Add missing serve() wrapper and correct CORS configuration in supabase/functions/process-selective-approval/index.ts, and import necessary modules. This ensures the edge function handles requests and applies proper CORS headers.
- Add early logging and health check to process-selective-approval edge function
- Implement idempotency check with timeout to avoid edge timeouts
- Expose health endpoint for connectivity diagnostics
- Increase client moderation action timeout from 30s to 60s
- Update moderation actions hook to accommodate longer timeouts
Implements complete plan to resolve duplicate span_id issues and metric collection errors:
- Ensure edge handlers return proper Response objects to prevent double logging
- Update collect-metrics to use valid metric categories, fix system_alerts query, and adjust returns
- Apply detect-anomalies adjustments if needed and add defensive handling in wrapper
- Prepare ground for end-to-end verification of location-related fixes
Extend createEdgeFunction usage to novu-webhook, seed-test-data, and sitemap by removing manual boilerplate (CORS, auth, tracking, error handling) and replacing logging with span-based tracing; wire in EdgeFunctionContext for supabase, user, span, and requestId; preserve core logic including webhook validation, data seeding utilities, and sitemap caching.
Refactor export-user-data, notify-user-submission-status, and resend-deletion-code to use createEdgeFunction wrapper. Remove manual CORS, auth, rate limiting boilerplate; adopt standardized EdgeFunctionContext (supabase, user, span, requestId), and integrate built-in tracing, rate limiting, and logging through the wrapper. Update handlers to rely on wrapper context and ensure consistent error handling and observability.
Refactor process-expired-bans, detect-location, detect-anomalies, rate-limit-metrics, and collect-metrics to use createEdgeFunction wrapper with standardized error handling, tracing, and reduced boilerplate. Update signatures to receive { supabase, span, requestId } (and user where applicable), replace manual logging with span events, remove per-function boilerplate, and ensure consistent wrapper configuration (cors, auth, rate limits, and tracing).
- Refactor validate-email, receive-inbound-email, and send-admin-email-reply to use createEdgeFunction wrapper with automatic error handling, tracing, and reduced boilerplate.
- enrich wrapper to support service-role usage and role-based authorization context for complex flows.
Batch 1 of Phase 2: migrate 3-4 edge functions to use createEdgeFunction wrapper (process-selective-approval, process-selective-rejection, rate-limit-metrics) to enable automatic error logging, CORS, auth, and reduced boilerplate; preserve existing logic where applicable and prepare for subsequent batches.
Implement Phase 1 by adding error span logging and database persistence to 8 edge functions that already log errors:
- detect-location
- export-user-data
- notify-moderators-submission
- novu-webhook
- send-escalation-notification
- send-password-added-email
- resend-deletion-code
- merge-contact-tickets
This update introduces startSpan/endSpan and logSpanToDatabase usage in catch blocks to ensure errors are recorded in the monitoring database.
Add retry mechanism to backfill-ride-data, backfill-company-data, and backfill-park-locations edge functions using withEdgeRetry, including isRetryableError and isDeadlockError. Apply CORS headers to ride-data and company-data responses, and ensure park-locations already contains CORS remains with retry wrapping. Update unauthorized and success responses to include CORS headers.
Update logger.ts to use the import-map resolved package
- Replace jsr:@supabase/supabase-js@2 with @supabase/supabase-js
- Align edge function logger with deno.json import map for reliable bundling
Add proper CORS headers to edge function:
- Import and apply corsHeadersWithMethods via corsHeaders config
- Include CORS headers in all responses (including unauthorized and success cases)
This resolves preflight and subsequent requests blocked by CORS policy.
Implement edge function and UI to backfill missing company data from submissions, including admin trigger and result reporting, and wire into admin settings.
Add edge function and UI for ride data backfill, integrating admin UI to trigger backfill, plus supporting types and wiring to backfill_ride_data function. Includes RideDataBackfill component, admin page integration, and initial server-side function scaffold for updating rides from submissions.
Add a script to backfill missing location data for already-approved parks from their submission data, and make it executable from the admin settings interface. Implement a backfill function (SQL migration) and an edge function to trigger it, plus UI integration in Admin Settings to initiate the process. Ensure only parks with approved submissions and location data are linked to new location records, and expose results in admin.
Implement fire-and-forget span persistence:
- Add logSpanToDatabase and persistSpanToDatabase to logger
- Persist spans, attributes, events, and event attributes to new tables
- Wire edgeFunctionWrapper to call DB persistence after each span
- Create required tables, views, and security policies
- Ensure non-blocking and guard for missing Supabase creds
Update edge function wrapper to emit backend metadata headers (X-Request-Id, X-Span-Id, X-Trace-Id, X-Duration-Ms) on responses; adjust logging to include duration and headers. Enhance edgeFunctionTracking to extract and propagate backend metadata from responses and errors; extend errorHandler to capture and log backend metadata for improved observability.
Migrate the remaining administrative function check-transaction-status to use the wrapEdgeFunction wrapper, aligning with admin-delete-user. Updated to remove manual Deno.serve handling, integrate edge wrapper, standardized logging with edgeLogger, and utilize context for auth and tracing. admin-delete-user already migrated.
Refactor Phase 3 Batch 2–4 Novu-related functions to use the createEdgeFunction wrapper, replacing explicit HTTP servers with edge wrapper, adding standardized logging, tracing, and error handling across subscriber management, topic/notification, and migration/sync functions.
Migrate 6 background jobs to use wrapEdgeFunction: cleanup-old-versions, process-scheduled-deletions, data-retention-cleanup, run-cleanup-jobs, scheduled-maintenance, process-expired-bans. Replace old server routines with edgeFunction wrapper, add centralized logging, tracing, and standardized error handling, and adjust for batch-wise deployment.
Enhance error handling and logging across all edge functions:
- Introduce a shared edgeFunctionWrapper with standardized error handling, request/response logging, tracing, and validation hooks.
- Add runtime type validation utilities (ValidationError, validators, and parse/validate helpers) and integrate into edge flow.
- Implement robust validation for incoming requests and known type mismatches, with detailed logs and structured responses.
- Add post-RPC and post-database error logging to surface type/mismatch issues early.
- Update approval/rejection entry points to leverage new validators and centralized error handling.
Read idempotency key from headers in process-selective-approval and process-selective-rejection, remove it from request bodies, add header validation, and redeploy edge functions to fix idempotency flow.
Improve CORS handling and error logging to fix moderation edge cases:
- Add x-idempotency-key to allowed CORS headers and expose explicit POST methods
- Extend CORS headers to include Access-Control-Allow-Methods
- Update edge function tracing and client error handling to better detect and log CORS/network issues
- Enhance error handling utilities to surface CORS-related failures and provide clearer user messages
Enhance detect-anomalies with advanced ML algorithms (Isolation Forest, seasonal decomposition, predictive modeling) and schedule frequent runs via pg_cron. Updates include implementing new detectors, ensemble logic, and plumbing to run and expose results through the anomaly detection UI and data hooks.
Implements edge function, Django tasks, and UI hooks/panels for automatic retention of old metrics, anomalies, alerts, and incidents, plus updates to query keys and monitoring dashboard to reflect data-retention workflows.
Add Django Celery tasks and utilities to periodically collect system metrics (error rates, response times, queue sizes) and record them into metric_time_series. Include monitoring app scaffolding, metrics collector, Celery beat schedule, middleware for live metrics, and a Supabase edge function for cross-source metrics.
Introduce statistical anomaly detection for metrics via edge function, hooks, and UI components. Adds detection algorithms (z-score, moving average, rate of change), anomaly storage, auto-alerts, and dashboard rendering of detected anomalies with run-once trigger and scheduling guidance.
Implement monitor-rate-limits edge function to compare metrics against alert configurations, trigger notifications, and record alerts; update config and groundwork for admin UI integration.
Add an edge function rate-limit-metrics to expose metrics via API, including authentication guards, CORS headers, and multiple query endpoints for recent metrics, stats, and function/user/IP-specific data. Integrates with new metrics and auth helpers and uses existing rate limiter.
Add Phase 2 updates to rateLimiter.ts:
- Import and hook in rateLimitMetrics and authHelpers
- Track per-request metrics on allowed/blocked outcomes
- Extract userId and clientIP for metrics
- Extend RateLimiter to pass functionName for metrics context
- Update withRateLimit to utilize new metadata and return values
Consolidate CORS handling by introducing a shared supabase/functions/_shared/cors.ts and migrate edge functions to import from it. Remove inline cors.ts usage across functions, standardize headers (including traceparent and x-request-id), and prepare for environment-aware origins.
Updated edge functions to include traceparent and x-request-id in Access-Control-Allow-Headers for:
- supabase/functions/process-selective-approval/cors.ts
- supabase/functions/process-selective-rejection/cors.ts
This fixes CORS preflight and allows POST requests to reach edge functions.
Enhance process-selective-approval with startup env var validation, request-level logging, and improved error handling to diagnose edge function failures. Includes checks for SUPABASE_ANON_KEY, startup init log, per-request logs, and robust catch-block logging.
Apply quick wins and pipeline fixes for integration tests:
- Remove is_test_data flag from location inserts
- Increase test delay from 2.5s to 5s and add delays between suites to curb rate limiting
- Replace [object Object] error formatting with formatTestError across 10 test suites (31 edits) and add import
- Refactor unit/conversion tests and performance tests to use the approval pipeline
- Extend edge function handling by ensuring item_ids are included in idempotency key inserts (edge function fix)
- Update auth, data integrity, edgeFunction, moderation, performance, submission, unitConversion, and versioning test files accordingly
Add centralized errorFormatter to convert various error types into readable messages, and apply it across edge functions. Replace String(error) usage with formatEdgeError, update relevant imports, fix a throw to use toError, and enhance logger to log formatted errors. Includes new errorFormatter.ts and widespread updates to 18+ edge functions plus logger integration.
Implement distributed tracing across edge functions:
- Introduce span types and utilities (logger.ts enhancements)
- Replace request tracking with span-based tracing in approval and rejection flows
- Propagate and manage W3C trace context in edge tracking
- Add span visualization scaffolding (spanVisualizer.ts) and admin TraceViewer UI (TraceViewer.tsx)
- Create tracing-related type definitions and support files
- Prepare RPC call logging with span context and retries
Enhance edge functions process-selective-approval and process-selective-rejection with edgeLogger-based, structured logging. Introduce request tracking (startRequest/endRequest), replace all console logs, add comprehensive logging points (auth, payload validation, idempotency, RPC calls, deadlocks, errors, locks), and register process-selective-rejection in config.toml. Also sanitize sensitive data in logs and ensure duration metrics are captured.
- Adds atomic rejection transaction edge function and RPC
- Updates moderation client to use new rejection path
- Introduces rejection transaction migration and supporting readouts
- Moves photo-related approval handling toward RPC-based flow
- Lays groundwork for idempotency and resilience in moderation actions
Update `update_entity_from_submission` and `delete_entity_from_submission` to support timeline events. Remove unused `p_idempotency_key` parameter from `process_approval_transaction` RPC call in `process-selective-approval` edge function.
