Auth middleware#3
Merged
Merged
Conversation
jakebromberg
added a commit
that referenced
this pull request
Apr 28, 2026
…red#82) Snapshot files in meta/ ended at 0056_snapshot.json — twelve migrations between 0057 and 0067 shipped by hand-editing the SQL + journal without running drizzle:generate, so each one's snapshot was never emitted. Cumulatively, drizzle:generate against current schema produced a 30-line catch-up migration containing operations the database already had, which broke any contributor's first attempt at adding a real new migration. Three changes: 1. shared/database/src/migrations/meta/0068_snapshot.json — single catch-up snapshot reflecting current schema state (drizzle:generate output rewritten as the latest snapshot, prevId pointing to 0056's id). Verified: a second drizzle:generate against a fresh DB now reports "No schema changes, nothing to migrate". 2. scripts/validate-migrations.mjs grows Check 7: every non-allowlisted journal entry must have a matching snapshot file. The allowlist HISTORICAL_MISSING_SNAPSHOT_IDXS = {36, 41, 47-54, 57-67} captures the historical gap and explicitly must not grow — any future hand- edit pattern fails CI with a clear message pointing at `npm run drizzle:generate`. 3. CLAUDE.md "Migration workflow" gains a paragraph explaining the two parallel meta/ artifacts (journal vs per-idx snapshots), why hand-editing the journal accumulates rot, and the validator's enforcement. Two new unit tests in tests/unit/scripts/validate-migrations.test.ts: - "flags a journal entry with no matching snapshot file (post-#590 hand-edit canary)": adds an entry at idx 9000 (outside any allowlist), no snapshot, asserts Check 7 fires with the drizzle:generate hint. - "tolerates the historically-missing 0057-0067 snapshot gap": pins the allowlist tolerance against the current repo state so future allowlist edits can't silently promote the gap to an error. The pre-existing "flags a broken prevId chain" test was hard-coded to 0055_snapshot.json (then the latest); generalised to walk the meta directory and pick whichever idx is current head, so the test stays correct as more migrations land. Closes #590. Unblocks DoD #3 of WXYC/wxyc-shared#82.
This was referenced May 2, 2026
jakebromberg
added a commit
that referenced
this pull request
May 6, 2026
jakebromberg
added a commit
that referenced
this pull request
May 8, 2026
…d disabled flag) Empty `library_identity` + `library_identity_source` + `library_identity_history` tables per plan §3.2. No reader or writer code references them in this PR — the dual-table writer (§3.2.2.2), the canonical-entity-id backfill refactor (§4 step 2), and the manual-override MVP job (§3.2.4) ship in subsequent PRs under epic E2-BS (#663). Behind feature flag `BS_USE_LIBRARY_IDENTITY=false` (default; documented in CLAUDE.md "Cross-cache-identity feature flags (canonical inventory)" via #740). Changes: - `shared/database/src/schema.ts`: three new tables in `wxyc_schema`. `library_identity` is the main one-row-per-library-row record with eight per-source ID columns (`discogs_master_id`, `discogs_release_id`, three MB UUIDs, `wikidata_qid`, `spotify_id`, `apple_music_id`), a `method` enum + `confidence` per §3.4.1, and a STORED GENERATED `distinct_unresolved_sources` audit-view helper. `library_identity_source` is the per-source sidecar (PK `(library_id, source)`) for forensic detail. `library_identity_history` is the supersedure log; FK-free to library so history rows outlive library row deletion. - `shared/database/src/migrations/0075_library-identity-substrate.sql`: drizzle-kit-generated DDL, with leading comment block and `-- @no-precondition-needed` opt-out documenting why empty-table FKs need no inline gate. Journal `when` bumped to `1779856000007` per CLAUDE.md (one ms above 0074's tail). - `scripts/check-library-identity-gate.sql`: §3.2.3 gate-check returning `truly_unresolved_rows` and PASS/FAIL based on the <1000 threshold. Honors the §3.4.1.1 Rule 3 fallback semantics (sibling resolution must be `method != 'inherited'` to count). - `scripts/check-precondition-guards.sh`: §3.2.3.1 CI linter that fails any future migration referencing `library_identity*` columns without inlining the gate-check or using the `-- precondition-guard: not-required` opt-out. Wired into `.github/workflows/test.yml` as the "Migration guards (cross-cache-identity)" job, alongside the existing `lint:migrations` step. - `.env.example`: new "Cross-cache-identity feature flags" section with `BS_USE_LIBRARY_IDENTITY=false` and `BS_USE_LIBRARY_IDENTITY_WRITES=false`. Cross-references the canonical CLAUDE.md section that ships in #740 (BS#667 1/3). Source enum lockstep linter (`scripts/validate-library-identity-sources.sh` per §3.2.4) is intentionally deferred to the writer / manual-override PR — at this PR's open time there is no writer code or override job to validate against, so the linter would have no reference set. The follow-up #741 audit captures the broader cross-repo doc-vs-code drift check. Plan reference: WXYC/wiki plans/library-hook-canonicalization-plan.md §3.2 (schema), §3.2.3 (precondition guards + four-artifact checklist), §3.2.3.1 (CI enforcement), §3.4.1 (confidence matrix), §4.2 (feature flags), §9 PR #3 (this PR). Refs #663 (E2 epic). Refs #666 / #739 (E2 step 0b — CLAUDE.md notes including the cross-cache-identity precondition-guard cross-epic pattern that this migration demonstrates). Refs #667 / #740 (E2 step 0d — canonical feature-flag inventory section that the new .env.example entries cross-reference). Refs #668 / #742 (E2 step 0e — existing-jobs lock-pattern audit confirming no conflict with this writer's lock domain).
jakebromberg
added a commit
that referenced
this pull request
May 8, 2026
…d disabled flag) Empty `library_identity` + `library_identity_source` + `library_identity_history` tables per plan §3.2. No reader or writer code references them in this PR — the dual-table writer (§3.2.2.2), the canonical-entity-id backfill refactor (§4 step 2), and the manual-override MVP job (§3.2.4) ship in subsequent PRs under epic E2-BS (#663). Behind feature flag `BS_USE_LIBRARY_IDENTITY=false` (default; documented in CLAUDE.md "Cross-cache-identity feature flags (canonical inventory)" via #740). Changes: - `shared/database/src/schema.ts`: three new tables in `wxyc_schema`. `library_identity` is the main one-row-per-library-row record with eight per-source ID columns (`discogs_master_id`, `discogs_release_id`, three MB UUIDs, `wikidata_qid`, `spotify_id`, `apple_music_id`), a `method` enum + `confidence` per §3.4.1, and a STORED GENERATED `distinct_unresolved_sources` audit-view helper. `library_identity_source` is the per-source sidecar (PK `(library_id, source)`) for forensic detail. `library_identity_history` is the supersedure log; FK-free to library so history rows outlive library row deletion. - `shared/database/src/migrations/0075_library-identity-substrate.sql`: drizzle-kit-generated DDL, with leading comment block and `-- @no-precondition-needed` opt-out documenting why empty-table FKs need no inline gate. Journal `when` bumped to `1779856000007` per CLAUDE.md (one ms above 0074's tail). - `scripts/check-library-identity-gate.sql`: §3.2.3 gate-check returning `truly_unresolved_rows` and PASS/FAIL based on the <1000 threshold. Honors the §3.4.1.1 Rule 3 fallback semantics (sibling resolution must be `method != 'inherited'` to count). - `scripts/check-precondition-guards.sh`: §3.2.3.1 CI linter that fails any future migration referencing `library_identity*` columns without inlining the gate-check or using the `-- precondition-guard: not-required` opt-out. Wired into `.github/workflows/test.yml` as the "Migration guards (cross-cache-identity)" job, alongside the existing `lint:migrations` step. - `.env.example`: new "Cross-cache-identity feature flags" section with `BS_USE_LIBRARY_IDENTITY=false` and `BS_USE_LIBRARY_IDENTITY_WRITES=false`. Cross-references the canonical CLAUDE.md section that ships in #740 (BS#667 1/3). Source enum lockstep linter (`scripts/validate-library-identity-sources.sh` per §3.2.4) is intentionally deferred to the writer / manual-override PR — at this PR's open time there is no writer code or override job to validate against, so the linter would have no reference set. The follow-up #741 audit captures the broader cross-repo doc-vs-code drift check. Plan reference: WXYC/wiki plans/library-hook-canonicalization-plan.md §3.2 (schema), §3.2.3 (precondition guards + four-artifact checklist), §3.2.3.1 (CI enforcement), §3.4.1 (confidence matrix), §4.2 (feature flags), §9 PR #3 (this PR). Refs #663 (E2 epic). Refs #666 / #739 (E2 step 0b — CLAUDE.md notes including the cross-cache-identity precondition-guard cross-epic pattern that this migration demonstrates). Refs #667 / #740 (E2 step 0d — canonical feature-flag inventory section that the new .env.example entries cross-reference). Refs #668 / #742 (E2 step 0e — existing-jobs lock-pattern audit confirming no conflict with this writer's lock domain).
jakebromberg
added a commit
that referenced
this pull request
May 8, 2026
…d disabled flag) Empty `library_identity` + `library_identity_source` + `library_identity_history` tables per plan §3.2. No reader or writer code references them in this PR — the dual-table writer (§3.2.2.2), the canonical-entity-id backfill refactor (§4 step 2), and the manual-override MVP job (§3.2.4) ship in subsequent PRs under epic E2-BS (#663). Behind feature flag `BS_USE_LIBRARY_IDENTITY=false` (default; documented in CLAUDE.md "Cross-cache-identity feature flags (canonical inventory)" via #740). Changes: - `shared/database/src/schema.ts`: three new tables in `wxyc_schema`. `library_identity` is the main one-row-per-library-row record with eight per-source ID columns (`discogs_master_id`, `discogs_release_id`, three MB UUIDs, `wikidata_qid`, `spotify_id`, `apple_music_id`), a `method` enum + `confidence` per §3.4.1, and a STORED GENERATED `distinct_unresolved_sources` audit-view helper. `library_identity_source` is the per-source sidecar (PK `(library_id, source)`) for forensic detail. `library_identity_history` is the supersedure log; FK-free to library so history rows outlive library row deletion. - `shared/database/src/migrations/0075_library-identity-substrate.sql`: drizzle-kit-generated DDL, with leading comment block and `-- @no-precondition-needed` opt-out documenting why empty-table FKs need no inline gate. Journal `when` bumped to `1779856000007` per CLAUDE.md (one ms above 0074's tail). - `scripts/check-library-identity-gate.sql`: §3.2.3 gate-check returning `truly_unresolved_rows` and PASS/FAIL based on the <1000 threshold. Honors the §3.4.1.1 Rule 3 fallback semantics (sibling resolution must be `method != 'inherited'` to count). - `scripts/check-precondition-guards.sh`: §3.2.3.1 CI linter that fails any future migration referencing `library_identity*` columns without inlining the gate-check or using the `-- precondition-guard: not-required` opt-out. Wired into `.github/workflows/test.yml` as the "Migration guards (cross-cache-identity)" job, alongside the existing `lint:migrations` step. - `.env.example`: new "Cross-cache-identity feature flags" section with `BS_USE_LIBRARY_IDENTITY=false` and `BS_USE_LIBRARY_IDENTITY_WRITES=false`. Cross-references the canonical CLAUDE.md section that ships in #740 (BS#667 1/3). Source enum lockstep linter (`scripts/validate-library-identity-sources.sh` per §3.2.4) is intentionally deferred to the writer / manual-override PR — at this PR's open time there is no writer code or override job to validate against, so the linter would have no reference set. The follow-up #741 audit captures the broader cross-repo doc-vs-code drift check. Plan reference: WXYC/wiki plans/library-hook-canonicalization-plan.md §3.2 (schema), §3.2.3 (precondition guards + four-artifact checklist), §3.2.3.1 (CI enforcement), §3.4.1 (confidence matrix), §4.2 (feature flags), §9 PR #3 (this PR). Refs #663 (E2 epic). Refs #666 / #739 (E2 step 0b — CLAUDE.md notes including the cross-cache-identity precondition-guard cross-epic pattern that this migration demonstrates). Refs #667 / #740 (E2 step 0d — canonical feature-flag inventory section that the new .env.example entries cross-reference). Refs #668 / #742 (E2 step 0e — existing-jobs lock-pattern audit confirming no conflict with this writer's lock domain).
jakebromberg
added a commit
that referenced
this pull request
May 8, 2026
…d disabled flag) Empty `library_identity` + `library_identity_source` + `library_identity_history` tables per plan §3.2. No reader or writer code references them in this PR — the dual-table writer (§3.2.2.2), the canonical-entity-id backfill refactor (§4 step 2), and the manual-override MVP job (§3.2.4) ship in subsequent PRs under epic E2-BS (#663). Behind feature flag `BS_USE_LIBRARY_IDENTITY=false` (default; documented in CLAUDE.md "Cross-cache-identity feature flags (canonical inventory)" via #740). Changes: - `shared/database/src/schema.ts`: three new tables in `wxyc_schema`. `library_identity` is the main one-row-per-library-row record with eight per-source ID columns (`discogs_master_id`, `discogs_release_id`, three MB UUIDs, `wikidata_qid`, `spotify_id`, `apple_music_id`), a `method` enum + `confidence` per §3.4.1, and a STORED GENERATED `distinct_unresolved_sources` audit-view helper. `library_identity_source` is the per-source sidecar (PK `(library_id, source)`) for forensic detail. `library_identity_history` is the supersedure log; FK-free to library so history rows outlive library row deletion. - `shared/database/src/migrations/0075_library-identity-substrate.sql`: drizzle-kit-generated DDL, with leading comment block and `-- @no-precondition-needed` opt-out documenting why empty-table FKs need no inline gate. Journal `when` bumped to `1779856000007` per CLAUDE.md (one ms above 0074's tail). - `scripts/check-library-identity-gate.sql`: §3.2.3 gate-check returning `truly_unresolved_rows` and PASS/FAIL based on the <1000 threshold. Honors the §3.4.1.1 Rule 3 fallback semantics (sibling resolution must be `method != 'inherited'` to count). - `scripts/check-precondition-guards.sh`: §3.2.3.1 CI linter that fails any future migration referencing `library_identity*` columns without inlining the gate-check or using the `-- precondition-guard: not-required` opt-out. Wired into `.github/workflows/test.yml` as the "Migration guards (cross-cache-identity)" job, alongside the existing `lint:migrations` step. - `.env.example`: new "Cross-cache-identity feature flags" section with `BS_USE_LIBRARY_IDENTITY=false` and `BS_USE_LIBRARY_IDENTITY_WRITES=false`. Cross-references the canonical CLAUDE.md section that ships in #740 (BS#667 1/3). Source enum lockstep linter (`scripts/validate-library-identity-sources.sh` per §3.2.4) is intentionally deferred to the writer / manual-override PR — at this PR's open time there is no writer code or override job to validate against, so the linter would have no reference set. The follow-up #741 audit captures the broader cross-repo doc-vs-code drift check. Plan reference: WXYC/wiki plans/library-hook-canonicalization-plan.md §3.2 (schema), §3.2.3 (precondition guards + four-artifact checklist), §3.2.3.1 (CI enforcement), §3.4.1 (confidence matrix), §4.2 (feature flags), §9 PR #3 (this PR). Refs #663 (E2 epic). Refs #666 / #739 (E2 step 0b — CLAUDE.md notes including the cross-cache-identity precondition-guard cross-epic pattern that this migration demonstrates). Refs #667 / #740 (E2 step 0d — canonical feature-flag inventory section that the new .env.example entries cross-reference). Refs #668 / #742 (E2 step 0e — existing-jobs lock-pattern audit confirming no conflict with this writer's lock domain).
This was referenced May 15, 2026
jakebromberg
added a commit
that referenced
this pull request
May 15, 2026
scripts/check-legacy-entry-id-writes.mjs enforces an allowlist of files that may contain `legacy_entry_id:` (object-literal key form). Each entry registers the use case: #1 webhook upsert, #2 mirror loop-guard, #3 ETL incremental sync, or "READS only" / "column declaration". A new write site without a registered rationale fails CI. - schema.ts: 16-line invariant comment on the column declaration enumerating the three uses and the failure mode (silently break the loop-guard). - flowsheet.mirror.ts addEntry guard: comment naming use #2 and cross- referencing the schema.ts invariant + the CI check. - tests/unit/scripts/check-legacy-entry-id-writes.test.ts: source-grep + child-process tests covering exit codes 0/1/2 and pinning the rationale taxonomy against the allowlist. - .github/workflows/test.yml: new "legacy_entry_id writes" step in the lint-and-typecheck job, alongside the existing cross-cache-identity guards. Closes #908
This was referenced May 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Auth middleware implemented. We should be able to attach it to any of our endpoints to require cognito access tokens.