Implement monitor-rate-limits edge function to compare metrics against alert configurations, trigger notifications, and record alerts; update config and groundwork for admin UI integration.
Add an edge function rate-limit-metrics to expose metrics via API, including authentication guards, CORS headers, and multiple query endpoints for recent metrics, stats, and function/user/IP-specific data. Integrates with new metrics and auth helpers and uses existing rate limiter.
Add Phase 2 updates to rateLimiter.ts:
- Import and hook in rateLimitMetrics and authHelpers
- Track per-request metrics on allowed/blocked outcomes
- Extract userId and clientIP for metrics
- Extend RateLimiter to pass functionName for metrics context
- Update withRateLimit to utilize new metadata and return values
Consolidate CORS handling by introducing a shared supabase/functions/_shared/cors.ts and migrate edge functions to import from it. Remove inline cors.ts usage across functions, standardize headers (including traceparent and x-request-id), and prepare for environment-aware origins.
Updated edge functions to include traceparent and x-request-id in Access-Control-Allow-Headers for:
- supabase/functions/process-selective-approval/cors.ts
- supabase/functions/process-selective-rejection/cors.ts
This fixes CORS preflight and allows POST requests to reach edge functions.
Enhance process-selective-approval with startup env var validation, request-level logging, and improved error handling to diagnose edge function failures. Includes checks for SUPABASE_ANON_KEY, startup init log, per-request logs, and robust catch-block logging.
Apply quick wins and pipeline fixes for integration tests:
- Remove is_test_data flag from location inserts
- Increase test delay from 2.5s to 5s and add delays between suites to curb rate limiting
- Replace [object Object] error formatting with formatTestError across 10 test suites (31 edits) and add import
- Refactor unit/conversion tests and performance tests to use the approval pipeline
- Extend edge function handling by ensuring item_ids are included in idempotency key inserts (edge function fix)
- Update auth, data integrity, edgeFunction, moderation, performance, submission, unitConversion, and versioning test files accordingly
Add centralized errorFormatter to convert various error types into readable messages, and apply it across edge functions. Replace String(error) usage with formatEdgeError, update relevant imports, fix a throw to use toError, and enhance logger to log formatted errors. Includes new errorFormatter.ts and widespread updates to 18+ edge functions plus logger integration.
Implement distributed tracing across edge functions:
- Introduce span types and utilities (logger.ts enhancements)
- Replace request tracking with span-based tracing in approval and rejection flows
- Propagate and manage W3C trace context in edge tracking
- Add span visualization scaffolding (spanVisualizer.ts) and admin TraceViewer UI (TraceViewer.tsx)
- Create tracing-related type definitions and support files
- Prepare RPC call logging with span context and retries
Enhance edge functions process-selective-approval and process-selective-rejection with edgeLogger-based, structured logging. Introduce request tracking (startRequest/endRequest), replace all console logs, add comprehensive logging points (auth, payload validation, idempotency, RPC calls, deadlocks, errors, locks), and register process-selective-rejection in config.toml. Also sanitize sensitive data in logs and ensure duration metrics are captured.
- Adds atomic rejection transaction edge function and RPC
- Updates moderation client to use new rejection path
- Introduces rejection transaction migration and supporting readouts
- Moves photo-related approval handling toward RPC-based flow
- Lays groundwork for idempotency and resilience in moderation actions
Update `update_entity_from_submission` and `delete_entity_from_submission` to support timeline events. Remove unused `p_idempotency_key` parameter from `process_approval_transaction` RPC call in `process-selective-approval` edge function.
Added ban evasion reporting to the `upload-image` edge function for both DELETE and POST operations. This ensures that all ban evasion attempts, including those via direct API calls, are logged to `system_alerts` and visible on the `/admin/error-monitoring` dashboard.
This commit implements Phase 3 of the Sacred Pipeline, focusing on enhanced error handling. It includes:
- **Transaction Status Polling Endpoint**: A new edge function `check-transaction-status` allows clients to poll the status of moderation transactions using idempotency keys.
- **Expanded Error Sanitizer Patterns**: The `src/lib/errorSanitizer.ts` file has been updated with more comprehensive patterns to remove sensitive information from error messages, making them safer for display and logging. User-friendly replacements for common errors are also included.
- **Rate Limiting for Submission Creation**: Client-side rate limiting has been implemented in `src/lib/submissionRateLimiter.ts` and applied to key submission functions within `src/lib/entitySubmissionHelpers.ts` (e.g., `submitParkCreation`, `submitRideCreation`, `submitParkUpdate`, `submitRideUpdate`) to prevent abuse and accidental duplicate submissions.
Corrected an import error in the `run-cleanup-jobs` edge function. The function was attempting to import from a non-existent `../_shared/cors.ts` file. This has been resolved by defining the `corsHeaders` inline within the function, aligning with the pattern used in other edge functions.
Approve and implement the Supabase migration for the pipeline monitoring alert system. This includes expanding alert types, adding new monitoring functions, and updating existing ones with escalating thresholds.
Implement comprehensive error handling and robustness measures across the entire pipeline as per the detailed plan. This includes database-level security, client-side validation, scheduled maintenance, and fallback mechanisms for edge function failures.
Implement the destructive migration plan to remove the old approval flow entirely. This includes deleting the legacy edge function, removing the toggle component, simplifying frontend code, and updating documentation.
Implement all phases to fix session variable pollution by changing `is_local` to `true` in the `create_submission_with_items` database function and the `process-selective-approval` edge function. This ensures session variables are transaction-scoped, preventing data corruption and attribution errors. Includes database migration, edge function updates, and monitoring for attribution mismatches.
Implement orphaned image cleanup, temp refs cleanup, deadlock retry, and lock cleanup. These fixes address critical areas of data integrity, resource management, and system resilience within the submission pipeline.
Wrap edge function approval loop in database transaction to prevent partial data on failures. This change ensures atomicity for approval operations, preventing inconsistent data states in case of errors.
Implement Phase 1 of the JSONB violation fix by creating the `park_submission_locations` table. This includes migrating existing data from `park_submissions.temp_location_data` and updating relevant code to read and write to the new relational table. The `temp_location_data` column will be dropped after data migration.
Refactor park updates, ride updates, and timeline event submissions to use dedicated relational tables instead of JSON blobs in `submission_items.item_data`. This enforces the "NO JSON IN SQL" rule, improving queryability, data integrity, and consistency across the pipeline.
Implement plan to fix ride model technical specifications pipeline. This includes creating a new migration for the `ride_model_submission_technical_specifications` table, updating `entitySubmissionHelpers.ts` to handle insertion of technical specifications, and modifying the edge function `process-selective-approval/index.ts` to fetch these specifications. This ensures no data loss for ride model technical specifications.
Implement the plan to fix critical data loss in ride submissions. This includes:
- Storing ride technical specifications, coaster statistics, and name history in submission tables.
- Adding missing category-specific fields to the `ride_submissions` table via a new migration.
- Updating submission helpers and the edge function to include these new fields.
- Fixing the park location Zod schema to include `street_address`.
Implement the plan to add `street_address` to the location creation logic within the `process-selective-approval` edge function. This ensures that `street_address` is preserved when approving composite submissions, completing the end-to-end pipeline for this field.
