Skip to content

v1.2.0 — Installation Path Consolidation

Choose a tag to compare

View all tags
@josortmel josortmel released this 05 Jun 11:33
· 5 commits to main since this release
v1.2.0
d7d755c

EcoDB v1.2.0 — Installation Path Consolidation

Fresh installs now work out of the box. Upgrades from any prior version are automatic.

What's new

Migration runner

Idempotent SQL migration runner (api/migrations.py) applies pending migrations on every API startup. Uses pg_advisory_lock to serialize concurrent startups. If a migration fails, the API refuses to start — a broken schema never silently serves traffic.

Fresh installs go from init.sql (5.0.0) to 5.1.1 automatically. Upgrades re-apply idempotent migrations (no-op on up-to-date schemas). No manual SQL needed.

Docker entrypoint with gosu

New entrypoint fixes media volume permissions automatically at container start. No more manual docker exec -u root chown after deploy.

INTERNAL_BROADCAST_SECRET hardened

  • Hardcoded default removed from docker-compose.yml (was publicly visible in repo)
  • Setup scripts now auto-generate a unique secret per installation (CSPRNG)
  • Production startup warns if secret is missing or too short

Existing installs: if you never set INTERNAL_BROADCAST_SECRET in .env, you were using the public default. Rotate it: openssl rand -hex 32 and add to .env. See CLAUDE.md for details.

Dashboard error sanitization

Server errors (5xx) now show "Server error (500). Check server logs for details." instead of the misleading "Couldn't reach EcoDB" message.

Schema version test

New integration test (test_schema_version_matches_db) catches drift between settings.SCHEMA_VERSION and the actual database. Auto-skips if postgres is unavailable.

Version drift cleanup

Stale version references cleaned across settings, MCP, dashboard, and docs. CORS default corrected (8081 → 8091). ENVIRONMENT default changed to "development" for better local DX.

Documentation

  • README: environment variables table, schema verification command, upgrade notes
  • CHANGELOG: entries for v0.9.5 through v1.2.0
  • CLAUDE.md: migration convention, broadcast secret rotation guide

Upgrade from v1.1.x

git pull
docker compose up --build -d

# Rotate broadcast secret if you never set it
openssl rand -hex 32
# Add INTERNAL_BROADCAST_SECRET=<value> to .env
docker compose restart api worker

Stats

  • 22 files changed, 1018 insertions, 27 deletions
  • 7 build tasks, 2 adversarial security loops, 2 verification loops
  • Design: Prima (workflow-diseno v4, 2 design adversarial loops, 41 observations)
  • Build: Hilo (orchestrator) + code (executor) + adv-code + adv-seg + verificador
Assets 2
Loading