Skip to content

Migrate user-facing Firestore access to the client SDK (Admin SDK → derived/privileged only)

Goal

Move the data paths a user touches within their own scope off server API routes + Admin SDK and onto the Firebase CLIENT SDK, gated by Security Rules + claims. Reserve the Admin SDK for: derived/computed data (journals, reports, trial balance), secrets/ integrations (OCBC, Airwallex, Drive, GCP, Telegram), privileged mutations (claim mints, role changes, cross-entity admin), and multi-doc invariants Rules can't enforce. The principle/taxonomy IS the work; the SDK choice falls out of it.

Notes

  • Client SDK is already used in some components (StudentDialog) and lib/firebase.ts exposes per-DB client handles — so the foundation exists; this is expansion, not bootstrap.
  • Depends on T-022 (strict Rules must gate before reads move client-side) and should respect T-021's migrated document schema.
  • SA agent confirmed (2026-06-13): client SDK adoption is entirely mine, no IAM/timeline coupling. Only risk: routing a NEW path through the legacy GOOGLE_* fallback (Drive/BQ) would work today but break when service@ is deleted ~2026-07-12 — don't.

Log

  • 2026-06-13 created (split out of T-022 per the SA-coordination answers).