fix(ci): remove quote-public-view orphan + clean 5 ghost entries (close B-9)

[adm01-debug]

🎯 Problema

CI gate 🛡️ Edge authorization manifest gate falhando em todos os runs do main desde 15/mai:

[manifest] Edge function "quote-public-view" não está declarada em
edge-authz-manifest.ts.

Build/teste do PR #222 (run #3117) e seguintes bloqueados.

🔍 Causa-raiz (loop de 3 PRs)

#	Commit	Ação
1	cec0a06f9 (PR #188)	Removeu quote-public-view do manifest + do config.toml (era ghost entry). Estado: limpo ✅
2	f6fdc7f52	RECRIOU o arquivo como stub 410 alegando 'config.toml still declares it' — premissa FALSA. Estado: disco com função, manifest SEM entrada ❌

✅ Correções

1. DELETE da função (B-9 da auditoria pré-prod)

• rm -rf supabase/functions/quote-public-view/ — stub de 16 linhas (HTTP 410)
• Zero callers no src/, zero referência em config.toml, zero deps em outras edges

2. REGEN do cors-snapshot.json

• node scripts/build-cors-snapshot.mjs → 78 → 77 functions

3. CLEAN de 5 ghost entries no check-edge-structured-logging.mjs

Já estavam órfãs (warning ativo):

• bi-share-dossier
• collections-public-react
• comparisons-public-react
• generate-mockup-nanobanana
• kit-public-view

• a 6ª (quote-public-view) deletada.

4. SNAPSHOT_SIZE 84 → 78

Trava o novo ceiling pra evitar regressões.

🧪 Validação local (todos os 5 gates verdes)

✅ check-edge-authorization      → 78/78 declared + enforced
✅ check-edge-cors-headers       → 77 functions, x-request-id OK
✅ check-edge-structured-logging → 78 edges, 0 órfãs, 0 warnings
✅ check-edge-request-id-propagation → 9 critical edges OK
✅ build-cors-snapshot --check   → snapshot up-to-date (77 functions)

📊 Impacto

• CI principal volta a passar. Desbloqueia próximos PRs.
• Closes B-9 de AUDITORIA-PROFUNDA-PROMOGIFTS-PRE-PROD.md (2026-05-10).
• Reduz superfície: −16 linhas de stub deprecated + 6 entradas órfãs.

🛠️ Como mergear

Squash merge conforme padrão do projeto.

---

🤖 Generated with Claude (claude-opus-4-7)

---

Summary by cubic

Fixes the failing edge authorization manifest gate by deleting the orphaned quote-public-view function and refreshing snapshots/allowlists. CI on main is unblocked and green again; closes B-9.

• Bug Fixes
  • Removed supabase/functions/quote-public-view/ (deprecated 410 stub; no callers/config refs).
  • Regenerated supabase/functions/_shared/cors-snapshot.json (78 → 77 functions).
  • Pruned ghost entries from LEGACY_ALLOWLIST in scripts/check-edge-structured-logging.mjs: bi-share-dossier, collections-public-react, comparisons-public-react, generate-mockup-nanobanana, kit-public-view (plus deleted quote-public-view).
  • Updated SNAPSHOT_SIZE from 84 → 78 to lock the new ceiling.

^{Written for commit 63fb3c0. Summary will update on new commits. Review in cubic}

Summary by CodeRabbit

• Chores
  • Removido endpoint deprecado que retornava status "descontinuado".
  • Atualizado snapshot de configuração de CORS com ajustes nas rotas compartilhadas.
  • Refinada verificação de logging estruturado com atualização de allowlist.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
promo-gifts	Ready	Preview, Comment	May 15, 2026 2:55pm

[supabase]

Updates to Preview Branch (fix/ci-remove-quote-public-view-orphan-and-snapshot-ghosts) ↗︎

Deployments	Status	Updated
Database	✅	Fri, 15 May 2026 14:57:51 UTC
Services	✅	Fri, 15 May 2026 14:57:51 UTC
APIs	✅	Fri, 15 May 2026 14:57:51 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks	Status	Updated
Configurations	✅	Fri, 15 May 2026 14:58:00 UTC
Migrations	❌	Fri, 15 May 2026 15:00:17 UTC
Seeding	⏸️	Fri, 15 May 2026 14:55:56 UTC
Edge Functions	⏸️	Fri, 15 May 2026 14:55:56 UTC

---

❌ Branch Error • Fri, 15 May 2026 15:00:18 UTC

ERROR: column "created_by" does not exist (SQLSTATE 42703)
At statement: 60
DO $$
BEGIN
  ALTER POLICY "ck_insert_self" ON public."custom_kits" WITH CHECK (((user_id = (SELECT auth.uid())) OR (created_by = (SELECT auth.uid()))));
EXCEPTION WHEN undefined_table OR undefined_object OR undefined_function THEN NULL;
END $$

---

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 82786fff-191d-455a-b5cb-9b16d8033a3c

📥 Commits

Reviewing files that changed from the base of the PR and between 6e9d2e9 and 63fb3c0.

📒 Files selected for processing (3)

• scripts/check-edge-structured-logging.mjs
• supabase/functions/_shared/cors-snapshot.json
• supabase/functions/quote-public-view/index.ts

💤 Files with no reviewable changes (1)

• supabase/functions/quote-public-view/index.ts

---

Walkthrough

O PR remove a edge function descontinuada quote-public-view e sincroniza os artifacts que rastreiam funções Supabase. O snapshot CORS é recalculado para 77 entradas, o allowlist do gate de CI é atualizado, e o tamanho esperado é ajustado de 78 para 77.

Changes

Limpeza de quote-public-view

Layer / File(s)	Summary
Atualização do CORS snapshot supabase/functions/_shared/cors-snapshot.json	Recalcula timestamp generated_at, reduz totais de 78 para 77, e remove quote-public-view da matriz functions mantendo demais entradas intactas e campos CORS inalterados.
Sincronização do gate de CI scripts/check-edge-structured-logging.mjs	Atualiza LEGACY_ALLOWLIST removendo/adicionando entradas e reduz SNAPSHOT_SIZE para 77 para validar align com o novo snapshot de edge functions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• adm01-debug/Promo_Gifts#112: Modifica o mesmo LEGACY_ALLOWLIST e SNAPSHOT_SIZE em scripts/check-edge-structured-logging.mjs, ajustando o gate de CI para mudanças em edge functions.
• adm01-debug/Promo_Gifts#131: Remove o mesmo arquivo supabase/functions/quote-public-view/index.ts e sincroniza o snapshot CORS.
• adm01-debug/Promo_Gifts#67: Modifica edge functions para usar createStructuredLogger conforme validado pelo gate check-edge-structured-logging que é atualizado neste PR.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	O título descreve com precisão o objetivo principal: remover a função órfã quote-public-view e limpar entradas órfãs do allowlist (5 ghost entries), refletindo exatamente as alterações implementadas.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/ci-remove-quote-public-view-orphan-and-snapshot-ghosts

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 63fb3c0797

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Set snapshot size to the actual allowlist length

After this removal the allowlist contains 76 entries, but the new ceiling is 78. Since the growth check only fails when LEGACY_ALLOWLIST.size - SNAPSHOT_SIZE > 0, the next two PRs could add functions back to LEGACY_ALLOWLIST and still pass this gate, contrary to the "NÃO ADICIONAR" invariant this script is meant to enforce. Set this to the current allowlist size so any growth is caught immediately.

Useful? React with 👍 / 👎.

[Copilot]

Pull request overview

Removes the orphaned quote-public-view edge function and updates CI guard artifacts so edge-function authorization, CORS, and structured-logging checks reflect the current function set.

Changes:

• Deleted the deprecated quote-public-view stub edge function.
• Updated the CORS snapshot from 78 to 77 functions.
• Removed orphan entries from the structured logging legacy allowlist and lowered its snapshot ceiling.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
supabase/functions/quote-public-view/index.ts	Deletes the deprecated public quote view stub.
supabase/functions/_shared/cors-snapshot.json	Updates CORS snapshot metadata and removes quote-public-view.
scripts/check-edge-structured-logging.mjs	Cleans orphan legacy allowlist entries and updates snapshot size.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[cubic-dev-ai]

1 issue found across 3 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/check-edge-structured-logging.mjs">

<violation number="1" location="scripts/check-edge-structured-logging.mjs:54">
P2: Set `SNAPSHOT_SIZE` to the current allowlist size (76). Keeping it at 78 leaves room for two new legacy entries to be added without tripping the growth guard, which weakens the "NÃO ADICIONAR" enforcement.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
Re-trigger cubic}

[cubic-dev-ai]

P2: Set SNAPSHOT_SIZE to the current allowlist size (76). Keeping it at 78 leaves room for two new legacy entries to be added without tripping the growth guard, which weakens the "NÃO ADICIONAR" enforcement.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At scripts/check-edge-structured-logging.mjs, line 54:

<comment>Set `SNAPSHOT_SIZE` to the current allowlist size (76). Keeping it at 78 leaves room for two new legacy entries to be added without tripping the growth guard, which weakens the "NÃO ADICIONAR" enforcement.</comment>

<file context>
@@ -26,32 +26,32 @@ const FN_ROOT = "supabase/functions";
 ]);
 
-const SNAPSHOT_SIZE = 84;
+const SNAPSHOT_SIZE = 78;
 
 function listEdgeFunctions() {
</file context>

Suggested change

	const SNAPSHOT_SIZE = 78;
	const SNAPSHOT_SIZE = 76;