Row-level security
HELAÜLOOM enforces vault isolation at the application layer in all environments and at the PostgreSQL row-level security layer in production.
Each authenticated database transaction sets app.current_user_id so policies on Vault, VaultEntry, audit logs, support chat, and collaboration activity apply automatically.
Policies are defined in prisma/postgres/rls-policies.sql and applied via scripts/apply-rls.sh after migrate deploy.