G D.12 — per-fact verified_at via repo variables#15
Merged
Conversation
Extend the env-var → repo-variable display refresh pattern from G D.11
to the per-fact `bbl-verified-at-dpf` and `bbl-verified-at-cwa` hidden
meta markers on the privacy pages. Previously those markers read JSON's
per-fact `verified_at` fields directly; on the silent-when-healthy
weekly cron path JSON stays untouched, so the per-fact markers were
stuck at the last value-change date (the 2026-04-29 seed) even when
both checks DID re-verify clean today. The field name "verified_at"
strongly implies "when we last verified" — JSON-direct sourcing didn't
match.
Two new repo variables (created manually by Lars, seed 2026-04-29):
- VERIFIER_DPF_VERIFIED_AT — advances when the DPF check returns ok
- VERIFIER_CWA_VERIFIED_AT — advances when the CWA check returns ok
These advance independently of the top-level VERIFIER_LAST_OK_AT, so on
mixed-status runs the per-fact marker for the clean-on-this-run fact
still refreshes:
- all-ok run: all three variables advance
- CWA changed (PR path): DPF variable still advances; CWA stays
- DPF absent (PR path): CWA variable still advances; DPF stays
- CWA parser-broken: DPF variable advances; Issue opens for CWA
- DPF unreachable: CWA variable advances; Issue opens for DPF
Implementation:
- scripts/run-verifier.mjs: emit dpf_ok + cwa_retention_ok GH outputs
alongside the existing three flags; expand the dry-run preview log
to include the per-fact variable-update paths.
- .github/workflows/verify-cloudflare-facts.yml: pin the two new flags
to false in the mock-dispatch dry-run branch; add two new variable-
update steps gated independently on dpf_ok / cwa_retention_ok
(using the same VERIFIER_VARIABLE_TOKEN fine-grained PAT).
- All four build workflows (deploy-staging, deploy-production,
rebuild-nightly, rebuild-nightly-staging): pass VERIFIED_AT_DPF and
VERIFIED_AT_CWA env vars to `npm run build` from the new repo vars.
- src/lib/cloudflare-facts.ts: generalize getEffectiveVerifiedDate
with a `source: 'top' | 'dpf' | 'cwa'` parameter. JSON fallback per
source; Vite-friendly literal env-property access. File-level JSDoc
rewritten: the G D.11 note that said "per-fact markers deliberately
read JSON, NOT this helper" is reversed under G D.12.
- src/pages/datenschutz.astro + src/pages/en/privacy.astro: route the
per-fact `bbl-verified-at-{dpf,cwa}` markers through the generalized
helper. The frontmatter comment about the verifier's post-deploy
smoke step is dropped (that step was removed by G D.11.1).
Local smoke:
- npm run build with all three env vars set → all three markers show
the env-supplied date on both DE and EN pages. Unset env → all three
fall back to JSON. Malformed env → fallback (Date.parse guard).
- astro check: 0 errors, 0 warnings (2 pre-existing handoff-bundle
CJS hints).
- Verifier dry-run matrix (per-fact independence):
cwa-active → dpf_ok=true, cwa_ok=true → all 3 vars
cwa-changed-figure→ dpf_ok=true, cwa_ok=false → DPF var + PR
dpf-absent → dpf_ok=false, cwa_ok=true → CWA var + PR
cwa-parser-broken → dpf_ok=true, cwa_ok=false → DPF var + Issue
Surfaced post-G-D.11 ship when the per-fact markers stayed at
2026-04-29 even after the top-level marker advanced to today,
prompting the design discussion that produced this gate.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to PR #14 (G D.10 + G D.11). The post-merge state had a real semantic issue: the per-fact
bbl-verified-at-dpfandbbl-verified-at-cwamarkers stayed at2026-04-29even after both checks re-verified clean today, because they read JSON's per-factverified_atand JSON only gets written on value-change runs (per the G D.11.1 design). The field name "verified_at" implies "when last verified" — JSON-direct sourcing didn't match.G D.12 extends the env-var → repo-variable pattern to the per-fact markers, mirroring the top-level mechanism.
What changed
2026-04-29T00:00:00Z):VERIFIER_DPF_VERIFIED_AT,VERIFIER_CWA_VERIFIED_AT. Updated independently ofVERIFIER_LAST_OK_ATby the verifier whenever the corresponding fact returnsok— so on mixed-status runs the clean-fact's marker still refreshes.scripts/run-verifier.mjs): emits two new GITHUB_OUTPUT flagsdpf_ok/cwa_retention_ok; dry-run preview expanded to log the per-fact variable-update paths.VERIFIER_VARIABLE_TOKENfine-grained PAT); mock-dispatch dry-run branch pins the new flags to false.VERIFIED_AT_DPF+VERIFIED_AT_CWAenv vars tonpm run build.src/lib/cloudflare-facts.ts):getEffectiveVerifiedDategeneralised with asource: 'top' | 'dpf' | 'cwa'parameter. JSON fallback per source. File-level JSDoc rewritten — the G D.11 note saying "per-fact markers deliberately read JSON, NOT this helper" is reversed.Test plan / staging evidence
npm run buildclean;astro check0 errors / 0 warnings.2026-05-12T...→ all three markers show2026-05-12on both DE and EN.cwa-active→dpf_ok=true, cwa_retention_ok=true→ would update all 3 vars.cwa-changed-figure→dpf_ok=true, cwa_retention_ok=false→ would update DPF var + open PR.dpf-absent→dpf_ok=false, cwa_retention_ok=true→ would update CWA var + open PR.cwa-parser-broken→dpf_ok=true, cwa_retention_ok=false→ would update DPF var + open Issue.dev(run 25728379992): all three variable-update steps succeeded; all three variables now at2026-05-12T10:22:24Z; channel steps correctly skipped.dev.blackbrowedlabs.com/datenschutz+/en/privacy: all three markers (top + dpf + cwa) show2026-05-12on both locales.Notable design
_okflag, so a mixed-status run (e.g., DPF ok + CWA parser-broken) still refreshes the DPF marker — the user-facing date no longer says "we didn't verify this fact today" when in fact we did.import.meta.env.Xonly gets build-time-replaced whenXis a literal property — the helper branches explicitly on source rather than computing the env key.VERIFIER_VARIABLE_TOKEN(Variables: read/write) covers all three update steps.Refs
bb0ec64.🤖 Generated with Claude Code