fix(sqlite): add allow_env_keys column to codebases schema + migration#988
Merged
fix(sqlite): add allow_env_keys column to codebases schema + migration#988
Conversation
PR #983 added the allow_env_keys consent bit via PostgreSQL migrations (migrations/000_combined.sql and migrations/021_*.sql) but did not update packages/core/src/db/adapters/sqlite.ts, which has its own independent schema bootstrap path. Result: every SQLite database has been broken since #983 landed: - Fresh installs: createSchema() creates remote_agent_codebases without the column, and POST /api/codebases fails on every call with "table remote_agent_codebases has no column named allow_env_keys". - Existing installs upgraded from v0.2.x: CREATE TABLE IF NOT EXISTS is a no-op on the existing table and migrateColumns() never adds the column, same failure. Cole's deployed server at archon-youtube.smartcode.diy hit this live — every "add project" request returned 500 because the VPS runs docker-compose with the SQLite default (no separate postgres service). Two surgical changes to packages/core/src/db/adapters/sqlite.ts: 1. createSchema(): add `allow_env_keys INTEGER DEFAULT 0` to the remote_agent_codebases CREATE TABLE block so fresh databases get the column. SQLite has no true BOOLEAN — INTEGER with 0/1 matches the existing pattern used for `hidden` on conversations. 2. migrateColumns(): add a new idempotent try/catch block that PRAGMA-checks the codebases table for `allow_env_keys` and ALTERs it in if missing. Pattern matches the existing migration blocks for Conversations, Workflow runs, and Sessions columns. The JavaScript read path in db/codebases.ts and the clients already uses truthy checks (`if (!codebase?.allow_env_keys)`), which works for both SQLite integer (0/1) and JS boolean (false/true) storage. No other changes needed. Fixes the live incident blocking Cole's demo and unblocks v0.3.1.
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughA database schema migration adds an Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Wirasm
added a commit
that referenced
this pull request
Apr 8, 2026
First post under a new docs site blog section. It's a post-mortem on the six bugs that broke every Archon binary release from v0.2.13 through v0.3.1: - #960 pino-pretty transport crash in compiled binaries - #961/#979 isBinaryBuild runtime detection fragility - #986/#987 release workflow bypassing scripts/build-binaries.sh - #988 SQLite schema missing allow_env_keys column - #990 Claude SDK cli.js path baked in at build time - #991/#992 env-leak gate firing on unregistered cwd paths Each bug masked the next. The test-release skill was the first thing that exercised the full chain (install the released binary on a clean machine, run real commands, verify end-to-end), and it found all six in sequence as the earlier layers got fixed. The post covers: - The bug onion metaphor and why it's particularly hard to debug - Each of the six bugs with root cause and fix PR - Why dev mode hid all of this - Why locally-built binaries passed all contributor tests but failed for every other user - The smoke test that finally broke the pattern - What changed in the release skill + what's still open - An honest 'note on blame' — the lesson is structural, not about being more careful Also adds a 'Blog' section to the Astro sidebar config so the new directory is discoverable. Positioned between Getting Started and Guides. Pre-post sanity check items for reviewer: - Factual accuracy of the bug-by-bug timeline - Whether to name the community contributor (leex279) explicitly or keep it generic - Whether the 'Note on blame' section is the right tone - Length (~3000 words) — fine for a post-mortem, could be trimmed to ~2000 for a shorter read
puvuglobal
pushed a commit
to puvuglobal/Archon
that referenced
this pull request
Apr 8, 2026
…logic (coleam00#988) Approve/reject/status/resume/abandon operations were duplicated between CLI and command-handler with subtle behavioral drift. This extracts the shared business logic into packages/core/src/operations/ so both callers are thin formatting adapters over a single implementation. Changes: - Create workflow-operations.ts with 6 shared operations - Create isolation-operations.ts with list/cleanup operations - Thin command-handler cases to delegate to operations - Thin CLI workflow/isolation commands to delegate to operations - Add 15 unit tests for operations layer - Update docs to reflect operations layer - Add TODO for future dispatchOrchestratorWorkflow extraction Fixes coleam00#988
This was referenced Apr 13, 2026
Closed
Tyone88
pushed a commit
to Tyone88/Archon
that referenced
this pull request
Apr 16, 2026
…logic (coleam00#988) Approve/reject/status/resume/abandon operations were duplicated between CLI and command-handler with subtle behavioral drift. This extracts the shared business logic into packages/core/src/operations/ so both callers are thin formatting adapters over a single implementation. Changes: - Create workflow-operations.ts with 6 shared operations - Create isolation-operations.ts with list/cleanup operations - Thin command-handler cases to delegate to operations - Thin CLI workflow/isolation commands to delegate to operations - Add 15 unit tests for operations layer - Update docs to reflect operations layer - Add TODO for future dispatchOrchestratorWorkflow extraction Fixes coleam00#988
Tyone88
pushed a commit
to Tyone88/Archon
that referenced
this pull request
Apr 16, 2026
coleam00#988) PR coleam00#983 added the allow_env_keys consent bit via PostgreSQL migrations (migrations/000_combined.sql and migrations/021_*.sql) but did not update packages/core/src/db/adapters/sqlite.ts, which has its own independent schema bootstrap path. Result: every SQLite database has been broken since coleam00#983 landed: - Fresh installs: createSchema() creates remote_agent_codebases without the column, and POST /api/codebases fails on every call with "table remote_agent_codebases has no column named allow_env_keys". - Existing installs upgraded from v0.2.x: CREATE TABLE IF NOT EXISTS is a no-op on the existing table and migrateColumns() never adds the column, same failure. Cole's deployed server at archon-youtube.smartcode.diy hit this live — every "add project" request returned 500 because the VPS runs docker-compose with the SQLite default (no separate postgres service). Two surgical changes to packages/core/src/db/adapters/sqlite.ts: 1. createSchema(): add `allow_env_keys INTEGER DEFAULT 0` to the remote_agent_codebases CREATE TABLE block so fresh databases get the column. SQLite has no true BOOLEAN — INTEGER with 0/1 matches the existing pattern used for `hidden` on conversations. 2. migrateColumns(): add a new idempotent try/catch block that PRAGMA-checks the codebases table for `allow_env_keys` and ALTERs it in if missing. Pattern matches the existing migration blocks for Conversations, Workflow runs, and Sessions columns. The JavaScript read path in db/codebases.ts and the clients already uses truthy checks (`if (!codebase?.allow_env_keys)`), which works for both SQLite integer (0/1) and JS boolean (false/true) storage. No other changes needed. Fixes the live incident blocking Cole's demo and unblocks v0.3.1.
joaobmonteiro
pushed a commit
to joaobmonteiro/Archon
that referenced
this pull request
Apr 26, 2026
…logic (coleam00#988) Approve/reject/status/resume/abandon operations were duplicated between CLI and command-handler with subtle behavioral drift. This extracts the shared business logic into packages/core/src/operations/ so both callers are thin formatting adapters over a single implementation. Changes: - Create workflow-operations.ts with 6 shared operations - Create isolation-operations.ts with list/cleanup operations - Thin command-handler cases to delegate to operations - Thin CLI workflow/isolation commands to delegate to operations - Add 15 unit tests for operations layer - Update docs to reflect operations layer - Add TODO for future dispatchOrchestratorWorkflow extraction Fixes coleam00#988
joaobmonteiro
pushed a commit
to joaobmonteiro/Archon
that referenced
this pull request
Apr 26, 2026
coleam00#988) PR coleam00#983 added the allow_env_keys consent bit via PostgreSQL migrations (migrations/000_combined.sql and migrations/021_*.sql) but did not update packages/core/src/db/adapters/sqlite.ts, which has its own independent schema bootstrap path. Result: every SQLite database has been broken since coleam00#983 landed: - Fresh installs: createSchema() creates remote_agent_codebases without the column, and POST /api/codebases fails on every call with "table remote_agent_codebases has no column named allow_env_keys". - Existing installs upgraded from v0.2.x: CREATE TABLE IF NOT EXISTS is a no-op on the existing table and migrateColumns() never adds the column, same failure. Cole's deployed server at archon-youtube.smartcode.diy hit this live — every "add project" request returned 500 because the VPS runs docker-compose with the SQLite default (no separate postgres service). Two surgical changes to packages/core/src/db/adapters/sqlite.ts: 1. createSchema(): add `allow_env_keys INTEGER DEFAULT 0` to the remote_agent_codebases CREATE TABLE block so fresh databases get the column. SQLite has no true BOOLEAN — INTEGER with 0/1 matches the existing pattern used for `hidden` on conversations. 2. migrateColumns(): add a new idempotent try/catch block that PRAGMA-checks the codebases table for `allow_env_keys` and ALTERs it in if missing. Pattern matches the existing migration blocks for Conversations, Workflow runs, and Sessions columns. The JavaScript read path in db/codebases.ts and the clients already uses truthy checks (`if (!codebase?.allow_env_keys)`), which works for both SQLite integer (0/1) and JS boolean (false/true) storage. No other changes needed. Fixes the live incident blocking Cole's demo and unblocks v0.3.1.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
PR #983 shipped the env-leak gate
allow_env_keyscolumn via PostgreSQL migrations but never updatedpackages/core/src/db/adapters/sqlite.ts, which has its own independent schema bootstrap path. Every SQLite database is broken since #983 landed —POST /api/codebasesfails withtable remote_agent_codebases has no column named allow_env_keys.Cole's deployed server at
archon-youtube.smartcode.diyis hitting this live — the VPS runs docker-compose with the SQLite default (no separate postgres service), so every "add project" returns 500.Changes
Two surgical edits to
packages/core/src/db/adapters/sqlite.ts, both copy-pasted from existing patterns in the file:createSchema()— addallow_env_keys INTEGER DEFAULT 0to theremote_agent_codebasesCREATE TABLE block. Fresh databases get the column. SQLite has no true BOOLEAN — INTEGER with 0/1 matches the existing pattern used forhiddenon conversations.migrateColumns()— add a new idempotent try/catch block that PRAGMA-checks the codebases table forallow_env_keysand ALTERs it in if missing. Pattern matches the existing migration blocks for Conversations, Workflow runs, and Sessions columns. Existing databases get the column on next startup.The JavaScript read path in
db/codebases.tsand the clients already uses truthy checks (if (!codebase?.allow_env_keys)), which works for both SQLite integer (0/1) and JS boolean (false/true) storage. No other changes needed.Test plan
bun test packages/core/src/db/adapters/sqlite.test.ts— all 68 tests passmigrateColumns()adds the column to the existing DB on next startupRelated
Summary by CodeRabbit