Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/branch-review-ledger.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,5 @@ Use this ledger to prevent repeated branch and PR reviews when the reviewed HEAD
| 2026-07-11 | codex/repository-review-remediation | 70ec6409a11a85e1678eb4b320519624673a94a0 | comprehensive repository report remediation | Revalidated all 17 findings from the 2026-07-09 comprehensive review. Remediated the current workflow injection, document scope, numeric faithfulness, ingestion lease/ownership, transactional enrichment replacement, request and upload budgets, browser identity isolation, PHI retention, public DTO, cache cancellation/versioning, evidence labelling, modal focus, misleading controls, telemetry, orphan-module issues, and two server/client loading-boundary failures exposed during browser QA. The runbook filename was already fixed on the reviewed head. | TypeScript, lint, focused Vitest (68/68), full offline Vitest (1,607/1,607; 1 skipped), production build, client-bundle secret scan, Docker schema replay and regenerated drift manifest, isolated full migration reset, local lease-reclaim concurrency proof, cache/enrichment SQL smoke, configured production-readiness (`READY`), Chromium document-scope/modal QA (4/4), manual disabled-control accessibility snapshots, and `git diff --check` passed. Read-only live drift found 26 unexpected differences, including the three unapplied remediation functions; no live mutation was performed. |
| 2026-07-11 | codex/responsive-accessibility-audit | 66883b7c86f606e617db4bee2bab6f85fff59bdc | responsive and accessibility audit | P2 fixed: the mobile expandable clinical table no longer wraps semantic table content in a duplicate ARIA button, and its full-screen dialog now traps keyboard focus while preserving Escape dismissal and focus return. Added responsive ARIA and focus regression coverage. No additional high-confidence responsive or accessibility defect was reproduced across audited primary app modes and 320px-1440px widths. | Multi-width DOM/geometry/contrast audit; a11y media (2/2); overlap (12/12); table Vitest (6/6); TypeScript; lint/static checks; full Vitest (1,598 passed, 1 skipped); `npm run verify:ui` (132/132); Prettier; `git diff --check`. Provider checks skipped. |
| 2026-07-13 | codex/repository-review-remediation | b72cefd2f5c0da79788cc0f8d0d40837c711ae92 | live-drift reconciliation and release review | Reconciled production migration history and live-ahead governance/retrieval definitions without mutating live; removed the migration-version collision; made captured OUT-signature changes fresh-replay-safe; preserved production ACLs; added a forward lexical-score correction; and reduced read-only live drift from 27 differences to five changes fully explained by the unapplied remediation migrations. No remaining high-confidence source defect was found in the reviewed scope. | Docker schema replay and regenerated manifest; isolated full Supabase migration reset; focused Vitest 74/74; full Vitest 1,712 passed/1 skipped; lint; typecheck; production build and client-bundle secret scan; configured production-readiness READY; targeted Chromium scope/modal/control QA 4/4; read-only live drift; Supabase security advisor clear. Live apply not run because authorization remained read-only. |
| 2026-07-13 | codex/repository-review-remediation | 452275824294564a1e08e6bec169bd4af744d09a | live migration apply and post-apply review | Applied the four reviewed forward migrations to `Clinical KB Database`, aligned repository filenames to the generated production versions, and corrected the schema snapshot so the legacy unfenced commit overload remains inaccessible to `service_role`. Live drift is clean and no active ingestion/enrichment overlap or duplicate open ingestion group was found. | Ran `npm run check:drift`: passed clean. Ran `npm run check:production-readiness`: READY. Ran Docker schema replay: passed. Ran focused concurrency/retrieval Vitest: 166/166 passed. Ran offline RAG: 36 fixtures and 60/60 contract tests passed. Ran M13, retrieval-owner, schema-health, lexical-retrieval, concurrency, and ACL live probes: passed; lexical retrieval returned 12 truthfully scored results. Not completed: full provider retrieval-quality evaluation exceeded the local command window; deterministic live retrieval checks passed. |
| 2026-07-13 | codex/fix-48h-review-findings-current | 49735663370735a60870d065ed0de3b9d34e077f | last-48-hours PR remediation | Revalidated the last-48-hours findings on current main after PRs #538 and #540; retained only unique fixes across auth/cache isolation, stale-response protection, upload/routing/UI behavior, RAG coalescing, telemetry, worktree tooling, and SAST enforcement. No remaining high-confidence local defect was found in the changed scope. The approved live drift check reported only the five differences already explained by unapplied migrations from #540. | Focused Vitest 107/107; `npm run verify:pr-local` (1,762 passed, 1 skipped; production build and client-bundle scan; offline RAG 60/60); critical Chromium 8/8; live `check:drift`; `git diff --check`. Full Chromium remains advisory after the earlier runner hang; the required critical subset passed on current main. |
8 changes: 4 additions & 4 deletions docs/forward-codify-retrieval-rpcs-workorder.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# Work-order — forward-codify live-ahead retrieval RPC bodies (drift backlog #0)

**Status: reconciled in source on 2026-07-13; live apply remains pending explicit write approval.**
The production-current definitions were captured read-only, preserved under their actual migration
versions, replayed successfully in scratch PostgreSQL, and removed from the drift allowlist. The
four forward remediation migrations remain unapplied to live.
**Status: complete.** The production-current definitions were captured read-only and preserved under
their actual migration versions. Ran the scratch PostgreSQL replay: passed. Ran the reviewed live
migration apply: applied `20260713062107`, `20260713062125`, `20260713062132`, and `20260713062139`
on 2026-07-13. Ran `npm run check:drift`: passed. Ran `npm run check:production-readiness`: READY.
Comment on lines +3 to +6

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Mark the execution procedure as completed or historical.

The status now says the migrations were applied on July 13, 2026, but the later procedure still tells operators to apply them and remove the allowlist entries. That stale imperative text can cause a future operator to repeat an already-completed live migration workflow. Mark Steps 1–7 as historical or replace them with the recorded completion evidence.

🧰 Tools
🪛 LanguageTool

[style] ~6-~6: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...-13. Ran npm run check:drift: passed. Ran npm run check:production-readiness: R...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/forward-codify-retrieval-rpcs-workorder.md` around lines 3 - 6, Update
the execution procedure in Steps 1–7 to clearly indicate it is historical and
already completed, or replace those instructions with the recorded migration
completion evidence. Remove stale imperative guidance telling operators to apply
the migrations or remove allowlist entries, while preserving the documented
applied migration versions and validation results.


Historical blockers at authoring time (2026-07-12):

Expand Down
11 changes: 5 additions & 6 deletions supabase/drift-manifest.json
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"generated_at": "2026-07-13T07:24:51.999Z",
"generated_at": "2026-07-13T08:06:40.593Z",
"generator": "scripts/generate-drift-manifest.ts",
"postgres_image": "supabase/postgres:17.6.1.127",
"schema_sha256": "d88316aa2edeb597b439663b323ab169b12c0e75bc57eafcf489b1d340bacf47",
"replay_seconds": 17,
"schema_sha256": "0a30a1ea8c8dbb3fd520115d28a17d99c94d9bc5164efe6c287c3b48969be81b",
"replay_seconds": 16,
"snapshot": {
"views": [
{
Expand Down Expand Up @@ -6271,8 +6271,7 @@
},
{
"acl": [
"postgres=X/postgres",
"service_role=X/postgres"
"postgres=X/postgres"
],
"def_hash": "594b1f715fbbfa1df1b1f1183a7fef5a",
"signature": "public.commit_document_index_generation(uuid,uuid,text,integer,integer,integer,jsonb,jsonb,jsonb)"
Expand Down Expand Up @@ -6595,7 +6594,7 @@
"postgres=X/postgres",
"service_role=X/postgres"
],
"def_hash": "9020d937b00df3a36669e870c4aae17b",
"def_hash": "baa8c0bda37cc561026baecdf1cca1c2",
"signature": "public.request_indexing_v3_enrichment(uuid,uuid)"
},
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,39 @@ set search_path = public, extensions, pg_temp
as $$
declare
v_job_id uuid;
v_job_status text;
begin
-- Validate without taking the document lock. The job row is created/locked
-- first below so request and claim paths share one lock order.
perform 1
from public.documents
where id = p_document_id and owner_id = p_owner_id and status = 'indexed';
if not found then
raise exception using errcode = 'P0001', message = 'document_not_available_for_enrichment';
end if;

insert into public.indexing_v3_agent_jobs (
document_id, status, enrichment_status, attempt_count, max_attempts, version, metadata
) values (
p_document_id, 'pending', 'pending', 0, 3, 'visual-core-v3', '{}'::jsonb
)
on conflict (document_id) do nothing
returning id, status into v_job_id, v_job_status;

if v_job_id is null then
select id, status into v_job_id, v_job_status
from public.indexing_v3_agent_jobs
where document_id = p_document_id
for update;
end if;

if v_job_id is null then
raise exception using errcode = 'P0001', message = 'enrichment_job_unavailable';
end if;
if v_job_status = 'processing' then
raise exception using errcode = 'P0001', message = 'enrichment_active';
end if;

perform 1
from public.documents
where id = p_document_id and owner_id = p_owner_id and status = 'indexed'
Expand All @@ -34,29 +66,13 @@ begin
next_run_at = null,
last_error = null,
updated_at = now()
where document_id = p_document_id
and status <> 'processing'
returning id into v_job_id;

if v_job_id is null then
if exists (
select 1 from public.indexing_v3_agent_jobs
where document_id = p_document_id and status = 'processing'
) then
raise exception using errcode = 'P0001', message = 'enrichment_active';
end if;
insert into public.indexing_v3_agent_jobs (
document_id, status, enrichment_status, attempt_count, max_attempts, version, metadata
) values (
p_document_id, 'pending', 'pending', 0, 3, 'visual-core-v3', '{}'::jsonb
)
returning id into v_job_id;
end if;
where id = v_job_id;

update public.documents
set metadata = (coalesce(metadata, '{}'::jsonb)
- 'indexing_v3_agent_locked_by' - 'indexing_v3_agent_locked_at'
- 'indexing_v3_agent_last_error' - 'indexing_v3_agent_next_run_at')
- 'indexing_v3_agent_last_error' - 'indexing_v3_agent_next_run_at'
- 'indexing_v3_agent_attempt_count' - 'indexing_v3_agent_max_attempts')
|| jsonb_build_object(
'enrichment_status', 'pending',
'indexing_v3_agent_status', 'pending',
Expand Down
57 changes: 36 additions & 21 deletions supabase/schema.sql
Original file line number Diff line number Diff line change
Expand Up @@ -5234,8 +5234,7 @@ revoke execute on function public.jsonb_merge_deep(jsonb, jsonb) from public, an
grant execute on function public.jsonb_merge_deep(jsonb, jsonb) to service_role;
revoke execute on function public.apply_document_metadata_patch(uuid, jsonb) from public, anon, authenticated;
grant execute on function public.apply_document_metadata_patch(uuid, jsonb) to service_role;
revoke execute on function public.commit_document_index_generation(uuid, uuid, text, integer, integer, integer, jsonb, jsonb, jsonb) from public, anon, authenticated;
grant execute on function public.commit_document_index_generation(uuid, uuid, text, integer, integer, integer, jsonb, jsonb, jsonb) to service_role;
revoke execute on function public.commit_document_index_generation(uuid, uuid, text, integer, integer, integer, jsonb, jsonb, jsonb) from public, anon, authenticated, service_role;
revoke execute on function public.cleanup_abandoned_document_index_generations(uuid, integer, boolean) from public, anon, authenticated;
grant execute on function public.cleanup_abandoned_document_index_generations(uuid, integer, boolean) to service_role;
revoke execute on function public.is_committed_document_generation(uuid, jsonb) from public, anon, authenticated;
Expand Down Expand Up @@ -5385,7 +5384,39 @@ set search_path = public, extensions, pg_temp
as $$
declare
v_job_id uuid;
v_job_status text;
begin
-- Validate without taking the document lock. The job row is created/locked
-- first below so request and claim paths share one lock order.
perform 1
from public.documents
where id = p_document_id and owner_id = p_owner_id and status = 'indexed';
if not found then
raise exception using errcode = 'P0001', message = 'document_not_available_for_enrichment';
end if;

insert into public.indexing_v3_agent_jobs (
document_id, status, enrichment_status, attempt_count, max_attempts, version, metadata
) values (
p_document_id, 'pending', 'pending', 0, 3, 'visual-core-v3', '{}'::jsonb
)
on conflict (document_id) do nothing
returning id, status into v_job_id, v_job_status;

if v_job_id is null then
select id, status into v_job_id, v_job_status
from public.indexing_v3_agent_jobs
where document_id = p_document_id
for update;
end if;

if v_job_id is null then
raise exception using errcode = 'P0001', message = 'enrichment_job_unavailable';
end if;
if v_job_status = 'processing' then
raise exception using errcode = 'P0001', message = 'enrichment_active';
end if;

perform 1
from public.documents
where id = p_document_id and owner_id = p_owner_id and status = 'indexed'
Expand All @@ -5410,29 +5441,13 @@ begin
next_run_at = null,
last_error = null,
updated_at = now()
where document_id = p_document_id
and status <> 'processing'
returning id into v_job_id;

if v_job_id is null then
if exists (
select 1 from public.indexing_v3_agent_jobs
where document_id = p_document_id and status = 'processing'
) then
raise exception using errcode = 'P0001', message = 'enrichment_active';
end if;
insert into public.indexing_v3_agent_jobs (
document_id, status, enrichment_status, attempt_count, max_attempts, version, metadata
) values (
p_document_id, 'pending', 'pending', 0, 3, 'visual-core-v3', '{}'::jsonb
)
returning id into v_job_id;
end if;
where id = v_job_id;

update public.documents
set metadata = (coalesce(metadata, '{}'::jsonb)
- 'indexing_v3_agent_locked_by' - 'indexing_v3_agent_locked_at'
- 'indexing_v3_agent_last_error' - 'indexing_v3_agent_next_run_at')
- 'indexing_v3_agent_last_error' - 'indexing_v3_agent_next_run_at'
- 'indexing_v3_agent_attempt_count' - 'indexing_v3_agent_max_attempts')
|| jsonb_build_object(
'enrichment_status', 'pending',
'indexing_v3_agent_status', 'pending',
Expand Down
26 changes: 26 additions & 0 deletions tests/supabase-schema.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,10 @@ const indexingV3AgentJobsMigration = readFileSync(
new URL("../supabase/migrations/20260702190000_indexing_v3_agent_jobs_table.sql", import.meta.url),
"utf8",
).replace(/\s+/g, " ");
const routeEnrichmentThroughAgentMigration = readFileSync(
new URL("../supabase/migrations/20260713062139_route_enrichment_through_agent.sql", import.meta.url),
"utf8",
).replace(/\s+/g, " ");
const clinicalRegistryRecordsMigration = readFileSync(
new URL("../supabase/migrations/20260703020000_clinical_registry_records.sql", import.meta.url),
"utf8",
Expand Down Expand Up @@ -257,6 +261,9 @@ describe("Supabase schema Data API grants", () => {
);
}
expect(schema).toContain(
"revoke execute on function public.commit_document_index_generation(uuid, uuid, text, integer, integer, integer, jsonb, jsonb, jsonb) from public, anon, authenticated, service_role",
);
expect(schema).not.toContain(
"grant execute on function public.commit_document_index_generation(uuid, uuid, text, integer, integer, integer, jsonb, jsonb, jsonb) to service_role",
);
expect(atomicReindexMigration).toContain("atomic reindex patch did not match match_document_chunks_hybrid");
Expand Down Expand Up @@ -384,6 +391,25 @@ describe("Supabase schema Data API grants", () => {
expect(schema).toContain("grant execute on function public.invoke_indexing_v3_agent(integer) to service_role");
});

it("keeps enrichment requests conflict-safe with job-first locking and complete reset metadata", () => {
for (const sql of [schema, routeEnrichmentThroughAgentMigration]) {
const start = sql.indexOf("create or replace function public.request_indexing_v3_enrichment");
const end = sql.indexOf("$$;", start);
const body = sql.slice(start, end);
expect(start).toBeGreaterThanOrEqual(0);
expect(end).toBeGreaterThan(start);
expect(body).toContain("on conflict (document_id) do nothing");
expect(body).toContain("select id, status into v_job_id, v_job_status");
expect(body).toContain("from public.indexing_v3_agent_jobs");
expect(body).toContain("for update");
expect(body).toContain("v_job_status = 'processing'");
expect(body.indexOf("from public.indexing_v3_agent_jobs")).toBeLessThan(
body.lastIndexOf("from public.documents"),
);
expect(body).toContain("'indexing_v3_agent_attempt_count' - 'indexing_v3_agent_max_attempts'");
}
});

it("drops the stale duplicate ingestion_job_stages document index", () => {
for (const sql of [schema, dropDuplicateStageIndexMigration]) {
expect(sql).toContain("drop index if exists public.ingestion_job_stages_doc_idx");
Expand Down