feat: add isolated Discord archive data plane#131
Conversation
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|
Codex review: needs real behavior proof before merge. Reviewed July 15, 2026, 10:12 PM ET / July 16, 2026, 02:12 UTC. Summary Reproducibility: not applicable. This PR proposes a new production deployment architecture rather than fixing broken behavior with an established current contract. Review metrics: 5 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review findings
Review detailsBest possible solution: Choose one canonical remote-archive architecture; either extend Do we have a high-confidence way to reproduce the issue? Not applicable: this PR proposes a new production deployment architecture rather than fixing broken behavior with an established current contract. Is this the best way to solve the issue? No. The branch duplicates the supported remote-archive responsibility without first proving that the existing Full review comments:
Overall correctness: patch is incorrect AGENTS.md: unclear because the file could not be read completely. Codex review notes: model internal, reasoning high; reviewed against 0dc6a87cad9a. Label changesLabel changes:
Label justifications:
Evidence reviewedSecurity concerns:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
Thanks for the thoughtful work here, @GrantTheAssistant. A second remote-archive backend is a crawlkit-family architecture decision that needs a design conversation first. Discrawl is keeping one canonical remote boundary until that direction is settled, so we are closing this implementation rather than taking on parallel GCE/Firebase behavior. The generic SQLite, tombstone, and attachment hardening is valuable. We are extracting those pieces into narrow maintainer-owned PRs with your credit preserved. Thank you for identifying and implementing those improvements. |
Adds the isolated per-tenant GCE archive service, private authenticated API, bounded Firestore projection, backup and restore tooling, hardened host isolation, deployment verification, and full tests. Production rollout keeps each tenant isolated and follows disabled, shadow, then authoritative cutover.