feat(github-app): strict installation lookup, drop transitional fallbacks (#283 PR 7/7)

[coji]

Summary

Issue #283 stack の 最終 PR (7/7) — 移行期間 fallback を全削除し、strict installation lookup に切替。これでシリーズ完結。

設計根拠: `docs/rdd/issue-283-multiple-github-accounts.md`
作業計画: `docs/rdd/issue-283-work-plan.md`

依存: #288, #296, #290, #291, #292, #293

⚠️ デプロイ順序

このマージは PR 6 (#293) の `backfill-installation-membership` を本番実行 + 検証完了後 にのみ実行してください。順序を守らないと既存リポジトリが strict lookup で弾かれてエラーになります。

詳細手順は #293 の Runbook 参照。

変更内容

schema (`db/shared.sql` + migration)

• `integrations.app_suspended_at` カラム削除（PR 1 で `github_app_links.suspended_at` に移行済み）
• Atlas が table-rebuild migration を生成 (`20260408001949.sql`)
• `app/services/type.ts` 再生成

Octokit 解決 (`app/services/github-octokit.server.ts`)

• `resolveOctokitForRepository` 内の transitional fallback を全削除:
  • `github_app + githubInstallationId IS NULL` → エラー "Repository has no canonical installation assigned. Run reassign-broken-repositories or reinstall."
  • "active link 1 件で代用" のロジック削除
• 削除した legacy export:
  • `assertOrgGithubAuthResolvable`
  • `resolveOctokitFromOrg`
  • `OrgGithubAuthInput`

query 層 (`app/services/github-integration-queries.server.ts`)

• `getGithubAppLink` (deprecated) を削除（caller ゼロ）

PR webhook (`app/services/github-webhook-pull.server.ts`)

• 移行期間の `OR github_installation_id IS NULL` を削除し strict 化:
  ```sql
  WHERE owner = ? AND repo = ? AND github_installation_id = ?
  ```
• broken state webhook を ops が検知できるよう、各 silent return に `debug()` ログを追加（`createDebug('app:github-webhook:pull')`）

route (`app/routes/$orgSlug/settings/repositories/$repository/$pull/`)

• `index.tsx`: `resolveOctokitFromOrg` から `resolveOctokitForRepository` に migration
• `queries.server.ts`: `getRepository` の select に `githubInstallationId` 追加

cleanup

• `appSuspendedAt` への参照を全削除 (setup callback / webhook handler / mutation / batch query / test fixture)
• `github-octokit.server.test.ts` から legacy 関数のテストと transitional fallback ケースを削除

満たす受入条件

• chore: bump up npm #16: PR webhook strict lookup
• feat: commit command list all commits in default #20 (完全達成): schema → backfill → strict lookup 切替

デプロイ Rollback 戦略

• migration は destructive (column drop)。本番デプロイ前に staging で apply → rollback → re-apply のリハーサル必須
• デプロイ後 24 時間は `github_app_link_events` の異常パターン (連続 `canonical_reassigned`, `webhook_dropped` debug ログの急増) を監視
• 異常検知時:
  1. PR 7 を revert
  2. `app_suspended_at` を復活させる down migration を当てる (Atlas で生成済み)
  3. 必要なら `reassign-broken-repositories` で個別 repo 救済

Stack 位置 (完成形)

```text
PR 1 (#288): schema
└ PR 2 (#296): query/octokit
└ PR 3 (#290): webhook/membership
└ PR 4 (#291): UI
└ PR 5 (#292): repo UI
└ PR 6 (#293): backfill
└ [PR 7: strict] ← this PR
```

テスト

• `pnpm validate` (lint / format / typecheck / build / test 全 342 tests)
• `resolveOctokitForRepository` の strict path テスト (canonical なし → throw)
• migration `pnpm db:setup` で再現可能

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f960ed49-634f-447d-b20c-fe43c21c1f08

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/issue-283-strict

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coji]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• feat(github-app): strict installation lookup, drop transitional fallbacks (#283 PR 7/7) #294 👈 (View in Graphite)
• feat(batch): backfill-installation-membership CLI for PR 7 deploy prep (#283 PR 6/7) #293
• feat(repo-ui): broken repository recovery (#283 PR 5/7) #292
• feat(ui): multi-installation aware settings UI (#283 PR 4/7) #291
• feat(github-app): webhook handlers, canonical reassignment, and membership initialization (#283 PR 3/7) #290
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coji]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coji]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.