Skip to content

fix: remediate repository review and reconcile Supabase drift#540

Merged
BigSimmo merged 4 commits into
mainfrom
codex/repository-review-remediation
Jul 13, 2026
Merged

fix: remediate repository review and reconcile Supabase drift#540
BigSimmo merged 4 commits into
mainfrom
codex/repository-review-remediation

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 12, 2026

Copy link
Copy Markdown
Owner

Summary

  • remediates the comprehensive repository-review findings across API safety, ingestion/enrichment concurrency, privacy, caching, accessibility, UI behavior, and dead code
  • reconciles production migration history and live-ahead Supabase governance/retrieval objects
  • applies the four reviewed forward migrations to Clinical KB Database
  • aligns repository filenames with their generated production migration versions
  • leaves live schema drift-free and production readiness green

Live migrations applied

  • 20260713062107_restore_text_fallback_lexical_score
  • 20260713062125_fence_index_generation_commit
  • 20260713062132_purge_expired_rag_response_cache
  • 20260713062139_route_enrichment_through_agent

The generation fence removes service_role access from the legacy unfenced commit overload and exposes only the lease-validated overload to the worker. Enrichment claims exclude documents with active ingestion jobs.

Verification

  • npm run check:drift — no unexpected live schema drift
  • npm run check:production-readiness — READY
  • Docker npm run drift:manifest schema replay — passed
  • isolated full Supabase migration reset — passed
  • full Vitest before apply — 1,712 passed, 1 skipped
  • focused post-apply concurrency/retrieval Vitest — 166/166 passed
  • post-reconciliation schema/drift Vitest — 54/54 passed
  • offline RAG — 36 fixtures and 60/60 contract tests passed
  • M13 live migration guard — passed
  • retrieval owner/sentinel and search_schema_health — passed
  • live lexical retrieval smoke — 12 results; similarity remains zero, lexical signal present, hybrid scores remain below the moderate-evidence gate
  • live concurrency/ACL assertions — zero duplicate open-ingestion groups, zero active ingestion/enrichment overlap, fenced overload executable by service_role, legacy overload not executable
  • lint, typecheck, production build, client-bundle secret scan, and targeted Chromium QA — passed
  • Supabase security advisor — no findings
  • dependency audit — zero vulnerabilities

Notes

The full provider retrieval-quality aggregate exceeded the local command wrapper window. Its process completed without leaving a result artifact; deterministic live retrieval, schema-health, ownership, ACL, concurrency, and offline golden checks all passed.

Supabase performance advisor still reports INFO-only unused-index candidates and the Auth absolute-connection setting. No indexes were removed because usage counters alone are insufficient evidence for destructive cleanup.

BigSimmo added 4 commits July 13, 2026 03:07
Harden database concurrency, privacy, request limits, source governance, document scope, and accessibility. Regenerate the drift manifest after local schema replay and retain provider reconciliation as a follow-up against current main.
…ew-remediation

# Conflicts:
#	docs/branch-review-ledger.md
#	docs/deployment-architecture.md
#	src/app/api/setup-status/route.ts
#	src/components/AccessibleTable.tsx
#	src/components/document-search-live-opener.tsx
#	src/lib/rag.ts
Codify production migration history and live-ahead definitions, preserve service-role ACLs, and make fresh migration replay deterministic. The four forward remediation migrations remain unapplied to live pending explicit write approval. Verified with scratch schema replay, full local migration reset, lint, typecheck, unit tests, build, and targeted Chromium QA.
…ew-remediation

# Conflicts:
#	src/components/ClinicalDashboard.tsx
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: abddc0d8-380c-442e-b6d8-2cfcfa049c09

📥 Commits

Reviewing files that changed from the base of the PR and between d8fb85d and 4522758.

📒 Files selected for processing (80)
  • .env.example
  • .github/workflows/eval-canary.yml
  • docs/branch-review-ledger.md
  • docs/deployment-architecture.md
  • docs/forward-codify-retrieval-rpcs-workorder.md
  • next.config.ts
  • scripts/check-drift.ts
  • scripts/sql/capture-live-retrieval-rpcs.sql
  • src/app/api/answer/route.ts
  • src/app/api/answer/stream/route.ts
  • src/app/api/documents/[id]/reindex/route.ts
  • src/app/api/documents/[id]/route.ts
  • src/app/api/documents/bulk/reindex/route.ts
  • src/app/api/documents/route.ts
  • src/app/api/setup-status/route.ts
  • src/app/api/upload/route.ts
  • src/app/not-found.tsx
  • src/components/AccessibleTable.tsx
  • src/components/ClinicalDashboard.tsx
  • src/components/DocumentViewer.tsx
  • src/components/ServiceDetailPage.tsx
  • src/components/clinical-dashboard-client.tsx
  • src/components/clinical-dashboard-lazy.tsx
  • src/components/clinical-dashboard/favourites-home-page.tsx
  • src/components/document-search-live-opener.tsx
  • src/components/document-viewer-client.tsx
  • src/components/forms/form-detail-page.tsx
  • src/components/mode-home-page-skeleton.tsx
  • src/components/services/service-detail-page.tsx
  • src/components/services/services-navigator-page.tsx
  • src/components/ui/sheet.tsx
  • src/lib/answer-render-policy.ts
  • src/lib/answer-telemetry.ts
  • src/lib/answer-thread-storage.ts
  • src/lib/answer-verification.ts
  • src/lib/env.ts
  • src/lib/evidence.ts
  • src/lib/extractors/document.ts
  • src/lib/rag-cache.ts
  • src/lib/rag-quote-verification.ts
  • src/lib/rag.ts
  • src/lib/supabase/database.types.ts
  • src/lib/validation/body.ts
  • src/proxy.ts
  • supabase/drift-allowlist.json
  • supabase/drift-manifest.json
  • supabase/functions/indexing-v3-agent/index.ts
  • supabase/migrations/20260711120000_retrieval_fn_plan_cache_mode.sql
  • supabase/migrations/20260711164429_domain_1_minimise_rag_query_answer_text.sql
  • supabase/migrations/20260711164441_domain_1_source_review_lifecycle.sql
  • supabase/migrations/20260711164453_domain_1_answer_feedback_and_cache_retention.sql
  • supabase/migrations/20260711182756_domain_1_index_rag_answer_feedback_owner.sql
  • supabase/migrations/20260712164057_reconcile_function_acl_and_label_metadata.sql
  • supabase/migrations/20260712164408_rename_legacy_index_aliases.sql
  • supabase/migrations/20260712165211_reconcile_missing_operational_indexes.sql
  • supabase/migrations/20260712165915_reconcile_ingestion_index_shapes.sql
  • supabase/migrations/20260712170500_codify_live_operational_indexes.sql
  • supabase/migrations/20260712171000_reconcile_visual_eval_document_fks.sql
  • supabase/migrations/20260712171500_codify_live_ahead_functions.sql
  • supabase/migrations/20260712172000_drop_redundant_table_fact_indexes.sql
  • supabase/migrations/20260712173000_add_legacy_index_health_batch_repair.sql
  • supabase/migrations/20260713110000_restore_text_fallback_lexical_score.sql
  • supabase/migrations/20260713120000_fence_index_generation_commit.sql
  • supabase/migrations/20260713121000_purge_expired_rag_response_cache.sql
  • supabase/migrations/20260713122000_route_enrichment_through_agent.sql
  • supabase/schema.sql
  • tests/answer-thread-storage.test.ts
  • tests/answer-verification.test.ts
  • tests/bounded-json-body.test.ts
  • tests/drift-detection.test.ts
  • tests/eval-canary-workflow.test.ts
  • tests/forward-codify-retrieval-targets.test.ts
  • tests/indexing-v3-agent.test.ts
  • tests/private-access-routes.test.ts
  • tests/rag-trust.test.ts
  • tests/setup-status-route.test.ts
  • tests/supabase-schema.test.ts
  • tests/upload-ingress-limits.test.ts
  • tests/worker-visual-capture.test.ts
  • worker/main.ts

📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Enrichment reindexing now queues background work and reports when processing has been accepted.
    • Added stronger upload and request-size protection, with oversized requests rejected clearly.
    • Conversation history and recent searches are now isolated per signed-in session.
  • Bug Fixes

    • Public document responses no longer expose internal fields or indexing details.
    • Answer citations and numeric claims are validated more strictly against supporting evidence.
    • Save failures now display an appropriate error message.
  • UI Updates

    • Updated form action labels and disabled unavailable pathway, filtering, sorting, and comparison controls.

Walkthrough

The change set hardens upload and JSON ingress, restricts unauthenticated data exposure, queues enrichment through Supabase, tightens RAG evidence and cache behavior, adds database governance objects and reconciliation updates, scopes client persistence by owner, and removes unsafe worker fallback paths.

Changes

Repository remediation

Layer / File(s) Summary
Ingress and access controls
.env.example, next.config.ts, src/proxy.ts, src/lib/validation/body.ts, src/app/api/*, tests/*
Upload envelopes and JSON bodies receive bounded-size validation; setup details and public document responses are more restricted.
Enrichment and worker lifecycle
src/app/api/documents/*, supabase/migrations/*, supabase/functions/indexing-v3-agent/index.ts, worker/main.ts
Enrichment is queued through an RPC, generated artifacts refresh transactionally, and ingestion commits require an active worker lease.
RAG trust and cache behavior
src/lib/*, supabase/migrations/20260711120000_retrieval_fn_plan_cache_mode.sql, tests/*
Citation support, numeric verification, lexical scoring, diagnostics, cache versioning, and abort handling are tightened.
Database governance and reconciliation
supabase/schema.sql, supabase/drift-manifest.json, supabase/migrations/*
Governance tables, maintenance functions, ACLs, indexes, retrieval functions, and drift metadata are synchronized.
Client state and UI behavior
src/components/*, src/lib/answer-thread-storage.ts, tests/answer-thread-storage.test.ts
Answer threads and recent queries become owner-scoped session state, setup requests carry authorization, and unavailable actions are disabled or reported.
Repository controls and validation
.github/workflows/eval-canary.yml, scripts/*, docs/*, tests/*
Evaluation input validation, stale drift pruning, retrieval capture expectations, review records, and related tests are updated.

Estimated code review effort: 5 (Critical) | ~120 minutes

Possibly related PRs

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/repository-review-remediation
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch codex/repository-review-remediation

Comment @coderabbitai help to get the list of available commands.

@supabase

supabase Bot commented Jul 12, 2026

Copy link
Copy Markdown

Updates to Preview Branch (codex/repository-review-remediation) ↗︎

Deployments Status Updated
Database Sun, 12 Jul 2026 20:16:04 UTC
Services Sun, 12 Jul 2026 20:16:04 UTC
APIs Sun, 12 Jul 2026 20:16:04 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks Status Updated
Configurations Sun, 12 Jul 2026 20:16:12 UTC
Migrations Sun, 12 Jul 2026 20:17:13 UTC
Seeding Sun, 12 Jul 2026 20:17:17 UTC
Edge Functions Sun, 12 Jul 2026 20:17:18 UTC

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

@BigSimmo
BigSimmo marked this pull request as ready for review July 13, 2026 06:06
@BigSimmo
BigSimmo merged commit 4973566 into main Jul 13, 2026
16 of 18 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4522758242

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines 146 to +148
function sourceStrengthFor(candidate: SourceCandidate) {
if (candidate.sourceStrength) return candidate.sourceStrength;
return candidate.citation.source_metadata?.document_status === "current" ? "strong" : "none";
return "none";

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve source strength for cited sources

For generated answers where answer.citations identify the same chunks as options.sources, citation candidates are collected before search-result candidates and dedupeSourceLinks keeps the first one. Since plain citations do not carry sourceStrength, this fallback now turns those cited sources into "none", so the UI/copy text labels otherwise strong/current cited evidence as “Unsupported” instead of using the SearchResult.source_strength available later in the candidate list. A focused render-model test with one citation plus the matching strong SearchResult would catch this.

Useful? React with 👍 / 👎.

Comment thread supabase/schema.sql
Comment on lines +1608 to +1610
revoke execute on function public.commit_document_index_generation(
uuid, uuid, text, integer, integer, integer, jsonb, jsonb, jsonb
) from public, anon, authenticated, service_role;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Remove the legacy commit RPC grant from schema

This fence is undone in the checked-in supabase/schema.sql: the old unfenced commit_document_index_generation(uuid, uuid, ...) overload is granted back to service_role later in the same snapshot, and the schema test still expects that grant. In any environment replaying or validating from schema.sql rather than the chronological migrations, a stale worker or service-role caller can still call the old overload without p_job_id/p_worker_id, bypassing the lease check this block adds. Searching schema.sql for the old signature grant is the smallest proof.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant