Skip to content

fix: only restart fleet on rebuild & ignore paths#9

Merged
illegalprime merged 1 commit into
mainfrom
eden/compose-rebuild-no-deps
Apr 21, 2026
Merged

fix: only restart fleet on rebuild & ignore paths#9
illegalprime merged 1 commit into
mainfrom
eden/compose-rebuild-no-deps

Conversation

@illegalprime
Copy link
Copy Markdown
Contributor

@illegalprime illegalprime commented Apr 21, 2026

Earlier timescaledb would stop whenever a rebuild of the go server started.
This prevents that case and also ignores more files that would cause unnecessary rebuilds.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 21, 2026

🔐 Codex Security Review

Note: This is an automated security-focused code review generated by Codex.
It should be used as a supplementary check alongside human review.
False positives are possible - use your judgment.

Scope summary

  • Reviewed pull request diff only (2712d0da00e37781d36ea4ae84fb227c917c9691...b9c36e098b93292a4828e64ef201263daa7efd44, exact PR three-dot diff)
  • Model: gpt-5.4

💡 Click "edited" above to see previous reviews for this PR.

Review Summary

Overall Risk: NONE

Findings

No material security, correctness, or reliability issues identified in the reviewed diff.

Notes

  • Review scope was limited to .git/codex-review.diff, which only changes development-only Docker Compose/watch behavior in server/docker-compose.yaml and the local just dev recipe in server/justfile.
  • The diff does not modify authentication, authorization, SQL, RPC handlers, plugin boundaries, miner command execution, pool configuration, protobufs, or frontend runtime code, so the primary security-sensitive surfaces you listed are unchanged by this PR.
  • The only noteworthy caveat is operational and local-only: server/Dockerfile is now covered by the new watch ignore globs, so Dockerfile edits will no longer trigger an automatic docker compose watch rebuild. That can leave a developer container stale until they restart manually, but it is not a production-facing or security-impacting regression.

Generated by Codex Security Review |
Triggered by: @illegalprime |
Review workflow run

@illegalprime illegalprime changed the title fix: do not restart timescaledb during a go rebuild & ignore more watch paths fix: only restart fleet on rebuild & ignore paths Apr 21, 2026
@illegalprime illegalprime merged commit 5bc86b3 into main Apr 21, 2026
76 of 77 checks passed
@illegalprime illegalprime deleted the eden/compose-rebuild-no-deps branch April 21, 2026 18:28
flesher added a commit that referenced this pull request May 8, 2026
@flesher @claude
fix(multi-site): adversarial-review followups (P1/P2/P3)
a3a161c 
Triage of the parallel adversarial review run on PR #206. Findings
applied as code:

[P1 #1] activity_log composite-FK MATCH SIMPLE bypass on NULL
organization_id closed via CHECK constraint:
ck_activity_log_site_requires_org enforces site_id IS NULL OR
organization_id IS NOT NULL. Verified: insert with site_id + NULL
org rejected; insert with NULL site_id + NULL org accepted (system
events unchanged).

[P1 #2] command_on_device_log org_id backfill: pre-flight DO block
counts orphan rows (codl rows whose device row is missing) and
RAISES with a clear message before SET NOT NULL. A clean abort beats
SET NOT NULL failing mid-migration with the dirty flag set.

[P2 #5] InsertError CTE rewrite: documented the contract change
(missing device $3 yields sql.ErrNoRows instead of FK violation).
Existing caller wraps generically so surface unchanged.

[P2 #6] Plan doc trimmed: power-contract column list marked DEFERRED
in entity description and Phase 1 migration bullet. Future readers
won't write service code against columns that don't exist.

[P2 #7] ListSites count subqueries: added org_id predicate to
device and building scans so they hit idx_device_org_site /
idx_building_org_deleted instead of full-table scan in multi-tenant
prod.

[P2 #8] InsertDeviceMetrics sub-select dropped AND deleted_at IS NULL
to match InsertError / InsertMinerStateSnapshot. Telemetry from a
soft-deleted device is still legitimate per-site history; three
writers, one behavior.

[P3 #10] building.default_rack_order_index: added
ck_building_default_rack_order_index CHECK (BETWEEN 0 AND 4) to
match sibling CHECKs.

[P3 #11] fk_device_set_rack_device_set_org: added ON DELETE CASCADE
to match the single-column FK on device_set_id and the building FK
on the same row. Composite adds the org-matching invariant without
changing cascade semantics.

Findings deferred:
- #3 (non-CONCURRENTLY indexes inside tx): deploy-time concern,
  document in PR/deploy notes; restructuring migrations to use
  CONCURRENTLY is a separate effort.
- #4 (no integration tests): defer to Phase 1B service layer where
  end-to-end flows exercise the invariants.
- #9 (device.uq_device_id_org_id missing): already exists (verified
  on live DB); finding is incorrect.
- #12 (CREATE TABLE IF NOT EXISTS): IF NOT EXISTS hides genuine
  schema errors; force-clean is the right golang-migrate pattern.

Round-trip clean, build clean, lint clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ankitgoswami ankitgoswami ankitgoswami approved these changes

@mcharles-square mcharles-square Awaiting requested review from mcharles-square

@negarn negarn Awaiting requested review from negarn

@rongxin-liu rongxin-liu Awaiting requested review from rongxin-liu

@flesher flesher Awaiting requested review from flesher

Assignees

@illegalprime illegalprime

Labels

server

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@illegalprime @ankitgoswami