# Phase 1 — Data Model: Remove Legacy BulkOperationRun & Canonicalize Operations (v1.0)

This document describes the domain entities and data contracts impacted by Feature 056.

## Entities

### OperationRun (canonical)

Represents a single observable operation execution. Tenant-scoped.

**Core fields (existing):**

- `tenant_id`: Tenant scope for isolation.
- `user_id`: Initiator user (nullable for system).
- `initiator_name`: Human name for display.
- `type`: Operation type (stable identifier).
- `status`: queued | running | completed.
- `outcome`: pending | succeeded | partial | failed (exact naming per existing app semantics).
- `run_identity_hash`: Deterministic identity used for dedupe of active runs.
- `context`: JSON object containing operation inputs and metadata.
- `summary_counts`: JSON object with canonical metrics keys.
- `failure_summary`: JSON array/object with stable reason codes + sanitized messages.
- `started_at`, `completed_at`: Timestamps.

**Invariants:**

- Active-run dedupe is tenant-wide.
- Monitoring renders from DB only.
- `summary_counts` keys are constrained to the canonical registry.
- Failure messages are sanitized and do not include secrets.

### Operation Type (logical)

A stable identifier used to categorize runs, label them for admins, and enforce consistent UX.

**Attributes:**

- `type` (string): e.g., `policy_version.prune`, `backup_set.delete`, etc.
- `label` (string): human readable name.
- `expected_duration_seconds` (optional): typical duration.
- `allowed_summary_keys`: canonical registry.

### Target Scope (logical)

A directory/remote tenant scope that an operation targets.

**Context fields (when applicable):**

- `entra_tenant_id`: Azure AD / Entra tenant GUID.
- `directory_context_id`: Internal directory context identifier.

At least one of the above must be present for directory-targeted operations.

### Bulk Selection Identity (logical)

Deterministic definition of “what the bulk action applies to”, required for idempotency.

**Decision**: Hybrid identity.

- Explicit selection: `selection.ids_hash`
- Query/filter selection (“select all”): `selection.query_hash`

**Properties:**

- `selection.kind`: `ids` | `query`
- `selection.ids_hash`: sha256 of stable, sorted IDs.
- `selection.query_hash`: sha256 of normalized filter/query payload.

### Bulk Idempotency Fingerprint (logical)

Deterministic fingerprint used to dedupe active runs and prevent duplicated work.

**Components:**

- operation `type`
- target scope (`entra_tenant_id` or `directory_context_id`)
- selection identity (hybrid)

## Removed Entity

### BulkOperationRun (legacy)

This entity is removed by Feature 056.

- Legacy model/service/table are deleted.
- No new writes to legacy tables after cutover.
- Historical import into OperationRun is not performed.