fix: store ai_insights with users.id and add FK + cascade delete

[Ridanshi]

Closes #1750

Problem

GET /api/ai-insights stored insight rows using session.githubId as user_id:

const userId = session.githubId;  // e.g. "12345678" — GitHub numeric ID
// ...
await supabaseAdmin.from("ai_insights").upsert({ user_id: userId, ... });

session.githubId is the GitHub numeric account ID, not the application UUID (users.id). The ai_insights table had no foreign-key constraint pointing at users, so:

1. Orphaned records — when a user deleted their account, all their ai_insights rows remained forever. The account-deletion handler (data-export/route.ts) did not include ai_insights in its explicit deletion list, and there was no ON DELETE CASCADE to fill in.

2. No referential integrity — inserts could reference any arbitrary string as user_id with no guarantee that a matching user existed.

3. Broken cascade — even if the cascade were to fire in the future, it would compare against users.id (UUID), not users.github_id (numeric string), so it would never match existing rows.

Root cause (three locations)

Location	Problem
src/app/api/ai-insights/route.ts line 51	const userId = session.githubId — uses wrong identity
src/app/api/user/data-export/route.ts — tablesToDelete array	ai_insights not listed; rows survive account deletion
supabase/schema.sql — ai_insights table	No FK, no cascade

Fix

src/app/api/ai-insights/route.ts

• Call resolveAppUser(session.githubId, session.githubLogin) to obtain user.id (the stable UUID) and use it as user_id throughout.
• Return 404 if the user cannot be resolved.
• Add insight_type validation against the allowlist ('weekly_summary' | 'pattern' | 'recommendation') that mirrors the DB CHECK constraint. Unrecognised types now return 400 instead of a Supabase constraint-violation 500.

src/app/api/user/data-export/route.ts

• Prepend "ai_insights" to tablesToDelete so explicit account deletion always removes insight rows — even before the FK migration is applied.

supabase/migrations/20260531000000_fix_ai_insights_user_id.sql

Three steps inside a transaction:

1. Remap existing ai_insights.user_id values from github_id strings to the corresponding users.id UUIDs (via JOIN users ON users.github_id = ai_insights.user_id).
2. Delete any rows that cannot be matched — these are already orphaned records belonging to deleted accounts.
3. Add FK FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, enforcing integrity going forward and enabling automatic cleanup on account deletion.

Identity chain (after fix)

GitHub OAuth sign-in  →  profile.id  →  users.github_id  (immutable)
                                     →  users.id (UUID)  ← ai_insights.user_id now points here

Tests

test/ai-insights-ownership.test.ts — 13 new tests:

Category	Cases
Auth guards	no session → 401, unresolved user → 404
Ownership	resolveAppUser called with session credentials; upsert uses UUID; cache query uses UUID
Regression #1750	no DB operation receives the raw githubId as user_id
Cache hit	returns { cached: true, data }
insight_type validation	invalid → 400; weekly_summary, pattern, recommendation → 200
Conflict target	onConflict: "user_id,insight_type" present
Cache miss shape	{ data, cached: false }

All 13 pass. The single pre-existing failure in test/dateUtils.test.ts (timezone boundary) is unrelated to this change.

[vercel]

@Ridanshi is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[Priyanshu-byte-coder]

This PR has developed merge conflicts after recent merges to main. Please rebase onto the latest main branch, resolve all conflicts, and force-push. Once the PR is conflict-free it will be reviewed for merging.