Three runtime bugs found during production site testing:
1. PrismaService.setWorkspaceContext used SET LOCAL with Prisma tagged templates,
which produces parameterized SQL ($1) that PostgreSQL rejects in SET statements.
Changed to set_config() which safely accepts parameterized values — matching
the pattern already used in RlsContextInterceptor.
2. WorkspaceGuard.extractWorkspaceId accessed request.body.workspaceId without
null-checking body, causing TypeError on GET requests where body is undefined.
Added runtime type guard with explicit cast.
3. fetchProjects() cast the API response as Project[] but the backend returns
{ data: Project[], meta: {...} } paginated wrapper. Added response.data
unwrapping to match the actual API contract.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
