Use Case
Relay and Notary now both use PostgreSQL for product-owned correctness state. Their schemas, migrations, roles, transactions, and readiness contracts intentionally differ, but parts of connection URL handling, root-certificate loading, TLS hostname verification, and session bootstrap may have identical policy.
Keeping truly identical security policy in two implementations creates avoidable drift risk. Extracting it during #356 would broaden a security-critical migration, so this is deferred until both product contracts are stable.
Proposed Behavior
- Inventory only PostgreSQL connection and TLS behavior that is demonstrably identical in Relay and Notary.
- Extract shared primitives that have both products as active consumers and reduce net code.
- Preserve product-owned pool lifecycle, role checks, schema compatibility checks, readiness diagnostics, migrations, and transaction semantics.
- Keep existing configuration contracts stable and prove both products' positive and negative TLS cases.
Boundaries
- Do not share Relay and Notary tables, schemas, migrations, or state semantics.
- Do not add a generic persistence or state framework.
- Do not force superficially similar error or retry policy into one abstraction.
- If a candidate differs in lifecycle or trust semantics, keep it product-owned and document why.
Use Case
Relay and Notary now both use PostgreSQL for product-owned correctness state. Their schemas, migrations, roles, transactions, and readiness contracts intentionally differ, but parts of connection URL handling, root-certificate loading, TLS hostname verification, and session bootstrap may have identical policy.
Keeping truly identical security policy in two implementations creates avoidable drift risk. Extracting it during #356 would broaden a security-critical migration, so this is deferred until both product contracts are stable.
Proposed Behavior
Boundaries