fix(db): guard DDL on orphan tables for clean replay (granular)#313
Conversation
Audit found only 5 post-baseline migrations doing DDL on tables that exist in prod but were never created by a migration (created out-of-band). Of those, t38 already self-guards (IF EXISTS) and 20260519163704 was a false positive (`tags` is a column of products). The 3 real blockers are guarded so a fresh replay no-ops on the missing table instead of aborting; production (where the tables exist) behaves identically: - onda13: CREATE POLICY on audit_log_gravacao / seo_audit_log -> wrapped in to_regclass(...) IS NOT NULL guards. - onda19: DROP/CREATE TRIGGER + ALTER on kit_component_print_areas, supplier_technique_mappings, tabela_preco_gravacao_oficial, variant_supplier_sources, and the view reading tabela_preco_gravacao_oficial -> wrapped in EXCEPTION WHEN undefined_table guards (non-orphan ALTERs left intact). - harden_anon_graphql_exposure: all REVOKE ... FROM anon wrapped (idempotent; no-op when the table is absent). https://claude.ai/code/session_01MBTzmQYmrgwLnwfxRS3PNU
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Warning Review limit reached
Your plan includes 5 reviews of capacity. Refill in 18 minutes and 32 seconds. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more review capacity refills, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
2 participants
Objetivo
Continuação granular (de baixo risco) da limpeza de drift de replay — classe tabelas órfãs. Após você considerar o baseline arriscado, seguimos por correções pontuais que não tocam produção.
Contexto
Funções (636), enums (5) e guards dos batches t37 já estão em
main(#298, #305). O replay agora avança atéonda13e falha emaudit_log_gravacao(tabela criada fora de migration). Auditoria mostrou que só 5 migrations pós-baseline fazem DDL em tabelas órfãs:t38→ já auto-guardado (IF EXISTS).20260519163704→ falso positivo (tagsé coluna deproducts).Mudança (guards, sem reconstruir tabelas, sem tocar prod)
CREATE POLICYemaudit_log_gravacao/seo_audit_log→ guardado porto_regclass(...) IS NOT NULL.kit_component_print_areas,supplier_technique_mappings,tabela_preco_gravacao_oficial,variant_supplier_sources+ a view que lêtabela_preco_gravacao_oficial(_faixa)→ guardados porEXCEPTION WHEN undefined_table. ALTERs de tabelas existentes (quotes, etc.) ficam intactas.REVOKE ... FROM anonguardados (idempotente; no-op quando a tabela está ausente).Em produção (onde as tabelas existem) o comportamento é idêntico; num replay limpo, vira no-op em vez de abortar.
Validação
Vou monitorar o preview (replay fresco) e iterar granular caso surja a próxima classe (views/policies/triggers órfãos remanescentes).
https://claude.ai/code/session_01MBTzmQYmrgwLnwfxRS3PNU
Generated by Claude Code
Summary by cubic
Guards DDL in three migrations so a clean DB replay doesn’t fail on orphan tables created out-of-band. Production behavior is unchanged; on fresh replay these statements no-op instead of aborting.
Written for commit ba5a589. Summary will update on new commits. Review in cubic