Skip to content

fix(db): renumber impact-map-query-cache migration to resolve 0131 collision#4554

Merged
JSONbored merged 1 commit into
mainfrom
claude/fix-migration-0131-collision
Jul 10, 2026
Merged

fix(db): renumber impact-map-query-cache migration to resolve 0131 collision#4554
JSONbored merged 1 commit into
mainfrom
claude/fix-migration-0131-collision

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Summary

Scope

  • The PR title follows type(scope): short summary Conventional Commit format.
  • This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
  • This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
  • I linked a currently open issue this PR resolves — owner/maintainer fix for a live migration-numbering collision on main, not tied to a filed issue.

Validation

  • git diff --check
  • npm run actionlint (via npm run test:ci)
  • npm run typecheck
  • npm run test:coverage locally — no source lines changed (pure file rename), nothing new to cover
  • npm run test:workers
  • npm run build:mcp
  • npm run test:mcp-pack
  • npm run ui:openapi:check
  • npm run ui:lint
  • npm run ui:typecheck
  • npm run ui:build
  • npm audit --audit-level=moderate
  • npm run db:migrations:check / npm run db:schema-drift:check — both clean post-rename

Safety

  • No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
  • Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
  • Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests — N/A, no such change.
  • API/OpenAPI/MCP behavior is updated and tested where needed — N/A, no behavior change.
  • UI changes use live API data — N/A, no UI change.
  • UI Evidence — N/A, no visible/UI change (pure migration file rename).
  • Public docs/changelogs updated — N/A.

Notes

  • Pure rename, no schema/SQL content change: migrations/0131_impact_map_query_cache.sqlmigrations/0132_impact_map_query_cache.sql.

…llision

Two PRs merged concurrently and both claimed migration number 0131; renumber
the impact_map_query_cache migration (merged second) to the next free number.
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@JSONbored JSONbored self-assigned this Jul 10, 2026
@JSONbored
JSONbored merged commit 50dd63b into main Jul 10, 2026
8 checks passed
@JSONbored
JSONbored deleted the claude/fix-migration-0131-collision branch July 10, 2026 01:39
@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@dfef438). Learn more about missing BASE report.
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4554   +/-   ##
=======================================
  Coverage        ?   94.09%           
=======================================
  Files           ?      427           
  Lines           ?    37924           
  Branches        ?    13846           
=======================================
  Hits            ?    35683           
  Misses          ?     1586           
  Partials        ?      655           
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

JSONbored added a commit that referenced this pull request Jul 10, 2026
… PRs)

origin/main has since merged #4545 (0131_screenshot_table_gate_matrix.sql)
and #4554 (0132_impact_map_query_cache.sql, itself a collision fix); rebase
onto current main and take the next free number.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4554)

Rebase onto current main and take the next free number now that
migrations/0132_impact_map_query_cache.sql (from #4554, itself a collision
fix) occupies the number this branch originally guessed.
JSONbored added a commit that referenced this pull request Jul 10, 2026
… PRs)

origin/main has since merged #4545 (0131_screenshot_table_gate_matrix.sql)
and #4554 (0132_impact_map_query_cache.sql, itself a collision fix); rebase
onto current main and take the next free number.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4554)

Rebase onto current main and take the next free number now that
migrations/0132_impact_map_query_cache.sql (from #4554, itself a collision
fix) occupies the number this branch originally guessed.
carlh7777 pushed a commit to carlh7777/gittensory that referenced this pull request Jul 10, 2026
…trust

gittensor:priority propagation required the PR author to be the linked issue's
own author or a GitHub assignee of it, with no relaxation -- unlike bug/feature,
which already trust a maintainer-authored issue without formal assignment
(trustMaintainerAuthoredIssue). But GitHub silently refuses to assign a
contributor lacking push/triage access to the repo, and our issues are almost
always maintainer-authored for open pickup, rarely formally assigned to a
specific person. That combination meant the reward label could structurally
never reach the external contributors it exists to reward, no matter how
correctly the rest of the propagation pipeline behaved -- confirmed live on
metagraphed PR JSONbored#4554 (issue JSONbored#3947 carried both gittensor:bug and
gittensor:priority; only bug ever propagated).

Adds a new, distinctly-named, opt-in LinkedIssueLabelPropagationMapping flag,
trustMaintainerAuthoredIssueForReward, so a repo whose priority label is meant
to incentivize open pickup (the maintainer's hand-picking already happened when
the issue was labeled, not gated on which contributor later closes it) can
extend the SAME maintainer-authored-issue relaxation to its reward mapping,
while a repo that wants the strict author-or-assignee bar preserved for its
reward label keeps that behavior unchanged by default. Enabled it for
gittensor:priority in this repo's own config, matching the enrichment-issue
open-pickup policy this label already implements for metagraphed.
JSONbored added a commit that referenced this pull request Jul 10, 2026
… PRs)

origin/main has since merged #4545 (0131_screenshot_table_gate_matrix.sql)
and #4554 (0132_impact_map_query_cache.sql, itself a collision fix); rebase
onto current main and take the next free number.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…4554)

Rebase onto current main and take the next free number now that
migrations/0132_impact_map_query_cache.sql (from #4554, itself a collision
fix) occupies the number this branch originally guessed.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…lag machine-paced submitters (#4549)

* feat(review): add a submission-cadence/inter-arrival-time signal to flag machine-paced submitters

Every existing anti-abuse signal (reputation burst-floor, slop score)
counts volume or ratios within a time window; none has an
inter-arrival-time or rate term. A fast, well-formed, strategically
low-value submitter is, by construction, invisible to the one
dimension (superhuman pace) that would otherwise be a strong tell --
a submitter can clear every quality bar (good outcomes, real
descriptions) while operating at a cadence no human plausibly
sustains, and today that cadence carries zero weight anywhere.

- computeSubmissionCadence / isMachinePacedCadence (pure): the median
  gap between a submitter's recent review_targets rows, flagged only
  once both a real sample size (5+) AND a sub-10-minute median gap
  are present -- a lone fast submission is not a pattern.
- getSubmitterCadence: queries created_at across ALL review_targets
  rows (not just terminal ones -- a fresh burst of still-open
  submissions is exactly what this needs to catch, since the AI
  review already ran on each one by the time it becomes terminal).
- Wired into shouldSkipAiForReputation as an independent, additional
  check alongside the existing quality/burst signal -- a submitter
  whose individual PRs all look fine can still be caught on cadence
  alone, and the (extra) cadence read is skipped once the
  quality/burst check alone already justifies downgrading.

Scoped to per-repo cadence for now, matching this PR's own scope;
an install-wide variant (mirroring #4513's confirmed-miner-aware
cross-repo pattern) is a natural fast-follow once #4513 merges.

Fixes #4514

* fix(db): renumber migration 0132 -> 0133 (0132 claimed by merged PR #4554)

Rebase onto current main and take the next free number now that
migrations/0132_impact_map_query_cache.sql (from #4554, itself a collision
fix) occupies the number this branch originally guessed.

* fix(db): renumber migration 0133 -> 0134 (0133 claimed by merged PR #4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.
JSONbored added a commit that referenced this pull request Jul 10, 2026
… PRs)

origin/main has since merged #4545 (0131_screenshot_table_gate_matrix.sql)
and #4554 (0132_impact_map_query_cache.sql, itself a collision fix); rebase
onto current main and take the next free number.
JSONbored added a commit that referenced this pull request Jul 10, 2026
… PRs)

origin/main has since merged #4545 (0131_screenshot_table_gate_matrix.sql)
and #4554 (0132_impact_map_query_cache.sql, itself a collision fix); rebase
onto current main and take the next free number.
JSONbored added a commit that referenced this pull request Jul 10, 2026
…-wide for confirmed miners (#4546)

* fix(review): make submitter-reputation burst/AI-spend defense install-wide for confirmed miners

getSubmitterReputation's burst/low-sample thresholds are scoped
WHERE project = ? AND submitter = ? -- a single repo. A fleet
identity spreading a handful of gate-passing-but-low-value PRs
across dozens of repos in one self-hosted install never accumulates
enough same-repo sample density to read as "burst" or "low"
anywhere, so the reputation defense never fires for it and every one
of its submissions burns full paid AI-review spend indefinitely.

- New getSubmitterReputationAcrossInstall in submitter-reputation.ts:
  the identical quality-weighted signal derivation, scoped by
  review_targets.installation_id instead of project (that column
  already existed, migrations/0050; this adds the supporting index).
- New getEffectiveSubmitterReputation in reputation-wire.ts: the
  per-repo signal, additionally widened to the install-wide view for
  a CONFIRMED official Gittensor miner -- but only when the per-repo
  signal alone doesn't already justify caution, so an ordinary
  contributor or an already-flagged submitter pays no extra lookup.
- Extracted the miner-identity check (shared with #4512) into
  src/gittensor/miner-detection-cache.ts so both this module and
  unlinked-issue-guardrail.ts can use it without a circular import
  through processors.ts.
- Wired into both call sites: shouldSkipAiForReputation (the main
  AI-spend gate) and the vision-review reputation check.

Fixes #4513

* fix: renumber migration 0130 -> 0131 (0130 was claimed by #4538, already merged to main)

* fix(test): account for getEffectiveSubmitterReputation's miner-identity check in visual-vision tests

runVisualVisionForAdvisory now resolves reputation via getEffectiveSubmitterReputation
(#4513), which checks confirmed-official-miner identity (a fetch to
api.gittensor.io/miners) whenever the submitter's per-repo signal is
neutral -- a real, intentional behavior change this test file's existing
"no network calls at all" assertions didn't account for. Stub that one
identity check to resolve cleanly and assert precisely that no OTHER
(BYOK/vision-spend) network call happens, rather than asserting zero fetch
calls outright.

* fix(db): renumber migration 0131 -> 0133 (0131/0132 claimed by merged PRs)

origin/main has since merged #4545 (0131_screenshot_table_gate_matrix.sql)
and #4554 (0132_impact_map_query_cache.sql, itself a collision fix); rebase
onto current main and take the next free number.

* fix(db): renumber migration 0133 -> 0134 (0133 claimed by merged PR #4556)

Rebase onto current main and take the next free number now that
migrations/0133_screenshot_table_gate_skill_link.sql (from #4556) occupies
the number this branch previously took.

* fix(db): renumber migration 0134 -> 0139 (0134 has a pre-existing 3-way collision on main)

main currently has three DIFFERENT already-merged files at 0134
(#4549/#4558/#4563) -- tracked separately as its own fix (PR #4577, not yet
merged). Since that fix already claims through 0138, take 0139 here to
avoid colliding with it once it lands; this branch's own
db:migrations:check will stay red until #4577 merges (unrelated to this
branch's own changes), and will need one more rebase afterward.

* test(review): close 2 coverage gaps surfaced by the #4514 rebase-merge

getEffectiveSubmitterReputation's getRepository().catch() needed a real
read-failure test (added); its isConfirmedOfficialMiner().catch() is
unreachable (that function already catches every internal failure point
itself) and getSubmitterReputationAcrossInstall's results ?? [] fallback is
the same "D1 always populates results" case already v8-ignored elsewhere in
this codebase -- both marked accordingly.

* fix(review): isolate #4507's reputation-single-read invariant from cross-test miner-cache pollution

Several earlier tests in this file cache "contributor" as a confirmed official
Gittensor miner (5-min TTL) in the shared per-file D1 instance. That collided
with #4513's new install-wide reputation widening, which correctly detects the
stale cache and adds a 4th reputation-scan D1 read for a submitter this test
never intended to be a miner. Use a submitter login unique to this test instead.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant