Skip to content

fix: rebase design-audit regression hardening onto current main#847

Closed
BigSimmo wants to merge 2 commits into
mainfrom
codex/design-audit-main-merge-clean-20260718
Closed

fix: rebase design-audit regression hardening onto current main#847
BigSimmo wants to merge 2 commits into
mainfrom
codex/design-audit-main-merge-clean-20260718

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

  • Rebase design-audit regression hardening onto current main from a clean branch.
  • Keep design-audit route/query/source regression fixes, migration assertions, and UI stability updates.
  • Scope includes route-error focusability, ClinicalDashboard home and AlsoMatches layout ordering, RAG retrieval cancellation/error typing hardening, and updated drift manifest expectations for current replay behavior.

Verification

  • npm run verify:cheap (not run: local node_modules is not bootstrapped in this environment)
  • npm run verify:ui (not run: local browser/test toolchain not available in this environment)
  • UI verification not run: local test runtime/environment cannot execute Playwright (npm run verify:ui) in this environment.
  • npm run check:pr-local (not run: requires local Playwright + full repo dependencies)
  • npm run check:production-readiness (not run: includes provider/clinical governance checks)

Risk and rollout

Risk: high - this PR touches clinical/RAG route behavior and navigation error handling, where regressions can impact user trust and answer routing integrity.
Rollback: revert this PR to restore pre-change behavior immediately.

Clinical Governance Preflight

  • Source-backed claims still require linked source verification before clinical use
  • No patient-identifiable document workflow was introduced or expanded without explicit governance approval
  • Supabase target remains Clinical KB Database (sjrfecxgysukkwxsowpy)
  • Service-role keys and private document access remain server-only
  • Demo/synthetic content remains clearly separated from real clinical sources
  • Source metadata, review status, and outdated/unknown-source behavior remain conservative
  • Deployment classification/TGA SaMD impact was checked when clinical decision-support behavior changed

@supabase

supabase Bot commented Jul 18, 2026

Copy link
Copy Markdown

Updates to Preview Branch (codex/design-audit-main-merge-clean-20260718) ↗︎

Deployments Status Updated
Database Sat, 18 Jul 2026 12:37:08 UTC
Services Sat, 18 Jul 2026 12:37:08 UTC
APIs Sat, 18 Jul 2026 12:37:08 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks Status Updated
Configurations Sat, 18 Jul 2026 12:37:09 UTC
Migrations Sat, 18 Jul 2026 12:37:12 UTC
Seeding ⏸️ Sat, 18 Jul 2026 12:37:02 UTC
Edge Functions ⏸️ Sat, 18 Jul 2026 12:37:02 UTC

❌ Branch Error • Sat, 18 Jul 2026 12:37:12 UTC

ERROR: Unsafe supabase_admin default privileges; migration blocked. (SQLSTATE 42501)
{"safe": false, "entries": ["function:PUBLIC:execute", "function:anon:execute", "function:authenticated:execute", "function:postgres:execute", "function:service_role:execute", "function:supabase_admin:execute", "sequence:anon:select", "sequence:anon:update", "sequence:anon:usage", "sequence:authenticated:select", "sequence:authenticated:update", "sequence:authenticated:usage", "sequence:postgres:select", "sequence:postgres:update", "sequence:postgres:usage", "sequence:service_role:select", "sequence:service_role:update", "sequence:service_role:usage", "sequence:supabase_admin:usage", "table:anon:delete", "table:anon:insert", "table:anon:maintain", "table:anon:references", "table:anon:select", "table:anon:trigger", "table:anon:truncate", "table:anon:update", "table:authenticated:delete", "table:authenticated:insert", "table:authenticated:maintain", "table:authenticated:references", "table:authenticated:select", "table:authenticated:trigger", "table:authenticated:truncate", "table:authenticated:update", "table:postgres:delete", "table:postgres:insert", "table:postgres:maintain", "table:postgres:references", "table:postgres:select", "table:postgres:trigger", "table:postgres:truncate", "table:postgres:update", "table:service_role:delete", "table:service_role:insert", "table:service_role:maintain", "table:service_role:references", "table:service_role:select", "table:service_role:trigger", "table:service_role:truncate", "table:service_role:update", "table:supabase_admin:delete", "table:supabase_admin:insert", "table:supabase_admin:maintain", "table:supabase_admin:references", "table:supabase_admin:select", "table:supabase_admin:trigger", "table:supabase_admin:truncate", "table:supabase_admin:update"], "role_exists": true, "schema_exists": true}
At statement: 3
do $$
declare
  v_status jsonb;
begin
  if not exists (select 1 from pg_catalog.pg_roles where rolname = 'supabase_admin') then
    raise notice 'role supabase_admin does not exist; default-privilege assertion is not applicable';
    return;
  end if;

  begin
    -- Local/Superuser-capable environments can assume the target role even
    -- when the migration role cannot use ALTER DEFAULT PRIVILEGES FOR ROLE
    -- directly. Hosted environments that cannot assume it fall through to the
    -- catalog assertion and block with operator instructions.
    execute 'set local role supabase_admin';
    -- Revokes must be global: per-schema ACLs cannot subtract privileges from
    -- built-in or previously granted global defaults.
    alter default privileges for role supabase_admin
      revoke all privileges on tables from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin in schema public
      revoke all privileges on tables from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin
      revoke all privileges on sequences from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin in schema public
      revoke all privileges on sequences from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin
      revoke execute on functions from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin in schema public
      revoke execute on functions from public, anon, authenticated, service_role;
    alter default privileges for role supabase_admin in schema public
      grant select, insert, update, delete on tables to service_role;
    alter default privileges for role supabase_admin in schema public
      grant usage, select on sequences to service_role;
    alter default privileges for role supabase_admin in schema public
      grant execute on functions to service_role;
    execute 'reset role';
  exception when insufficient_privilege then
    begin execute 'reset role'; exception when others then null; end;
    raise notice 'current role % cannot remediate supabase_admin default privileges; asserting the catalog postcondition', current_user;
  end;

  v_status := public.default_privileges_status('supabase_admin', 'public');
  if not coalesce((v_status->>'safe')::boolean, false) then
    raise exception using
      errcode = '42501',
      message = 'Unsafe supabase_admin default privileges; migration blocked.',
      detail = v_status::text,
      hint = E'Run these six statements as supabase_admin, then retry the migration:\n'
        'DO $remediate$ BEGIN ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin REVOKE ALL PRIVILEGES ON TABLES FROM PUBLIC, anon, authenticated, service_role; ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public REVOKE ALL PRIVILEGES ON TABLES FROM PUBLIC, anon, authenticated, service_role; END $remediate$;\n'
        'DO $remediate$ BEGIN ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin REVOKE ALL PRIVILEGES ON SEQUENCES FROM PUBLIC, anon, authenticated, service_role; ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public REVOKE ALL PRIVILEGES ON SEQUENCES FROM PUBLIC, anon, authenticated, service_role; END $remediate$;\n'
        'DO $remediate$ BEGIN ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC, anon, authenticated, service_role; ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC, anon, authenticated, service_role; END $remediate$;\n'
        'ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO service_role;\n'
        'ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO service_role;\n'
        'ALTER DEFAULT PRIVILEGES FOR ROLE supabase_admin IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO service_role;';
  end if;
end;
$$

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The PR adds caller-abort propagation to RAG classifier and RPC operations, instruments answer coalescing, relocates dashboard search matches, updates focus and search-parameter handling, adjusts Playwright behavior, and refreshes UI, audit, navigation, and schema regression expectations.

Changes

RAG cancellation and observability

Layer / File(s) Summary
RAG cancellation and answer metrics
src/lib/rag*.ts, src/lib/observability/...
Classifier waits and retrieval RPCs now accept abort signals; answer origination and coalesced waiter metrics are recorded.
Dashboard rendering and page contracts
src/app/page.tsx, src/components/ClinicalDashboard.tsx, src/components/route-error-boundary.tsx
Search parameters accept generic records, non-answer universal matches render inside the main section, and heading outlines use focus-visible.
Browser configuration and UI validation
playwright.config.ts, tests/ui-*.spec.ts
Chromium uses no-preference motion, while UI tests update heading, registry, form-result, and dock-transition expectations.
Audit and schema regression expectations
tests/audit-*.test.ts, tests/supabase-schema.test.ts, supabase/drift-manifest.json
Regression checks are aligned with revised source metadata, access gating, migration SQL, SQL-function logic, and regenerated manifest metadata.

Estimated code review effort: 4 (Complex) | ~45 minutes

Possibly related PRs

Suggested labels: codex

Suggested reviewers: copilot, cursoragent

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly summarizes the main change: rebasing regression hardening onto current main.
Description check ✅ Passed The description matches the template with Summary, Verification, Risk and rollout, and Clinical Governance sections filled in.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/design-audit-main-merge-clean-20260718

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/rag-candidate-sources.ts`:
- Around line 91-104: Update both call sites of callVersionedRetrievalRpc in
rag.ts, including the parallel hybrid RPC and vector-fallback RPC paths, to pass
the active cancellation signal through the signal parameter. Preserve all
existing arguments and behavior while ensuring search cancellation reaches both
retrieval callers.

In `@tests/ui-accessibility.spec.ts`:
- Line 51: Align the H1 assertions with the dashboard’s rendered “Clinical
Guide” heading, or update the source heading contract consistently if “Clinical
KB” is intended. Apply the same correction at tests/ui-accessibility.spec.ts
lines 51-51, tests/ui-smoke.spec.ts lines 876-876, and tests/ui-smoke.spec.ts
lines 1271-1271.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: c8558666-2437-4762-af11-c2171939fa02

📥 Commits

Reviewing files that changed from the base of the PR and between ea0251f and f9630eb.

📒 Files selected for processing (13)
  • playwright.config.ts
  • src/app/page.tsx
  • src/components/ClinicalDashboard.tsx
  • src/components/route-error-boundary.tsx
  • src/lib/rag-candidate-sources.ts
  • src/lib/rag.ts
  • supabase/drift-manifest.json
  • tests/audit-content-services-regressions.test.ts
  • tests/audit-navigation-auth-regressions.test.ts
  • tests/supabase-schema.test.ts
  • tests/ui-accessibility.spec.ts
  • tests/ui-smoke.spec.ts
  • tests/ui-tools.spec.ts

Comment on lines +91 to +104
signal?: AbortSignal,
): Promise<{ data: T | null; error: SupabaseRpcError }> {
const client = supabase as unknown as {
rpc: (name: string, rpcArgs: Record<string, unknown>) => Promise<{ data: T | null; error: SupabaseRpcError }>;
const client = supabase as unknown as SupabaseRpcClient;
const executeRpc = async (name: string, rpcArgs: Record<string, unknown>) => {
const pending = client.rpc(name, rpcArgs) as AbortableRpc<T>;
const pendingWithAbort =
signal && typeof pending.abortSignal === "function" ? pending.abortSignal(signal) : pending;
return await pendingWithAbort;
};
const versioned = await client.rpc(versionedName, args);
const versioned = await executeRpc(versionedName, args);
if (versioned && !isMissingRetrievalRpcError(versioned.error)) return versioned;
const legacyArgs = { ...args };
delete legacyArgs.include_public;
const ownerResult = await client.rpc(legacyName, legacyArgs);
const ownerResult = await executeRpc(legacyName, legacyArgs);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Thread the new cancellation signal through every retrieval caller.

callVersionedRetrievalRpc now accepts signal, but the two existing callers in src/lib/rag.ts (Lines 2837-2849 and 2945-2956) still omit it. Search cancellation therefore does not reach either the parallel hybrid RPC or the vector-fallback RPC.

Proposed fix
       callVersionedRetrievalRpc(
         supabase,
         "...",
         "...",
         {
           // existing arguments
         },
+        args.signal,
       );

Apply this to both call sites.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/rag-candidate-sources.ts` around lines 91 - 104, Update both call
sites of callVersionedRetrievalRpc in rag.ts, including the parallel hybrid RPC
and vector-fallback RPC paths, to pass the active cancellation signal through
the signal parameter. Preserve all existing arguments and behavior while
ensuring search cancellation reaches both retrieval callers.


async function expectDashboardUsable(page: Page) {
await expect(page.getByRole("heading", { level: 1, name: "Clinical Guide" })).toHaveCount(1);
await expect(page.getByRole("heading", { level: 1, name: "Clinical KB" })).toHaveCount(1);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Align all H1 assertions with the dashboard’s rendered heading. The supplied dashboard still renders Clinical Guide at src/components/ClinicalDashboard.tsx Line 3495, while all three changed tests require Clinical KB.

  • tests/ui-accessibility.spec.ts#L51-L51: update the source heading/title contract or assert Clinical Guide.
  • tests/ui-smoke.spec.ts#L876-L876: apply the same corrected H1 expectation.
  • tests/ui-smoke.spec.ts#L1271-L1271: apply the same corrected H1 expectation.
📍 Affects 2 files
  • tests/ui-accessibility.spec.ts#L51-L51 (this comment)
  • tests/ui-smoke.spec.ts#L876-L876
  • tests/ui-smoke.spec.ts#L1271-L1271
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/ui-accessibility.spec.ts` at line 51, Align the H1 assertions with the
dashboard’s rendered “Clinical Guide” heading, or update the source heading
contract consistently if “Clinical KB” is intended. Apply the same correction at
tests/ui-accessibility.spec.ts lines 51-51, tests/ui-smoke.spec.ts lines
876-876, and tests/ui-smoke.spec.ts lines 1271-1271.

@github-actions

github-actions Bot commented Jul 18, 2026

Copy link
Copy Markdown

CI triage

CI failed on this PR. Automated classification of the 2 failed job(s):

  • Production UIneeds investigation: inspect the failing step and uploaded diagnostics; rerun only after classifying the cause.
  • PR requiredneeds investigation: inspect the failing step and uploaded diagnostics; rerun only after classifying the cause.

Compared with main CI run #3269 (success).

Classification is evidence routing, not permission to ignore a failure. Exact quarantined Playwright identities remain governed by the flake ledger.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant