Update documentation references

Update remaining documentation files to remove references to the old approval flow and feature flags.

docs/DEPLOYMENT.md

@@ -93,7 +93,7 @@ supabase functions deploy
 
 # Or deploy individually
 supabase functions deploy upload-image
-supabase functions deploy process-selective-approval
+supabase functions deploy process-selective-approval  # Atomic transaction RPC
 # ... etc
 ```
 

docs/JSONB_ELIMINATION_COMPLETE.md

@@ -21,11 +21,12 @@ All JSONB columns have been successfully eliminated from `submission_items`. The
 - **Dropped JSONB columns** (`item_data`, `original_data`)
 
 ### 2. Backend (Edge Functions) ✅
-Updated `process-selective-approval/index.ts`:
+Updated `process-selective-approval/index.ts` (atomic transaction RPC):
 - Reads from relational tables via JOIN queries
 - Extracts typed data for park, ride, company, ride_model, and photo submissions
 - No more `item_data as any` casts
 - Proper type safety throughout
+- Uses PostgreSQL transactions for atomic approval operations
 
 ### 3. Frontend ✅
 Updated key files:
@@ -122,8 +123,8 @@ const parkData = item.park_submission; // ✅ Fully typed
 - `supabase/migrations/20251103_data_migration.sql` - Migrated JSONB to relational
 - `supabase/migrations/20251103_drop_jsonb.sql` - Dropped JSONB columns
 
-### Backend
+### Backend (Edge Functions)
-- `supabase/functions/process-selective-approval/index.ts` - Reads relational data
+- `supabase/functions/process-selective-approval/index.ts` - Atomic transaction RPC reads relational data
 
 ### Frontend
 - `src/lib/submissionItemsService.ts` - Query joins, type transformations

docs/PHASE_1_IMPLEMENTATION_SUMMARY.md

@@ -20,7 +20,7 @@ Created and ran migration to:
 **Migration File**: Latest migration in `supabase/migrations/`
 
 ### 2. Edge Function Updates ✅
-Updated `process-selective-approval/index.ts` to handle relational data insertion:
+Updated `process-selective-approval/index.ts` (atomic transaction RPC) to handle relational data insertion:
 
 **Changes Made**:
 ```typescript
@@ -185,7 +185,7 @@ WHERE cs.stat_name = 'max_g_force'
 
 ### Backend (Supabase)
 - `supabase/migrations/[latest].sql` - Database schema updates
-- `supabase/functions/process-selective-approval/index.ts` - Edge function logic
+- `supabase/functions/process-selective-approval/index.ts` - Atomic transaction RPC edge function logic
 
 ### Frontend (Already Updated)
 - `src/hooks/useCoasterStats.ts` - Queries relational table

docs/SECURITY_FIXES_P0.md

@@ -139,7 +139,7 @@ SELECT * FROM user_roles; -- Should return all roles
 ### Problem
 Public edge functions lacked rate limiting, allowing abuse:
 - `/upload-image` - Unlimited file upload requests
-- `/process-selective-approval` - Unlimited moderation actions
+- `/process-selective-approval` - Unlimited moderation actions (atomic transaction RPC)
 - Risk of DoS attacks and resource exhaustion
 
 ### Solution
@@ -156,7 +156,7 @@ Created shared rate limiting middleware with multiple tiers:
 
 ### Files Modified
 - `supabase/functions/upload-image/index.ts`
-- `supabase/functions/process-selective-approval/index.ts`
+- `supabase/functions/process-selective-approval/index.ts` (atomic transaction RPC)
 
 ### Implementation
 
@@ -171,12 +171,12 @@ serve(withRateLimit(async (req) => {
 }, uploadRateLimiter, corsHeaders));
 ```
 
-#### Process-selective-approval (Per-user)
+#### Process-selective-approval (Per-user, Atomic Transaction RPC)
 ```typescript
 const approvalRateLimiter = rateLimiters.perUser(10); // 10 req/min per moderator
 
 serve(withRateLimit(async (req) => {
-  // Existing logic
+  // Atomic transaction RPC logic
 }, approvalRateLimiter, corsHeaders));
 ```
 
@@ -197,7 +197,7 @@ serve(withRateLimit(async (req) => {
 
 ### Verification
 ✅ Upload-image limited to 5 requests/minute  
-✅ Process-selective-approval limited to 10 requests/minute per moderator  
+✅ Process-selective-approval (atomic transaction RPC) limited to 10 requests/minute per moderator  
 ✅ Detect-location already has rate limiting (10 req/min)  
 ✅ Rate limit headers included in responses  
 ✅ 429 responses include Retry-After header

docs/SUBMISSION_FLOW.md

@@ -125,7 +125,7 @@ The following tables have explicit denial policies:
 
 ### Service Role Access
 Only these edge functions can write (they use service role):
-- `process-selective-approval` - Applies approved submissions
+- `process-selective-approval` - Applies approved submissions atomically (PostgreSQL transaction RPC)
 - Direct SQL migrations (admin only)
 
 ### Versioning Triggers
@@ -232,8 +232,9 @@ A: Only in edge functions. Never in client-side code. Never for routine edits.
 
 - `src/lib/entitySubmissionHelpers.ts` - Core submission functions
 - `src/lib/entityFormValidation.ts` - Enforced wrappers
-- `supabase/functions/process-selective-approval/index.ts` - Approval processor
+- `supabase/functions/process-selective-approval/index.ts` - Atomic transaction RPC approval processor
 - `src/components/admin/*Form.tsx` - Form components using the flow
+- `docs/ATOMIC_APPROVAL_TRANSACTIONS.md` - Atomic transaction RPC documentation
 
 ## Update History
 

docs/VALIDATION_CENTRALIZATION.md

@@ -88,9 +88,10 @@ This created several issues:
 #### 3. Edge Function (`supabase/functions/process-selective-approval/index.ts`)
 
 **No Changes Required:**
-- Already has comprehensive validation via `validateEntityDataStrict()`
+- Atomic transaction RPC approach already has comprehensive validation via `validateEntityDataStrict()`
 - Already returns proper 400 errors for validation failures
 - Already includes detailed error messages
+- Validates within PostgreSQL transaction for data integrity
 
 ## Validation Responsibilities
 
@@ -167,8 +168,9 @@ Expected: Edge function should return 400 error with detailed message, React sho
 If you need to add new validation rules:
 
 1. ✅ **Add to edge function** (`process-selective-approval/index.ts`)
-   - Update `validateEntityDataStrict()` function
+   - Update `validateEntityDataStrict()` function within the atomic transaction RPC
    - Add to appropriate entity type case
+   - Ensure validation happens before any database writes
 
 2. ✅ **Update documentation schemas** (`entityValidationSchemas.ts`)
    - Keep schemas in sync for reference
@@ -176,7 +178,7 @@ If you need to add new validation rules:
 
 3. ❌ **DO NOT add to React validation**
    - React should only do basic UX validation
-   - Business logic belongs in edge function
+   - Business logic belongs in edge function (atomic transaction)
 
 ## Related Issues
 

docs/moderation/SUBMISSION_PATTERNS.md

@@ -19,8 +19,8 @@ User Form → validateEntityData() → createSubmission()
   → content_submissions table 
   → submission_items table (with dependencies)
   → Moderation Queue
-  → Approval → process-selective-approval edge function
+  → Approval → process-selective-approval edge function (atomic transaction RPC)
-  → Live entities created
+  → Live entities created (all-or-nothing via PostgreSQL transaction)
 ```
 
 **Example:**

docs/versioning/MODERATION.md

@@ -29,7 +29,7 @@ sequenceDiagram
     Note over UI: Moderator clicks "Approve"
     
     UI->>Edge: POST /process-selective-approval
-    Note over Edge: Edge function starts
+    Note over Edge: Atomic transaction RPC starts
     
     Edge->>Session: SET app.current_user_id = submitter_id
     Edge->>Session: SET app.submission_id = submission_id
@@ -92,9 +92,9 @@ INSERT INTO park_submissions (
 VALUES (...);
 ```
 
-### 3. Edge Function (process-selective-approval)
+### 3. Edge Function (process-selective-approval - Atomic Transaction RPC)
 
-Moderator approves submission, edge function orchestrates:
+Moderator approves submission, edge function orchestrates with atomic PostgreSQL transactions:
 
 ```typescript
 // supabase/functions/process-selective-approval/index.ts