fix(db): reconcile live database drift and harden security without RAG regression#300
Conversation
- Degrade invalid bearer tokens to anonymous scope instead of 401 - Allow public document read routes (list, detail, signed-url, search, images) - Align registry routes with medications/differentials auth-signal short-circuit - Let DocumentViewer load public sources without requiring sign-in - Add regression tests and update access-control expectations
Create missing retrieval-support indexes (trgm, composite btree, partial miss log) that were absent or only present under legacy names on live. Update search_schema_health() to accept verified functional equivalents during rollout. Set search_path for pg_trgm gin_trgm_ops in extensions. Verified on linked project: search_schema_health() ok=true, missing=[].
- Re-apply indexing_v3_agent_jobs table and claim/update RPCs on live - Codify match_document_embedding_fields_text with service_role-only execute - Enable RLS on rag_visual_eval_* tables - Fix edge function JSONB status RPC parsing - Harden owner-scope and health deep-probe gating - Restore .env.example; remove unused postgres npm dep - Make gold-label governance advisory-only
- Re-apply indexing_v3_agent_jobs table and claim/update RPCs on live - Codify match_document_embedding_fields_text with service_role-only execute - Enable RLS on rag_visual_eval_* tables - Fix edge function JSONB status RPC parsing - Harden owner-scope and health deep-probe gating - Restore .env.example; remove unused postgres npm dep - Make gold-label governance advisory-only
|
Updates to Preview Branch (cursor/fix-all-db-issues-5f13) ↗︎
Tasks are run on every commit but only new migration files are pushed.
View logs for this Workflow Run ↗︎. |
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
09b3567 to
8ab94ea
Compare
Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
There was a problem hiding this comment.
Pull request overview
This PR reconciles observed drift between the repository and the live Supabase project schema, tightens owner-scoped retrieval boundaries, and hardens operational endpoints (health + indexing agent RPC parsing) while aiming to avoid any RAG scoring/ranking/chunking changes.
Changes:
- Codifies live database drift via new/idempotent migrations and updates
supabase/schema.sqlto match (jobs table/RPCs, embedding-fields RPC grants, visual eval tables + RLS, search_document_chunks scope). - Hardens
/api/health?deep=1by requiring an operator secret header for the deep Supabase probe, and updates deep public-access tests accordingly. - Fixes indexing-v3-agent edge function handling of JSONB-returning status RPCs via robust result parsing.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/supabase-schema.test.ts | Adds assertions to ensure schema + key migrations mirror live drift fixes and owner-scope tightening. |
| tests/public-access-deep.test.ts | Updates health deep-probe expectations to reflect new secret-gated behavior. |
| supabase/schema.sql | Mirrors drift reconciliation (drop/recreate function signature, adds search_document_chunks, embedding-fields RPC, visual eval tables + RLS/policies, grants). |
| supabase/migrations/20260705220000_reconcile_live_database_drift.sql | New idempotent migration to re-apply missing live objects and lock down permissions/RLS. |
| supabase/migrations/20260705210000_retrieval_owner_filter_sentinel.sql | Adds a defensive DROP to handle signature/OUT-column drift before CREATE OR REPLACE. |
| supabase/migrations/20260705133000_tighten_search_document_chunks_owner_scope.sql | Documents/codifies live owner-scope tightening and revokes public/anon/auth execute. |
| supabase/functions/indexing-v3-agent/index.ts | Uses typed RPC rows + parsing helper for JSONB-returning job-status RPCs. |
| src/lib/env.ts | Adds SUPABASE_DB_URL and HEALTH_DEEP_PROBE_SECRET to the validated env schema. |
| src/lib/document-label-governance.ts | Treats missing gold-label rows as non-blocking (advisory) in the overall pass/fail result. |
| src/app/api/health/route.ts | Adds constant-time header token check for deep health probe authorization; returns 503 on unauthorized deep probe. |
| scripts/check-document-label-governance.ts | Clarifies CLI output that missing gold-label rows are advisory. |
| package.json | Removes the postgres dependency. |
| docs/supabase-migration-reconciliation.md | Documents the newly codified live drift and how it’s reconciled. |
| docs/process-hardening.md | Adds a dated log entry describing drift reconciliation and follow-ups. |
| .env.example | Adds SUPABASE_DB_URL and HEALTH_DEEP_PROBE_SECRET examples for operators/devs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
@copilot resolve the merge conflicts in this pull request |
…ope and commit-gen RPC test cases
Done — merged
Resolved in merge commit |
Summary
Reconciles live Supabase drift on
sjrfecxgysukkwxsowpy, hardens security boundaries, and fixes CI blockers — without changing RAG scoring, ranking, or chunking behavior.Changes
20260705133000(search_document_chunks owner scope),20260705220000(jobs table, RPCs, embedding-fields grants, eval RLS)indexing-v3-agentJSONB status RPC parsing fixVerification
npm run format:check— PASSverifyjob — PASS (run https://github.com/BigSimmo/Database/actions/runs/28750309235)ui-smoke— PASS (same run)npm run check:edge:functions— PASS locally20260705220000CI fixes in this branch
6f1d525e309b3567c8allowGlobalSearch?tofetchBestDocumentLookupChunksargs typeClinical Governance Preflight
Clinical KB Database(sjrfecxgysukkwxsowpy)Merge note
Branch may conflict with
mainwhere overlapping access-rollout work landed via other PRs (#291, #297). Resolve at merge without importing unrelated UI commits onto this branch.Operator follow-ups (not in this PR)
HEALTH_DEEP_PROBE_SECRETin production