fix(onda-9.3): endereçar feedback Copilot/Codex pós-merge (4 issues P2)#128
Merged
Conversation
Após merge dos PRs #124 e #125, descobri 4 review threads abertas de GitHub Copilot e ChatGPT Codex Connector que CodeRabbit não cobriu. Esse PR endereça as 4 críticas reais (P2/Minor mas válidas). ## Issue 1: Migration sem CREATE EXTENSION pg_cron (Copilot, P2) Localização: supabase/migrations/20260510131942_*.sql A migration usa cron.unschedule/cron.schedule mas não garante a extensão pg_cron. 3 outras migrations do projeto seguem o pattern defensivo (precedente): supabase/migrations/20260319134320_*.sql supabase/migrations/20260409013312_*.sql supabase/migrations/20260423174952_*.sql Em prod atual já está instalada (re-aplicação confirmou 'extension already exists, skipping' = no-op idempotente). Em ambiente novo, a anterior 20260423174952 já cria, mas adicionar aqui mantém defensive pattern e evita assumption. ## Issue 2: Vazamento parcial de credencial 429683... (Copilot, P2) Localização: docs/handoff-2026-05-09-onda-9-vault-recovery.md L228 L228 tinha: | F3.14 Test fn_get_vault_secret('evolution_api_key') | ✅ retorna '429683...' | Mesmo prefixo parcial pode ajudar em enumeração. CodeRabbit pediu sanitização similar nas linhas 2/250/257/264/307/412/418 mas não pegou a 228. Substituído por '<REDACTED-evolution-api-key-prefix>'. ## Issue 3: Referência a arquivo inexistente docker-compose-supabase.yml (Copilot, P2) Localização: docs/runbooks/SUPABASE-VOLUMES-DOS-AND-DONTS.md L130 + docs/handoff-2026-05-09-onda-9-vault-recovery.md L272, L390 O runbook recomenda 'docker stack deploy -c docker-compose-supabase.yml' mas esse arquivo não existe no repo. O nome real do compose Supabase self-hosted nesta VPS é '/root/supabase.yaml' (host filesystem), documentado em docs/DEPLOYMENT.md. Corrigido para apontar pra '/root/supabase.yaml'. ## Issue 4: Path interno /workspace/notes/backups/ no runbook L180 Localização: docs/runbooks/SUPABASE-VOLUMES-DOS-AND-DONTS.md L180 + supabase/migrations/20260510131942_*.sql L22 CodeRabbit pediu sanitização similar no handoff (linhas 250, 257, 264, 307, 412, 418 — todas resolvidas no PR #125), mas o runbook L180 e a migration L22 ainda tinham /workspace/notes/. Inconsistência corrigida: L180 → '<internal-backup-storage>/supabase_db_config_*.tar.gz' L22 → '-- Ref: internal incident record (Onda 9)' ## Validação Migration v3 aplicada em produção como idempotency test: NOTICE: extension 'pg_cron' already exists, skipping CREATE EXTENSION CREATE FUNCTION x3 (REPLACE) REVOKE x3 + GRANT x3 (idempotente) CREATE VIEW cron schedule | 51, 52 (reagendados) Smoke test: {'ok': 24, 'fail': 0, 'defer': 7, 'status': 'healthy'} Banco produção continua healthy. ACL hardening preservada. ## Auditoria final 9/9 critérios 1. Migration tem CREATE EXTENSION pg_cron: ✅ 1 ocorrência 2. Migration sem /workspace: ✅ 0 3. Handoff sem 429683: ✅ 0 4. Handoff sem docker-compose-supabase: ✅ 0 5. Handoff sem /workspace: ✅ 0 6. Runbook sem docker-compose-supabase: ✅ 0 7. Runbook sem /workspace: ✅ 0 8. Banco prod healthy pós-apply: ✅ healthy 9. Cron jobs ativos: ✅ 51 + 52 reagendados Resolves: 4 review threads abertas pós-PRs #124 e #125 - copilot-pull-request-reviewer: pg_cron L192, prefixo 429683 L228, docker-compose L130 - (descoberta na auditoria): /workspace L180 runbook, L22 migration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
WalkthroughAtualiza documentação operacional/handoff (paths para /root/supabase.yaml e placeholder de backup) e adiciona um requisito defensivo ChangesVault Healthcheck Implementation com Documentação Operacional
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Pull request overview
Follow-up da Onda 9 (Vault Recovery) para fechar 4 threads pós-merge, focando em tornar a migration mais “defensive” (pg_cron) e sanitizar/ajustar documentação operacional (redactions e paths corretos).
Changes:
- Adiciona
CREATE EXTENSION IF NOT EXISTS pg_cron;antes do bloco de cron jobs na migration do healthcheck do Vault. - Remove/sanitiza referência interna (
/workspace/notes/...) e redige prefixo parcial de credencial na doc de handoff. - Corrige referência de deploy para o compose real do ambiente (
/root/supabase.yaml) e troca path de artefato de backup por placeholder interno.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| supabase/migrations/20260510131942_a5fcc99c-92cc-4be6-895a-f9a0d453a871.sql | Garante pg_cron antes de agendar/unschedule jobs e remove referência interna a /workspace/notes/. |
| docs/runbooks/SUPABASE-VOLUMES-DOS-AND-DONTS.md | Ajusta comando de deploy para /root/supabase.yaml e sanitiza path de backup (placeholder). |
| docs/handoff-2026-05-09-onda-9-vault-recovery.md | Redige prefixo parcial de API key e atualiza referências ao compose do Supabase para o path correto na VPS. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
Author
|
@coderabbitai full review Esse PR endereça os feedbacks do Copilot e Codex Connector dos PRs #124 e #125 (4 issues P2). Detalhes completos no body do PR. Aguardo nova revisão. |
|
✅ Actions performedFull review triggered. |
This was referenced May 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Contexto
PR follow-up da Onda 9 (Vault Recovery). Após merge dos PRs #124 e #125 e auditoria minuciosa, descobri 4 review threads abertas de GitHub Copilot Reviewer e ChatGPT Codex Connector que CodeRabbit não cobriu (focou só nos issues que ele mesmo levantou).
Esse PR endereça as 4 críticas reais (todas P2/Minor mas válidas) num único commit pequeno.
Issues endereçadas
🟠 Issue 1: Migration sem
CREATE EXTENSION pg_cron(Copilot, P2)Local:
supabase/migrations/20260510131942_*.sqlA migration usa
cron.unschedule/schedulemas não garanteCREATE EXTENSION IF NOT EXISTS pg_cron. Precedente do projeto (3 migrations seguem o pattern defensivo):supabase/migrations/20260319134320_*.sqlsupabase/migrations/20260409013312_*.sqlsupabase/migrations/20260423174952_*.sqlFix: adicionado
CREATE EXTENSION IF NOT EXISTS pg_cron;em seção própria antes do bloco "6) Cron jobs".🟠 Issue 2: Vazamento parcial de credencial
429683...(Copilot, P2)Local:
docs/handoff-2026-05-09-onda-9-vault-recovery.mdL228A linha mostrava o prefixo da
evolution_api_key(429683...). Mesmo parcial, pode ajudar em enumeração. CodeRabbit pediu sanitização em outras linhas (2/250/257/264/307/412/418) mas não pegou a 228.Fix: substituído por
<REDACTED-evolution-api-key-prefix>.🟠 Issue 3: Referência a arquivo inexistente
docker-compose-supabase.yml(Copilot, P2)Local:
docs/runbooks/SUPABASE-VOLUMES-DOS-AND-DONTS.mdL130 +docs/handoff-*.mdL272, L390O runbook recomendava
docker stack deploy -c docker-compose-supabase.yml, mas esse arquivo não existe no repo. O nome real do compose Supabase nesta VPS é/root/supabase.yaml(host filesystem), conformedocs/DEPLOYMENT.md.Fix: 3 ocorrências corrigidas pra apontar a
/root/supabase.yaml(com nota "(na VPS)").🟡 Issue 4: Inconsistência de paths internos
/workspace/notes/Local:
docs/runbooks/SUPABASE-VOLUMES-DOS-AND-DONTS.mdL180 +supabase/migrations/20260510131942_*.sqlL22CodeRabbit pediu sanitização desse padrão no handoff (PR #125, todas resolvidas), mas runbook L180 e migration L22 ainda tinham
/workspace/notes/. Achado próprio durante a auditoria — inconsistência clara.Fix:
<internal-backup-storage>/supabase_db_config_*.tar.gz-- Ref: internal incident record (Onda 9)Validação em produção
Migration v3 aplicada 2x como idempotency test (output verbatim):
Banco produção continua healthy. ACL hardening do PR #124 preservada (PUBLIC e anon revogados).
Auditoria final (9/9 critérios)
CREATE EXTENSION pg_cron/workspace429683docker-compose-supabase/workspacedocker-compose-supabase/workspace{"ok":24,"fail":0,"defer":7,"status":"healthy"}Diff stats
Resolve
/workspaceL180 runbook, L22 migrationEncerra arquivisticamente a Onda 9 sem deixar pontas soltas.
Summary by CodeRabbit
Notas de Lançamento
Documentação
Chores