Skip to content

fix: land unique open-PR queue onto current main#808

Merged
cursor[bot] merged 1 commit into
mainfrom
cursor/pr-queue-land-bfe7
Jul 18, 2026
Merged

fix: land unique open-PR queue onto current main#808
cursor[bot] merged 1 commit into
mainfrom
cursor/pr-queue-land-bfe7

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

Verification

  • Focused Vitest for audit + factsheets (155 + 10)
  • npm run sitemap:check
  • node scripts/ci-change-scope.mjs --self-test
  • Hosted CI: Static / Unit / Production UI / Migration replay

Risk and rollout

  • Risk: medium — privacy audit write-path change + new factsheet routes + search-result DOM order
  • Rollback: revert this squash merge
  • Provider or production effects: migration scrubs historical audit_logs metadata only (no clinical content writes); factsheets are demo/static content

Clinical Governance Preflight

  • Source-backed claims still require linked source verification before clinical use
  • No patient-identifiable document workflow was introduced or expanded without explicit governance approval
  • Supabase target remains Clinical KB Database (sjrfecxgysukkwxsowpy)
  • Service-role keys and private document access remain server-only
  • Demo/synthetic content remains clearly separated from real clinical sources
  • Source metadata, review status, and outdated/unknown-source behavior remain conservative
  • Deployment classification/TGA SaMD impact was checked when clinical decision-support behavior changed

Notes

Open in Web Open in Cursor 

Summary by CodeRabbit

  • New Features
    • Added a patient information factsheet library with browsing, topic filtering, search, detail pages, sharing, and printing.
  • Accessibility
    • Improved fatal-error announcements for assistive technologies.
  • UI Improvements
    • Positioned cross-category search matches after primary results for clearer result flow.
  • Privacy & Security
    • Reduced sensitive, user-provided information retained in audit logs.
  • Tests
    • Added coverage for factsheet lookup, audit-log sanitization, and search-result ordering.

Replay the remaining unique work from the screenshot PR set onto an
up-to-date main branch: Also matches placement after primary results,
patient factsheet slice, durable audit metadata minimization (with
numeric storageRemoved retention), answer-progress UI gate coverage,
and global-error alert role. Avoids conflicted/behind individual PRs
and the design-audit branches that still fail Production UI.

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 67b4c54e-08b7-4354-b99b-80ed2886cb87

📥 Commits

Reviewing files that changed from the base of the PR and between 827c2f1 and d173213.

📒 Files selected for processing (29)
  • docs/privacy-impact-assessment.md
  • docs/site-map.md
  • playwright.config.ts
  • scripts/ci-change-scope.mjs
  • scripts/generate-site-map.ts
  • src/app/api/documents/[id]/route.ts
  • src/app/api/upload/route.ts
  • src/app/factsheets/[slug]/page.tsx
  • src/app/factsheets/layout.tsx
  • src/app/factsheets/page.tsx
  • src/app/factsheets/search/page.tsx
  • src/app/global-error.tsx
  • src/components/clinical-dashboard/differentials-home.tsx
  • src/components/clinical-dashboard/document-search-results.tsx
  • src/components/clinical-dashboard/favourites-command-library-page.tsx
  • src/components/clinical-dashboard/medication-prescribing-workspace.tsx
  • src/components/factsheets/factsheet-detail-page.tsx
  • src/components/factsheets/factsheet-shell.tsx
  • src/components/factsheets/factsheets-data.ts
  • src/components/factsheets/factsheets-home-page.tsx
  • src/components/factsheets/factsheets-search-page.tsx
  • src/components/forms/forms-search-results-page.tsx
  • src/components/formulation/formulation-home-page.tsx
  • src/components/services/services-navigator-page.tsx
  • src/lib/audit.ts
  • supabase/migrations/20260717163000_minimize_audit_log_metadata.sql
  • tests/audit.test.ts
  • tests/factsheets-data.test.ts
  • tests/ui-universal-search.spec.ts

📝 Walkthrough

Walkthrough

Adds a patient information factsheet vertical slice, minimizes persisted audit metadata, repositions universal-search match panels after primary results, improves global error accessibility, and aligns Playwright CI selection with the answer-progress smoke test.

Changes

Audit metadata minimization

Layer / File(s) Summary
Audit metadata allowlisting
src/lib/audit.ts, src/app/api/documents/[id]/route.ts, src/app/api/upload/route.ts
Audit writes now retain only action-specific operational fields, excluding filenames, titles, and content hashes.
Historical metadata migration
supabase/migrations/20260717163000_minimize_audit_log_metadata.sql, docs/privacy-impact-assessment.md
Existing audit rows are minimized and checked for prohibited metadata keys; documentation reflects the storage model.
Audit behavior tests
tests/audit.test.ts
Tests cover sanitized upload and rename metadata plus numeric and boolean delete cleanup values.

Patient information factsheets

Layer / File(s) Summary
Factsheet data contract
src/components/factsheets/factsheets-data.ts, tests/factsheets-data.test.ts
Adds sample factsheet records, topic definitions, slug lookup, and data tests.
Factsheet shell and browsing pages
src/components/factsheets/factsheet-shell.tsx, src/components/factsheets/factsheets-home-page.tsx, src/app/factsheets/layout.tsx, src/app/factsheets/page.tsx
Adds the shared layout and landing page with topic browsing, search navigation, and featured cards.
Search and detail routes
src/components/factsheets/factsheets-search-page.tsx, src/components/factsheets/factsheet-detail-page.tsx, src/app/factsheets/search/page.tsx, src/app/factsheets/[slug]/page.tsx
Adds URL-backed filtering, detail lookup, metadata, not-found handling, section rendering, and share controls.
Factsheet sitemap integration
docs/site-map.md, scripts/generate-site-map.ts
Adds collection, detail, and search routes to sitemap documentation and descriptions.

Universal search result ordering

Layer / File(s) Summary
Cross-mode result placement
src/components/clinical-dashboard/*, src/components/forms/forms-search-results-page.tsx, src/components/formulation/formulation-home-page.tsx, src/components/services/services-navigator-page.tsx
Moves UniversalSearchAlsoMatches after the primary result or empty-state content across search surfaces.
DOM ordering validation
tests/ui-universal-search.spec.ts
Mocks universal search and verifies the cross-mode panel follows primary services results.
Global error accessibility
src/app/global-error.tsx
Marks the fatal error heading as an ARIA alert.

Playwright CI scope

Layer / File(s) Summary
Test selection and classification
playwright.config.ts, scripts/ci-change-scope.mjs
Includes answer-progress-ui-smoke in Playwright matching and UI change-scope classification, with a matching self-test.

Estimated code review effort: 4 (Complex) | ~45 minutes

Possibly related PRs

  • BigSimmo/Database#753 — Directly overlaps with the audit metadata allowlisting and associated documentation and tests.
  • BigSimmo/Database#751 — Directly overlaps with the factsheet routes and components.
  • BigSimmo/Database#749 — Directly overlaps with universal-search result ordering and its Playwright assertion.

Suggested labels: codex

Suggested reviewers: claude

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch cursor/pr-queue-land-bfe7

Comment @coderabbitai help to get the list of available commands.

@supabase

supabase Bot commented Jul 18, 2026

Copy link
Copy Markdown

Updates to Preview Branch (cursor/pr-queue-land-bfe7) ↗︎

Deployments Status Updated
Database Sat, 18 Jul 2026 06:16:15 UTC
Services Sat, 18 Jul 2026 06:16:15 UTC
APIs Sat, 18 Jul 2026 06:16:15 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks Status Updated
Configurations Sat, 18 Jul 2026 06:16:23 UTC
Migrations Sat, 18 Jul 2026 06:17:33 UTC
Seeding ⏸️ Sat, 18 Jul 2026 06:16:06 UTC
Edge Functions ⏸️ Sat, 18 Jul 2026 06:16:06 UTC

❌ Branch Error • Sat, 18 Jul 2026 06:17:34 UTC

ERROR: Unsafe supabase_admin default privileges; migration blocked. (SQLSTATE 42501)
{"safe": false, "entries": ["function:PUBLIC:execute", "function:anon:execute", "function:authenticated:execute", "function:postgres:execute", "function:service_role:execute", "function:supabase_admin:execute", "sequence:anon:select", "sequence:anon:update", "sequence:anon:usage", "sequence:authenticated:select", "sequence:authenticated:update", "sequence:authenticated:usage", "sequence:postgres:select", "sequence:postgres:update", "sequence:postgres:usage", "sequence:service_role:select", "sequence:service_role:update", "sequence:service_role:usage", "sequence:supabase_admin:usage", "table:anon:delete", "table:anon:insert", "table:anon:maintain", "table:anon:references", "table:anon:select", "table:anon:trigger", "table:anon:truncate", "table:anon:update", "table:authenticated:delete", "table:authenticated:insert", "table:authenticated:maintain", "table:authenticated:references", "table:authenticated:select", "table:authenticated:trigger", "table:authenticated:truncate", "table:authenticated:update", "table:postgres:delete", "table:postgres:insert", "table:postgres:maintain", "table:postgres:references", "table:postgres:select", "table:postgres:trigger", "table:postgres:truncate", "table:postgres:update", "table:service_role:delete", "table:service_role:insert", "table:service_role:maintain", "table:service_role:references", "table:service_role:select", "table:service_role:trigger", "table:service_role:truncate", "table:service_role:update", "table:supabase_admin:delete", "table:supabase_admin:insert", "table:supabase_admin:maintain", "table:supabase_admin:references", "table:supabase_admin:select", "table:supabase_admin:trigger", "table:supabase_admin:truncate", "table:supabase_admin:update"], "role_exists": true, "schema_exists": true}
At statement: 3
do $$
declare
  v_status jsonb;
begin
  if not exists (select 1 from pg_catalog.pg_roles where rolname = 'supabase_admin') then
    raise notice 'role supabase_admin does not exist; default-privilege assertion is not applicable';
    return;
  end if;

  begin
    -- Local/Superuser-capable environments can assume the target role even
    -- when the migration role cannot use ALTER DEFAULT PRIVILEGES FOR ROLE
    -- directly. Hosted environments that cannot assume it fall through to the
    -- catalog assertion and block with operator instructions.
    execute 'set local role supabase_admin';
    -- Revokes must be global: per-schema ACLs cannot subtract privileges from
    -- built-in or previously granted global defaults.
    alter default privileges for role supabase_admin
      revoke all privileges on tables from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin in schema public
      revoke all privileges on tables from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin
      revoke all privileges on sequences from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin in schema public
      revoke all privileges on sequences from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin
      revoke execute on functions from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin in schema public
      revoke execute on functions from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin in schema public
      grant select, insert, update, delete on tables to service_role;
    alter default privileges for role supabase_admin in schema public
      grant usage, select on sequences to service_role;
    alter default privileges for role supabase_admin in schema public
      grant execute on functions to service_role;
    execute 'reset role';
  exception when insufficient_privilege then
    begin execute 'reset role'; exception when others then null; end;
    raise notice 'current role % cannot remediate supabase_admin default privileges; asserting the catalog postcondition', current_user;
  end;

  v_status := public.default_privileges_status('supabase_admin', 'public');
  if not coalesce((v_status->>'safe')::boolean, false) then
    raise exception using
      errcode = '42501',
      message = 'Unsafe supabase_admin default privileges; migration blocked.',
      detail = v_status::text,
      hint = E'Run these six statements as supabase_admin, then retry the migration:\n'
        'DO $remediate$ BEGIN ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin REVOKE ALL PRIVILEGES ON TABLES FROM PUBLIC, anon, authenticated, service_role; ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public REVOKE ALL PRIVILEGES ON TABLES FROM PUBLIC, anon, authenticated, service_role; END $remediate$;\n'
        'DO $remediate$ BEGIN ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin REVOKE ALL PRIVILEGES ON SEQUENCES FROM PUBLIC, anon, authenticated, service_role; ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public REVOKE ALL PRIVILEGES ON SEQUENCES FROM PUBLIC, anon, authenticated, service_role; END $remediate$;\n'
        'DO $remediate$ BEGIN ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC, anon, authenticated, service_role; ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC, anon, authenticated, service_role; END $remediate$;\n'
        'ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO service_role;\n'
        'ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO service_role;\n'
        'ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO service_role;';
  end if;
end;
$$

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

@cursor
cursor Bot marked this pull request as ready for review July 18, 2026 06:22
@cursor
cursor Bot merged commit 3b54a78 into main Jul 18, 2026
14 of 15 checks passed
@cursor
cursor Bot deleted the cursor/pr-queue-land-bfe7 branch July 18, 2026 06:22
cursor Bot pushed a commit that referenced this pull request Jul 18, 2026
Record the #808 consolidation outcome and closed superseding PRs so
future branch-review passes skip the unchanged closed heads.

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
cursor Bot pushed a commit that referenced this pull request Jul 18, 2026
Record the #808 consolidation outcome and closed superseding PRs so
future branch-review passes skip the unchanged closed heads.

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
cursor Bot pushed a commit that referenced this pull request Jul 18, 2026
Capture the #808/#812/#814 consolidation and closed superseding heads so
future branch-review passes skip the unchanged closed screenshot PRs.

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
cursor Bot pushed a commit that referenced this pull request Jul 18, 2026
Capture the #808/#812/#814 consolidation and closed superseding heads so
future branch-review passes skip the unchanged closed screenshot PRs.

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants