Skip to content

chore: apply 51278a70d remediations onto origin/main#854

Closed
BigSimmo wants to merge 3 commits into
mainfrom
codex/main-apply-51278-merge-20260718-clean-final
Closed

chore: apply 51278a70d remediations onto origin/main#854
BigSimmo wants to merge 3 commits into
mainfrom
codex/main-apply-51278-merge-20260718-clean-final

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

  • Applied merge commit 51278a70d remediation set onto origin/main while preserving current main behavior.
  • Scope includes retrieval/supabase/rag test updates plus source-status assertions and manifest compatibility updates.
  • Outcome: one explicit merge commit (d8739ed02) with no runtime code changes beyond the reviewed remediation scope.

Verification

  • npm run verify:pr-local during local iteration (initially blocked by missing prettier/toolchain modules in this worktree; rerun pending full toolchain install).
  • npm run verify:cheap (runtime portion passed; final gate failed at tooling stage: scripts/generate-site-map.ts could not resolve prettier in this checkout).
  • npm run verify:ui when UI, routing, styling, browser behavior, reduced-motion, or forced-colors behavior changed
  • UI verification not run: Playwright config type mismatch (playwright.config.ts) blocked production/advisory UI lanes; hosted UI checks were re-run after this fix to refresh before merge.
  • npm run verify:release before release or handoff confidence claims

For retrieval, ranking, selection, chunking, source/citation rendering, or answer-contract changes, verify:pr-local runs eval:rag:offline automatically.

  • npm run check:production-readiness when clinical workflow, privacy, Supabase, source governance, or deployment behavior changed
  • npm run check:deployment-readiness when deployment startup, hosting, or rollout behavior changed

Risk and rollout

  • Risk: medium — changes touch clinical retrieval/supabase schema assertion tests and source-verification behavior around forms/catalog outputs.
  • Rollback: revert d8739ed02 and re-run gh pr checkout plus smoke checks; no data migrations or schema changes shipped.
  • Provider or production effects: none introduced by this branch; no provider secrets changed.

Clinical Governance Preflight

  • Source-backed claims still require linked source verification before clinical use
  • No patient-identifiable document workflow was introduced or expanded without explicit governance approval
  • Supabase target remains Clinical KB Database (sjrfecxgysukkwxsowpy)
  • Service-role keys and private document access remain server-only
  • Demo/synthetic content remains clearly separated from real clinical sources
  • Source metadata, review status, and outdated/unknown-source behavior remain conservative
  • Deployment classification/TGA SaMD impact was checked when clinical decision-support behavior changed

Notes

  • Validation evidence is limited by missing local dependencies (prettier) in this worktree; all required checks will be revalidated by hosted CI after fix.

Summary by CodeRabbit

  • Accessibility

    • Updated the main dashboard heading to “Clinical KB” across supported views.
  • Bug Fixes

    • Improved gating for private dashboard polling and mutations.
    • Refined forms search results to avoid displaying unsupported source, pathway, and evidence details.
    • Improved mobile search dock transition behavior.
  • Tests

    • Updated regression, schema, sitemap, accessibility, and UI coverage to reflect current dashboard, forms, and database behavior.

@supabase

supabase Bot commented Jul 18, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy due to reaching the limit of concurrent preview branches.
Go to Project Integrations Settings ↗︎ if you wish to update this limit.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 0a49a870-2520-4baa-ae6f-d9f9d0466e26

📥 Commits

Reviewing files that changed from the base of the PR and between e51c651 and d701f2a.

📒 Files selected for processing (9)
  • playwright.config.ts
  • supabase/drift-manifest.json
  • tests/audit-content-services-regressions.test.ts
  • tests/audit-navigation-auth-regressions.test.ts
  • tests/site-map.test.ts
  • tests/supabase-schema.test.ts
  • tests/ui-accessibility.spec.ts
  • tests/ui-smoke.spec.ts
  • tests/ui-tools.spec.ts

📝 Walkthrough

Walkthrough

The PR updates Playwright Chromium settings, UI and regression-test expectations, sitemap checks, and Supabase schema validation. The drift manifest reflects current database objects, while tests now verify revised form provenance, authentication gating, dashboard labeling, and interaction behavior.

Changes

Browser and regression contracts

Layer / File(s) Summary
Browser configuration and UI validation
playwright.config.ts, tests/ui-accessibility.spec.ts, tests/ui-smoke.spec.ts, tests/ui-tools.spec.ts
Chromium tests use reducedMotion: "no-preference"; dashboard tests expect “Clinical KB”; form-result exclusions and mobile dock transition checks were added.
Content and navigation regression contracts
tests/audit-content-services-regressions.test.ts, tests/audit-navigation-auth-regressions.test.ts, tests/site-map.test.ts
Assertions now cover confirmation-required form sources, conditional source links, authenticated private API gating, updated accessibility text, and product-route sitemap placement.

Supabase schema contracts

Layer / File(s) Summary
Schema drift manifest alignment
supabase/drift-manifest.json
Manifest metadata and recorded indexes, triggers, functions, constraints, ACLs, and definition hashes were updated.
Schema regression assertion updates
tests/supabase-schema.test.ts
Schema tests now expect the current ACL migration, registry cleanup conversion, and trigram similarity threshold checks.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Possibly related PRs

Suggested reviewers: copilot, cursoragent

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/main-apply-51278-merge-20260718-clean-final

Comment @coderabbitai help to get the list of available commands.

@BigSimmo BigSimmo closed this Jul 18, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d701f2aac0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

"postgres_image": "supabase/postgres:17.6.1.127",
"schema_sha256": "302a9ecec8e69564d50035be8480fa5e5686ca6136d96978f2188ecf5fb58be1",
"replay_seconds": 18,
"schema_sha256": "e93fe90cae38654e77b7be0f81e5a0c90b0c7db2fd37d76e32f4f52a089eff45",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Regenerate the drift manifest from the current schema

This changes the manifest hash to e93fe90c…, but the normalized hash of the checked-in supabase/schema.sql is still 302a9ece…; scripts/check-drift.ts explicitly fails fast when these differ. In any environment that runs the Supabase drift gate, this stale manifest blocks the check before live drift is compared, and the snapshot also omits objects still created by current migrations such as the registry projection and title-word artifacts. Regenerate supabase/drift-manifest.json from the current schema.

Useful? React with 👍 / 👎.

.filter((fileName) => /^\d+_.+\.sql$/.test(fileName))
.sort();
expect(migrationFiles.at(-1)).toBe("20260717173000_reassert_supabase_admin_default_privileges.sql");
expect(migrationFiles.at(-1)).toBe("20260717161000_assert_supabase_admin_default_privileges.sql");

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep the final migration guard aligned with migrations

The migrations directory still sorts to 20260717173000_reassert_supabase_admin_default_privileges.sql, so this reverted assertion now fails in tests/supabase-schema.test.ts before the Supabase replay guards can pass. This same stale-schema pattern shows up later in the file as well, where the updated assertions reject the current pg_catalog.to_jsonb(old) cleanup function and require corrector guards that are not present in the final schema. Update the expected guard to the actual final migration/schema state or include the missing SQL changes.

Useful? React with 👍 / 👎.

Comment thread tests/site-map.test.ts
expect(data.publicRouteHandlers).toContainEqual({ route, file });
expect(data.apiRoutes).not.toContainEqual({ route, file });
expect(data.redirects).toContainEqual({ route, file, target });
expect(productSection).toContain(`\`${route}\``);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Assert redirect handlers in the redirect section

The generated site map lists /applications, /differentials/presentations, and /medications under ## Redirects, and the existing test immediately above already asserts they are not in productSection. This added duplicate test expects the opposite, so tests/site-map.test.ts fails for these valid redirect-only routes; assert against the redirect section or remove the duplicate block.

Useful? React with 👍 / 👎.

cursor Bot pushed a commit that referenced this pull request Jul 18, 2026
Note hosted green merge of the clinical-search fix and closure of
duplicate remediations #854/#855 that appeared during babysit.

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant