
      "name": "Read-only parity views",
      "status": "not_started",
      "description": "Render employee/profile/directory views from D1 and compare to Apps Script output."
    },
    {
      "phase": "later",
      "name": "Controlled writes",
      "status": "blocked_until_parity",
      "description": "Timekeeping, payroll, movements, and approvals stay disabled until D1 read parity passes."
    }
  ],
  "riskControls": [
    "No production write traffic to /work-cloud at this step.",
    "No payroll or timekeeping writes in Cloudflare at this step.",
    "Constraints are intentionally deferred to prevent import failure from dirty historical Sheets data.",
    "Sensitive fields are inventoried for encryption/masking decisions before real import.",
    "Firebase profile image URLs remain references; image binaries are not migrated at this step."
  ]
}
---
Step 5.8 — D1 Binding Health Check
Status: Added in v0.7 package.
Endpoint: /work-cloud/api/d1-health
Purpose: Confirm the Cloudflare Pages Function runtime can access the AGW_DB D1 binding.
Safety: Read-only SELECT 1 probe only. No schema import, no data import, no production writes, and no source-of-truth change.
Stop point after deployment: Confirm JSON response has ok=true and status=D1_BINDING_OK.