Skip to content

feat(storage): add SQLite and Postgres control planes#221

Open
ian-pascoe wants to merge 15 commits into
mainfrom
feat/sql-storage-backends
Open

feat(storage): add SQLite and Postgres control planes#221
ian-pascoe wants to merge 15 commits into
mainfrom
feat/sql-storage-backends

Conversation

@ian-pascoe

Copy link
Copy Markdown
Contributor

Summary

Caplets can now run a complete mutable Current Host control plane on zero-config SQLite for single-node installs or Postgres for multi-node deployments. Container images and project repositories remain portable filesystem bootstrap sources, while dashboard and global CLI mutations persist transactionally in SQL.

This closes the gap where container replacement lost mutable host state and multiple nodes could not safely share installs, credentials, approvals, or runtime generations.

Design decisions

Area Contract
Authority Filesystem bootstrap/config remains authoritative; SQL owns mutable global state; project Caplets and lockfiles remain repository-owned.
Single node SQLite is the default, requires no external service, and uses protected local state and artifact paths.
Distributed Postgres coordinates one logical Current Host with fenced writers, generation-indexed snapshots, convergence health, and bounded degraded reads.
Migrations SQLite and Postgres use paired, checksummed migration manifests with compatibility, rollback, backup, and exclusion requirements.
Bootstrap drift Nodes with mismatched filesystem bootstrap fingerprints fail readiness rather than serving divergent runtime state.
Failure behavior SQL outages retain the last known-good snapshot in read-only mode; mutations remain fail-closed.

What is now possible

  • Persist global Caplet installs, host settings, auth/session state, Vault data, approvals, activity, provenance, and security lifecycles in SQLite or Postgres.
  • Compose runtime state from authoritative filesystem layers plus effective SQL-owned records, including dormant/shadowed lifecycle handling.
  • Install and update global catalog Caplets through one transaction-bound mutation path used by local CLI, authenticated remote CLI, and dashboard operations.
  • Import, preview, activate, revalidate, export, and range-download portable Caplet artifacts without making temporary filesystem staging authoritative.
  • Transfer an offline SQLite Current Host to Postgres with resumable journals, previewed cutover, pre-activation rollback, and roll-forward-only finalization.
  • Store artifacts on the protected filesystem or S3-compatible object storage with quota reservations, immutable parts, manifests, and cleanup.
  • Operate Current Host management and storage recovery through authenticated HTTP, CLI, and dashboard surfaces.

Operational boundaries

  • Automatic legacy adoption requires reviewed provenance, exclusive ownership, verified backups, credential protection, and platform-specific process exclusion. Otherwise operators must stop old replicas and run caplets storage migrate --global --offline.
  • SQLite-to-Postgres transfer is intentionally offline and one-way after durable destination activation.
  • Postgres tenancy is one logical host cluster per store; multi-tenant database partitioning is outside this contract.
  • Large logs and media payloads remain outside the SQL control-plane rows.
  • The published package includes both migration trees, required native drivers, storage clients, and the signed Windows exclusion helper contract.

Validation

  • pnpm verify passed in the pre-push hook: formatting, lint, generated APIs/schema/docs, paired migration checks, typechecking, 2,956 workspace tests, benchmark freshness, build, and packaged runtime smoke.
  • Isolated SQLite runtime benchmarks passed the 1-second p99 contract:
    • 64 MiB SQL asset materialization: 723 ms p99 worst run.
    • Exact 2,000-Caplet / 100,000-row / 256 MiB composition: 855 ms p99 worst run.
  • Dashboard route and management behavior: 30 browser tests passed.
  • Focused migration, dialect, security, portability, remote-management, package-boundary, native integration, and storage regression suites passed.

Compound Engineering
Codex

@greptile-apps

greptile-apps Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Too many files changed for review. (340 files found, 250 file limit)

Bypass the limit by tagging @greptile-apps to review.

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Too many files!

This PR contains 339 files, which is 239 over the limit of 100.

To get a review, narrow the scope:
• coderabbit review --type committed # exclude uncommitted changes
• coderabbit review --dir # limit to a subdirectory
• coderabbit review --base # compare against a closer base

Upgrade to a paid plan to raise the limit.

Usage-priced reviews support at most 300 files.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 338f9f2c-651b-41fa-865d-8f9edd1f9466

📥 Commits

Reviewing files that changed from the base of the PR and between f857e5f and cae79ec.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (339)
  • .changeset/brave-storage-authority.md
  • .gitattributes
  • .github/workflows/ci.yml
  • .github/workflows/release.yml
  • CONCEPTS.md
  • apps/dashboard/src/components/DashboardApp.test.tsx
  • apps/dashboard/src/components/DashboardApp.tsx
  • apps/dashboard/src/components/PortableCapletsPage.test.tsx
  • apps/dashboard/src/components/PortableCapletsPage.tsx
  • apps/dashboard/src/components/caplets-route.test.ts
  • apps/dashboard/src/components/caplets-route.ts
  • apps/dashboard/src/components/catalog/CatalogAuthorityButton.tsx
  • apps/dashboard/src/components/catalog/CatalogDetailPage.test.tsx
  • apps/dashboard/src/components/catalog/CatalogDetailPage.tsx
  • apps/dashboard/src/components/catalog/CatalogPage.test.tsx
  • apps/dashboard/src/components/catalog/CatalogPage.tsx
  • apps/dashboard/src/components/catalog/CatalogResults.test.tsx
  • apps/dashboard/src/components/catalog/CatalogResults.tsx
  • apps/dashboard/src/lib/api.test.ts
  • apps/dashboard/src/lib/api.ts
  • apps/docs/src/content/docs/reference/config.mdx
  • apps/landing/public/config.schema.json
  • docs/adr/0003-remote-client-role-boundaries.md
  • docs/agents/domain.md
  • docs/architecture.md
  • docs/plans/2026-07-14-001-feat-sql-storage-backends-plan.md
  • docs/product/storage-backends.md
  • package.json
  • packages/benchmarks/lib/control-plane-snapshot-benchmark.ts
  • packages/benchmarks/test/benchmark.test.ts
  • packages/benchmarks/test/control-plane-snapshot-benchmark.test.ts
  • packages/cli/src/index.ts
  • packages/cli/test/package.test.ts
  • packages/core/README.md
  • packages/core/drizzle.postgres.config.ts
  • packages/core/drizzle.sqlite.config.ts
  • packages/core/drizzle/postgres/0000_foamy_zuras.down.sql
  • packages/core/drizzle/postgres/0000_foamy_zuras.manifest.json
  • packages/core/drizzle/postgres/0000_foamy_zuras.sql
  • packages/core/drizzle/postgres/0001_eager_thunderbird.down.sql
  • packages/core/drizzle/postgres/0001_eager_thunderbird.manifest.json
  • packages/core/drizzle/postgres/0001_eager_thunderbird.sql
  • packages/core/drizzle/postgres/0002_parched_sauron.down.sql
  • packages/core/drizzle/postgres/0002_parched_sauron.manifest.json
  • packages/core/drizzle/postgres/0002_parched_sauron.sql
  • packages/core/drizzle/postgres/0003_concerned_lily_hollister.down.sql
  • packages/core/drizzle/postgres/0003_concerned_lily_hollister.manifest.json
  • packages/core/drizzle/postgres/0003_concerned_lily_hollister.sql
  • packages/core/drizzle/postgres/0004_short_ultimatum.down.sql
  • packages/core/drizzle/postgres/0004_short_ultimatum.manifest.json
  • packages/core/drizzle/postgres/0004_short_ultimatum.sql
  • packages/core/drizzle/postgres/0005_moaning_nextwave.down.sql
  • packages/core/drizzle/postgres/0005_moaning_nextwave.manifest.json
  • packages/core/drizzle/postgres/0005_moaning_nextwave.sql
  • packages/core/drizzle/postgres/0006_clean_callisto.down.sql
  • packages/core/drizzle/postgres/0006_clean_callisto.manifest.json
  • packages/core/drizzle/postgres/0006_clean_callisto.sql
  • packages/core/drizzle/postgres/0007_overjoyed_lethal_legion.down.sql
  • packages/core/drizzle/postgres/0007_overjoyed_lethal_legion.manifest.json
  • packages/core/drizzle/postgres/0007_overjoyed_lethal_legion.sql
  • packages/core/drizzle/postgres/0008_living_gwen_stacy.manifest.json
  • packages/core/drizzle/postgres/0008_living_gwen_stacy.sql
  • packages/core/drizzle/postgres/0009_robust_scalphunter.manifest.json
  • packages/core/drizzle/postgres/0009_robust_scalphunter.sql
  • packages/core/drizzle/postgres/meta/0000_snapshot.json
  • packages/core/drizzle/postgres/meta/0001_snapshot.json
  • packages/core/drizzle/postgres/meta/0002_snapshot.json
  • packages/core/drizzle/postgres/meta/0003_snapshot.json
  • packages/core/drizzle/postgres/meta/0004_snapshot.json
  • packages/core/drizzle/postgres/meta/0005_snapshot.json
  • packages/core/drizzle/postgres/meta/0006_snapshot.json
  • packages/core/drizzle/postgres/meta/0007_snapshot.json
  • packages/core/drizzle/postgres/meta/0008_snapshot.json
  • packages/core/drizzle/postgres/meta/0009_snapshot.json
  • packages/core/drizzle/postgres/meta/_journal.json
  • packages/core/drizzle/sqlite/0000_orange_tusk.down.sql
  • packages/core/drizzle/sqlite/0000_orange_tusk.manifest.json
  • packages/core/drizzle/sqlite/0000_orange_tusk.sql
  • packages/core/drizzle/sqlite/0001_conscious_wilson_fisk.down.sql
  • packages/core/drizzle/sqlite/0001_conscious_wilson_fisk.manifest.json
  • packages/core/drizzle/sqlite/0001_conscious_wilson_fisk.sql
  • packages/core/drizzle/sqlite/0002_colorful_maverick.down.sql
  • packages/core/drizzle/sqlite/0002_colorful_maverick.manifest.json
  • packages/core/drizzle/sqlite/0002_colorful_maverick.sql
  • packages/core/drizzle/sqlite/0003_lazy_terrax.down.sql
  • packages/core/drizzle/sqlite/0003_lazy_terrax.manifest.json
  • packages/core/drizzle/sqlite/0003_lazy_terrax.sql
  • packages/core/drizzle/sqlite/0004_condemned_cardiac.down.sql
  • packages/core/drizzle/sqlite/0004_condemned_cardiac.manifest.json
  • packages/core/drizzle/sqlite/0004_condemned_cardiac.sql
  • packages/core/drizzle/sqlite/0005_great_matthew_murdock.down.sql
  • packages/core/drizzle/sqlite/0005_great_matthew_murdock.manifest.json
  • packages/core/drizzle/sqlite/0005_great_matthew_murdock.sql
  • packages/core/drizzle/sqlite/0006_mature_bill_hollister.down.sql
  • packages/core/drizzle/sqlite/0006_mature_bill_hollister.manifest.json
  • packages/core/drizzle/sqlite/0006_mature_bill_hollister.sql
  • packages/core/drizzle/sqlite/0007_cuddly_cerebro.down.sql
  • packages/core/drizzle/sqlite/0007_cuddly_cerebro.manifest.json
  • packages/core/drizzle/sqlite/0007_cuddly_cerebro.sql
  • packages/core/drizzle/sqlite/0008_giant_shard.manifest.json
  • packages/core/drizzle/sqlite/0008_giant_shard.sql
  • packages/core/drizzle/sqlite/0009_harsh_gideon.manifest.json
  • packages/core/drizzle/sqlite/0009_harsh_gideon.sql
  • packages/core/drizzle/sqlite/meta/0000_snapshot.json
  • packages/core/drizzle/sqlite/meta/0001_snapshot.json
  • packages/core/drizzle/sqlite/meta/0002_snapshot.json
  • packages/core/drizzle/sqlite/meta/0003_snapshot.json
  • packages/core/drizzle/sqlite/meta/0004_snapshot.json
  • packages/core/drizzle/sqlite/meta/0005_snapshot.json
  • packages/core/drizzle/sqlite/meta/0006_snapshot.json
  • packages/core/drizzle/sqlite/meta/0007_snapshot.json
  • packages/core/drizzle/sqlite/meta/0008_snapshot.json
  • packages/core/drizzle/sqlite/meta/0009_snapshot.json
  • packages/core/drizzle/sqlite/meta/_journal.json
  • packages/core/native/windows-exclusion-helper/.gitignore
  • packages/core/native/windows-exclusion-helper/Caplets.WindowsExclusionHelper.csproj
  • packages/core/native/windows-exclusion-helper/Program.cs
  • packages/core/package.json
  • packages/core/rolldown.config.ts
  • packages/core/scripts/build-dashboard-for-core.mjs
  • packages/core/scripts/build-windows-exclusion-helper.mjs
  • packages/core/scripts/copy-control-plane-migrations.mjs
  • packages/core/src/attach/api.ts
  • packages/core/src/attach/server.ts
  • packages/core/src/auth.ts
  • packages/core/src/auth/store.ts
  • packages/core/src/caplet-files-bundle.ts
  • packages/core/src/caplet-sets.ts
  • packages/core/src/caplet-source/index.ts
  • packages/core/src/caplet-source/runtime-fingerprint.ts
  • packages/core/src/cli.ts
  • packages/core/src/cli/auth.ts
  • packages/core/src/cli/code-mode.ts
  • packages/core/src/cli/commands.ts
  • packages/core/src/cli/doctor.ts
  • packages/core/src/cli/install.ts
  • packages/core/src/cli/lockfile.ts
  • packages/core/src/cli/setup-caplet.ts
  • packages/core/src/cli/setup.ts
  • packages/core/src/cloud/runtime-adapter.ts
  • packages/core/src/cloud/runtime-http.ts
  • packages/core/src/config-runtime.ts
  • packages/core/src/config.ts
  • packages/core/src/config/paths.ts
  • packages/core/src/config/validation.ts
  • packages/core/src/control-plane/artifacts/filesystem.ts
  • packages/core/src/control-plane/artifacts/provider.ts
  • packages/core/src/control-plane/artifacts/s3.ts
  • packages/core/src/control-plane/artifacts/sessions.ts
  • packages/core/src/control-plane/authorization.ts
  • packages/core/src/control-plane/caplets/export.ts
  • packages/core/src/control-plane/caplets/import.ts
  • packages/core/src/control-plane/caplets/index.ts
  • packages/core/src/control-plane/caplets/model.ts
  • packages/core/src/control-plane/caplets/portable-codec.ts
  • packages/core/src/control-plane/caplets/repository.ts
  • packages/core/src/control-plane/dialect/migrations.ts
  • packages/core/src/control-plane/dialect/postgres.ts
  • packages/core/src/control-plane/dialect/sqlite.ts
  • packages/core/src/control-plane/health.ts
  • packages/core/src/control-plane/key-provider/file-v1.ts
  • packages/core/src/control-plane/key-provider/manifest.ts
  • packages/core/src/control-plane/migration/backup.ts
  • packages/core/src/control-plane/migration/catastrophic-recovery.ts
  • packages/core/src/control-plane/migration/exclusion.ts
  • packages/core/src/control-plane/migration/exclusion/linux.ts
  • packages/core/src/control-plane/migration/exclusion/macos.ts
  • packages/core/src/control-plane/migration/exclusion/windows.ts
  • packages/core/src/control-plane/migration/key-conversion.ts
  • packages/core/src/control-plane/migration/legacy-model.ts
  • packages/core/src/control-plane/migration/legacy.ts
  • packages/core/src/control-plane/migration/manifest.ts
  • packages/core/src/control-plane/migration/persistence.ts
  • packages/core/src/control-plane/migration/production-transfer.ts
  • packages/core/src/control-plane/migration/restore.ts
  • packages/core/src/control-plane/migration/transfer.ts
  • packages/core/src/control-plane/model/fields.ts
  • packages/core/src/control-plane/model/host-settings.ts
  • packages/core/src/control-plane/model/index.ts
  • packages/core/src/control-plane/model/storage-identity.ts
  • packages/core/src/control-plane/native/darwin-secure-filesystem.ts
  • packages/core/src/control-plane/native/windows-secure-filesystem.ts
  • packages/core/src/control-plane/operations.ts
  • packages/core/src/control-plane/production-adapters.ts
  • packages/core/src/control-plane/production-runtime.ts
  • packages/core/src/control-plane/runtime-caches.ts
  • packages/core/src/control-plane/schema/definition.ts
  • packages/core/src/control-plane/schema/model-codec.ts
  • packages/core/src/control-plane/schema/postgres.ts
  • packages/core/src/control-plane/schema/sqlite.ts
  • packages/core/src/control-plane/secure-state.ts
  • packages/core/src/control-plane/security/index.ts
  • packages/core/src/control-plane/security/key-rotation.ts
  • packages/core/src/control-plane/security/repository.ts
  • packages/core/src/control-plane/service.ts
  • packages/core/src/control-plane/snapshot.ts
  • packages/core/src/control-plane/storage-benchmark-envelope.ts
  • packages/core/src/control-plane/storage-config.ts
  • packages/core/src/control-plane/storage.ts
  • packages/core/src/control-plane/store.ts
  • packages/core/src/control-plane/types.ts
  • packages/core/src/current-host/authority.ts
  • packages/core/src/current-host/catalog-operations.ts
  • packages/core/src/current-host/client-operations.ts
  • packages/core/src/current-host/operations.ts
  • packages/core/src/current-host/vault-operations.ts
  • packages/core/src/dashboard/activity-log.ts
  • packages/core/src/dashboard/routes.ts
  • packages/core/src/dashboard/session-store.ts
  • packages/core/src/downstream.ts
  • packages/core/src/engine.ts
  • packages/core/src/google-discovery/manager.ts
  • packages/core/src/graphql.ts
  • packages/core/src/http-actions.ts
  • packages/core/src/media/artifacts.ts
  • packages/core/src/native.ts
  • packages/core/src/native/service.ts
  • packages/core/src/openapi.ts
  • packages/core/src/registry.ts
  • packages/core/src/remote-control/dispatch.ts
  • packages/core/src/remote-control/types.ts
  • packages/core/src/remote/server-credential-store.ts
  • packages/core/src/remote/server-credentials.ts
  • packages/core/src/runtime.ts
  • packages/core/src/serve/host-local-credential-authority.ts
  • packages/core/src/serve/http.ts
  • packages/core/src/serve/index.ts
  • packages/core/src/serve/stdio.ts
  • packages/core/src/setup/local-store.ts
  • packages/core/src/setup/runner.ts
  • packages/core/src/vault/crypto.ts
  • packages/core/src/vault/index.ts
  • packages/core/src/vault/keys.ts
  • packages/core/test/artifact-provider.test.ts
  • packages/core/test/attach-api.test.ts
  • packages/core/test/attach-service-wiring.test.ts
  • packages/core/test/auth.test.ts
  • packages/core/test/caplet-portability-boundaries.test.ts
  • packages/core/test/caplet-portability-corpus.test.ts
  • packages/core/test/caplet-portability-surfaces.test.ts
  • packages/core/test/caplet-sets.test.ts
  • packages/core/test/caplets-lockfile.test.ts
  • packages/core/test/cli-auth-sql-authority.test.ts
  • packages/core/test/cli-install-output.test.ts
  • packages/core/test/cli-remote.test.ts
  • packages/core/test/cli.test.ts
  • packages/core/test/cloud-runtime-adapter-provenance.test.ts
  • packages/core/test/code-mode-cli.test.ts
  • packages/core/test/code-mode-mcp.test.ts
  • packages/core/test/config-paths.test.ts
  • packages/core/test/config.test.ts
  • packages/core/test/control-plane-artifact-sessions.test.ts
  • packages/core/test/control-plane-backup-envelope.test.ts
  • packages/core/test/control-plane-caplets.test.ts
  • packages/core/test/control-plane-catastrophic-recovery.test.ts
  • packages/core/test/control-plane-degraded.test.ts
  • packages/core/test/control-plane-dialects.test.ts
  • packages/core/test/control-plane-key-conversion.test.ts
  • packages/core/test/control-plane-key-provider.test.ts
  • packages/core/test/control-plane-key-rotation.test.ts
  • packages/core/test/control-plane-legacy-migration.test.ts
  • packages/core/test/control-plane-management.test.ts
  • packages/core/test/control-plane-migration-exclusion.test.ts
  • packages/core/test/control-plane-migration-persistence.test.ts
  • packages/core/test/control-plane-migrations.test.ts
  • packages/core/test/control-plane-model-corpus.test.ts
  • packages/core/test/control-plane-production-runtime-vault.test.ts
  • packages/core/test/control-plane-production-runtime.test.ts
  • packages/core/test/control-plane-restore.test.ts
  • packages/core/test/control-plane-runtime-caches.test.ts
  • packages/core/test/control-plane-runtime.test.ts
  • packages/core/test/control-plane-schema.test.ts
  • packages/core/test/control-plane-security-state.test.ts
  • packages/core/test/control-plane-snapshot-envelope.test.ts
  • packages/core/test/control-plane-startup.test.ts
  • packages/core/test/control-plane-store-contract.test.ts
  • packages/core/test/control-plane-transactions.test.ts
  • packages/core/test/control-plane-transfer-cli.test.ts
  • packages/core/test/control-plane-transfer.test.ts
  • packages/core/test/current-host-administration.test.ts
  • packages/core/test/current-host-authority.test.ts
  • packages/core/test/current-host-catalog-operations.test.ts
  • packages/core/test/dashboard-activity.test.ts
  • packages/core/test/dashboard-api.test.ts
  • packages/core/test/dashboard-catalog.test.ts
  • packages/core/test/dashboard-runtime.test.ts
  • packages/core/test/dashboard-session.test.ts
  • packages/core/test/dashboard-static.test.ts
  • packages/core/test/dashboard-vault.test.ts
  • packages/core/test/doctor-cli.test.ts
  • packages/core/test/engine.test.ts
  • packages/core/test/fixtures/control-plane-corpus.ts
  • packages/core/test/fixtures/exclusion-crash.ts
  • packages/core/test/fixtures/exclusion-holder.mjs
  • packages/core/test/fixtures/exclusion-multiroot-crash.ts
  • packages/core/test/fixtures/postgres-control-plane.ts
  • packages/core/test/fixtures/prior-package-tombstones.mjs
  • packages/core/test/helpers/control-plane-activation.ts
  • packages/core/test/host-local-credential-authority.test.ts
  • packages/core/test/http-actions.test.ts
  • packages/core/test/key-provider.test.ts
  • packages/core/test/media-artifacts.test.ts
  • packages/core/test/native-remote.test.ts
  • packages/core/test/native.test.ts
  • packages/core/test/package-boundaries.test.ts
  • packages/core/test/postgres-convergence.test.ts
  • packages/core/test/remote-control-dispatch.test.ts
  • packages/core/test/remote-login-cli.test.ts
  • packages/core/test/remote-pairing.test.ts
  • packages/core/test/runtime-fingerprint.test.ts
  • packages/core/test/runtime.test.ts
  • packages/core/test/secure-state.test.ts
  • packages/core/test/serve-http.test.ts
  • packages/core/test/serve-session.test.ts
  • packages/core/test/setup-env.ts
  • packages/core/test/setup-runner.test.ts
  • packages/core/test/storage-benchmark-fixture.test.ts
  • packages/core/test/storage-config.test.ts
  • packages/core/test/storage-package-matrix.test.ts
  • packages/core/test/storage-production-adapters.test.ts
  • packages/core/test/storage-resolution.test.ts
  • packages/core/test/vault.test.ts
  • packages/core/test/windows-exclusion-helper.test.ts
  • packages/opencode/src/index.ts
  • packages/opencode/test/opencode.test.ts
  • packages/pi/src/index.ts
  • packages/pi/test/pi.test.ts
  • pnpm-workspace.yaml
  • schemas/caplets-config.schema.json
  • scripts/check-package-runtime.mjs
  • scripts/storage-package-check.mjs
  • scripts/storage-platform-check.mjs
  • scripts/storage-schema-check.mjs
  • scripts/storage-stack-check.mjs
  • storage-results/storage-platform-linux.json
  • storage/benchmark-envelope.json
  • storage/package-matrix.json
  • storage/result.schema.json
  • storage/stack-selection.json

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/sql-storage-backends

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@socket-security

socket-security Bot commented Jul 17, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedbetter-sqlite3@​12.11.18810010088100
Addedpg@​8.22.09910010089100
Addeddrizzle-kit@​0.31.10991009697100
Added@​aws-sdk/​client-s3@​3.1087.09910010098100

View full report

@socket-security

socket-security Bot commented Jul 17, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm better-sqlite3 is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/core/package.jsonnpm/better-sqlite3@12.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/better-sqlite3@12.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

@ian-pascoe
ian-pascoe force-pushed the feat/sql-storage-backends branch 11 times, most recently from 81b216e to 03b0047 Compare July 17, 2026 20:23
@ian-pascoe
ian-pascoe force-pushed the feat/sql-storage-backends branch 14 times, most recently from cce464c to 0db4611 Compare July 17, 2026 23:03
@ian-pascoe
ian-pascoe force-pushed the feat/sql-storage-backends branch from 0db4611 to cae79ec Compare July 17, 2026 23:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant