Skip to content

feat: sync packages from constructive-db/pgpm-modules#88

Merged
pyramation merged 12 commits into
mainfrom
feat/sync-from-constructive-db
Jun 26, 2026
Merged

feat: sync packages from constructive-db/pgpm-modules#88
pyramation merged 12 commits into
mainfrom
feat/sync-from-constructive-db

Conversation

@pyramation

@pyramation pyramation commented Jun 26, 2026
edited by devin-ai-integration Bot
Loading

Copy link
Copy Markdown
Contributor

Summary

Syncs all packages from constructive-db/pgpm-modules/ into pgpm-modules, keeping existing package versions at 0.28.3 to avoid npm publish collisions.

Key changes beyond the raw sync:

  • Removed uuid package from CI matrix (deleted in sync)
  • Restored 14 verify files from main that referenced columns not present in synced deploy files (e.g. blueprint.status, blueprint.constructed_at)
  • Removed orphan agent_chat_module verify/revert (no matching deploy)
  • Regenerated metaschema-modules Jest snapshots (8 snapshots)
  • Increased FK constraint test timeouts from 30s to 60s
  • Fixed broken GitHub links in all 23 READMEs — packages/* paths → actual git-tracked paths (pgpm/cli, postgres/pgsql-test, postgres/supabase-test, graphile/graphile-test)

Companion constructive-db fix for the link source: constructive-io/constructive-db#357

Link to Devin session: https://app.devin.ai/sessions/35235eb1b0284bb2bbe40509f51fd606
Requested by: @pyramation

@pyramation
feat: sync packages from constructive-db/pgpm-modules
b052cda 
Synchronize all pgpm module packages to match the current state
of pgpm-modules/ in constructive-db (main branch).

Key changes:
- Updated database-jobs (add_job, jobs table, principal_id support)
- Added jwt-claims current_principal_id procedure
- Updated metaschema-modules (new function_deployment_module, constraints)
- Updated services (enforce_api_exposure trigger)
- Updated package versions and control files across all modules
- Removed uuid package (no longer in constructive-db)
- Added new SQL bundle files matching constructive-db versions
@pyramation pyramation self-assigned this Jun 26, 2026
@devin-ai-integration

devin-ai-integration Bot commented Jun 26, 2026

Copy link
Copy Markdown

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment, CI, and merge conflict monitoring

@socket-security

socket-security Bot commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedpgpm@​4.28.87310010098100

View full report

@socket-security

socket-security Bot commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @constructive-io/s3-utils is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/pgpm@4.28.8npm/@constructive-io/s3-utils@2.18.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@constructive-io/s3-utils@2.18.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @constructive-io/s3-utils is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/pgpm@4.28.8npm/@constructive-io/s3-utils@2.18.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@constructive-io/s3-utils@2.18.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm pgpm is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/achievements/package.jsonnpm/pgpm@4.28.8

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pgpm@4.28.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

pyramation added 10 commits June 26, 2026 04:29
@pyramation
fix: restore test files and snapshots to match deployed SQL
cdd91e9 
- Restore database-jobs test to use JWT config (procedure has no db_id param)
- Restore encrypted-secrets-table snapshot with uuidv7() default
- Restore services test files removed by sync
- Fix metaschema-schema verify: remove non-existent module column
@pyramation
fix: restore missing revert/verify files deleted by sync
c3e291e 
- Restore 10 services revert files (site_themes, apis, apps, etc.)
- Restore 6 metaschema-modules revert + 6 verify files (agent_module, graph_module, etc.)
- These files exist on main but were absent in constructive-db/pgpm-modules/
@pyramation
fix: restore set_props_and_commit drop in object-tree revert
7d13120 
The deploy creates both set_and_commit and set_props_and_commit functions,
so the revert must drop both to allow schema drop.
@pyramation
fix: restore metaschema-modules verify files from main, remove orphan…
f97236d 
… agent_chat_module

Synced verify files from constructive-db referenced columns not present
in the deploy files (e.g. blueprint.status, blueprint.constructed_at).
Restored verify files to match the deployed schema.

Removed agent_chat_module verify/revert which had no corresponding deploy.
@pyramation
fix: regenerate metaschema-modules snapshots and restore test timeout
efd50d4 
Updated snapshots to match new deploy file state after sync.
Restored 30s timeout on FK constraint test that was removed by sync.
@pyramation
fix: increase FK query timeouts for metaschema-modules tests
8e7a423 
More module tables from the sync make information_schema FK queries
slower, increasing timeouts from 30s to 60s.
@pyramation
fix: add missing column defaults snapshot for metaschema-modules
97d0ed5
@pyramation
fix: restore package versions to 0.28.3
8833f2d 
The sync from constructive-db downgraded versions (0.28.3 -> 0.15.5 etc)
which would overwrite published versions. Restore all to 0.28.3 while
keeping the synced code and pgpm devDependency updates.
@pyramation
ci: re-run after flaky minio container init failure
b0ed02b
@pyramation
fix: correct broken GitHub links in README files
d0fa430 
Fix Related Tooling links to match actual git-tracked paths in constructive repo:
- packages/pgpm -> pgpm/cli
- packages/pgsql-test -> postgres/pgsql-test
- packages/supabase-test -> postgres/supabase-test
- packages/graphile-test -> graphile/graphile-test
@pyramation pyramation merged commit 87b1882 into main Jun 26, 2026
23 checks passed
@pyramation pyramation deleted the feat/sync-from-constructive-db branch June 26, 2026 05:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pyramation pyramation

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pyramation