- Introduce per-button loading state in PipelineHealthAlerts
- Disable button and show spinner with "Resolving..." while resolving
- Re-enable after operation completes
- Keeps user feedback inline with alert resolution flow
Enhance PipelineHealthAlerts flow to log and refresh
- Add console logs when resolving alerts on PipelineHealthAlerts
- Invalidate related queries to refresh UI after resolution
- Improve error handling and user feedback paths for resolve action
Investigate and address why the Resolve action isn’t triggering despite superuser role. Add diagnostic logging and ensure the resolve mutation is invoked with correct data, plus prep for validating frontend event wiring and mutation calls.
Implement monitoring and alert-resolve UI improvements:
- Enhance useAlertGroupActions with robust error handling and breadcrumb logging
- Add loading state visuals to GroupedAlertsPanel and Resolve All button
- Integrate loading indicator (Loader2) for better user feedback during resolves
Implement fire-and-forget span persistence:
- Add logSpanToDatabase and persistSpanToDatabase to logger
- Persist spans, attributes, events, and event attributes to new tables
- Wire edgeFunctionWrapper to call DB persistence after each span
- Create required tables, views, and security policies
- Ensure non-blocking and guard for missing Supabase creds
- Change security settings for views to SECURITY INVOKER
- Add explicit search_path in cleanup_old_spans function
- Ensure safe, non-deferring access to trace views and cleanup routine
Update edge function wrapper to emit backend metadata headers (X-Request-Id, X-Span-Id, X-Trace-Id, X-Duration-Ms) on responses; adjust logging to include duration and headers. Enhance edgeFunctionTracking to extract and propagate backend metadata from responses and errors; extend errorHandler to capture and log backend metadata for improved observability.
Migrate the remaining administrative function check-transaction-status to use the wrapEdgeFunction wrapper, aligning with admin-delete-user. Updated to remove manual Deno.serve handling, integrate edge wrapper, standardized logging with edgeLogger, and utilize context for auth and tracing. admin-delete-user already migrated.
Refactor Phase 3 Batch 2–4 Novu-related functions to use the createEdgeFunction wrapper, replacing explicit HTTP servers with edge wrapper, adding standardized logging, tracing, and error handling across subscriber management, topic/notification, and migration/sync functions.
Migrate 6 background jobs to use wrapEdgeFunction: cleanup-old-versions, process-scheduled-deletions, data-retention-cleanup, run-cleanup-jobs, scheduled-maintenance, process-expired-bans. Replace old server routines with edgeFunction wrapper, add centralized logging, tracing, and standardized error handling, and adjust for batch-wise deployment.
Enhance error handling and logging across all edge functions:
- Introduce a shared edgeFunctionWrapper with standardized error handling, request/response logging, tracing, and validation hooks.
- Add runtime type validation utilities (ValidationError, validators, and parse/validate helpers) and integrate into edge flow.
- Implement robust validation for incoming requests and known type mismatches, with detailed logs and structured responses.
- Add post-RPC and post-database error logging to surface type/mismatch issues early.
- Update approval/rejection entry points to leverage new validators and centralized error handling.
Applied migration to fix process_approval_transaction to support all company types: company, manufacturer, operator, property_owner, designer. This resolves unknown item type errors and enables moderation approvals across all entity types. Migration was executed successfully.
Read idempotency key from headers in process-selective-approval and process-selective-rejection, remove it from request bodies, add header validation, and redeploy edge functions to fix idempotency flow.
Improve CORS handling and error logging to fix moderation edge cases:
- Add x-idempotency-key to allowed CORS headers and expose explicit POST methods
- Extend CORS headers to include Access-Control-Allow-Methods
- Update edge function tracing and client error handling to better detect and log CORS/network issues
- Enhance error handling utilities to surface CORS-related failures and provide clearer user messages
Enhance detect-anomalies with advanced ML algorithms (Isolation Forest, seasonal decomposition, predictive modeling) and schedule frequent runs via pg_cron. Updates include implementing new detectors, ensemble logic, and plumbing to run and expose results through the anomaly detection UI and data hooks.
Implements edge function, Django tasks, and UI hooks/panels for automatic retention of old metrics, anomalies, alerts, and incidents, plus updates to query keys and monitoring dashboard to reflect data-retention workflows.
Add Django Celery tasks and utilities to periodically collect system metrics (error rates, response times, queue sizes) and record them into metric_time_series. Include monitoring app scaffolding, metrics collector, Celery beat schedule, middleware for live metrics, and a Supabase edge function for cross-source metrics.
Introduce statistical anomaly detection for metrics via edge function, hooks, and UI components. Adds detection algorithms (z-score, moving average, rate of change), anomaly storage, auto-alerts, and dashboard rendering of detected anomalies with run-once trigger and scheduling guidance.
- Add hooks and components for correlated alerts and incidents
- Integrate panels into MonitoringOverview
- Extend query keys for correlation and incidents
- Implement incident actions (create, acknowledge, resolve) and wiring
The migration succeeded but security warnings require updating functions to set search_path. Add SET search_path to the three created functions to ensure proper schema resolution and security context.
Fix security definer view issue by enabling security_invoker on grouped_alerts_view and implement grouped alerts system with new keys, hooks, components, and monitoring overview integration. Added migration to adjust view, updated query keys, created useGroupedAlerts, useAlertGroupActions, GroupedAlertsPanel, and updated MonitoringOverview to include grouped alerts.
Update: implement grouped_alerts_view migration and address security definer concerns by noting default SECURITY INVOKER behavior for views and ensuring RLS policies on underlying tables apply. This commit covers the view creation and related security clarifications for alert grouping feature.
The migration completed successfully to enable moderation actions:
- Added SELECT, INSERT, and UPDATE RLS policies for system_alerts
- Grants issued to authenticated users
- Enables viewing, creating, and resolving Pipeline Health alerts via UI
- Resolves the previous issue where Resolve did nothing by lacking permissions
Allow moderators to resolve rate limit alerts by adding UPDATE policy on rate_limit_alerts and granting UPDATE to authenticated users. This completes enabling the Resolve action for alerts.
Implement loading state, confirmation dialog, and related UI changes for resolving rate limit alerts:
- Add resolvingAlertId state
- Use ConfirmationDialog for safe resolution
- Update Resolve button to ghost variant with CheckCircle icon and loading behavior
- Wire up loading and disable states during mutation
Implement monitor-rate-limits edge function to compare metrics against alert configurations, trigger notifications, and record alerts; update config and groundwork for admin UI integration.
Approved Lovable tool use and migration updates to fix security warning and add monitoring edge function. Prepare and apply migrations to ensure search_path is set to public and implement monitoring endpoint for rate limit metrics.
Add a React admin dashboard component to visualize rate limit metrics and statistics, including data fetching from the rate-limit-metrics edge function, charts and statistics, and admin routes/integration. Includes setup for routing and UI scaffolding to display total requests, block rate, top blocked IPs/users, and recent activity with interactive charts.
Add an edge function rate-limit-metrics to expose metrics via API, including authentication guards, CORS headers, and multiple query endpoints for recent metrics, stats, and function/user/IP-specific data. Integrates with new metrics and auth helpers and uses existing rate limiter.
Add Phase 2 updates to rateLimiter.ts:
- Import and hook in rateLimitMetrics and authHelpers
- Track per-request metrics on allowed/blocked outcomes
- Extract userId and clientIP for metrics
- Extend RateLimiter to pass functionName for metrics context
- Update withRateLimit to utilize new metadata and return values
Consolidate CORS handling by introducing a shared supabase/functions/_shared/cors.ts and migrate edge functions to import from it. Remove inline cors.ts usage across functions, standardize headers (including traceparent and x-request-id), and prepare for environment-aware origins.
Updated edge functions to include traceparent and x-request-id in Access-Control-Allow-Headers for:
- supabase/functions/process-selective-approval/cors.ts
- supabase/functions/process-selective-rejection/cors.ts
This fixes CORS preflight and allows POST requests to reach edge functions.
Update supabase/config.toml to set verify_jwt = true for process-selective-rejection, aligning platform authentication with function usage and allowing POST requests to reach the edge function.
Update supabase/config.toml to set verify_jwt = true for the process-selective-approval function, aligning platform authentication with the function’s requirements and allowing authenticated POST requests to reach the edge function.
Enhance process-selective-approval with startup env var validation, request-level logging, and improved error handling to diagnose edge function failures. Includes checks for SUPABASE_ANON_KEY, startup init log, per-request logs, and robust catch-block logging.
Approve and apply migration to fix RPC for park location data
- Update TypeScript types to remove temp_location_data
- Create migration to fix create_submission_with_items by using relational park_submission_locations
- Ensure _temp_location is extracted and stored properly
Update database migration to fix create_submission_with_items to use relational park_submission_locations for location data, removing temp_location_data usage; add corresponding TypeScript type cleanup to drop temp_location_data field from submission data types.
Refactor to store park location data relationally:
- Retrieve park_submission_id from park_submissions
- Remove embedded temp_location_data usage
- Update park_submissions without location, then upsert location into park_submission_locations
- Align behavior with updateSubmissionItems pattern to fix JSON storage in Item history
Refactor src/lib/integrationTests/suites/moderationDependencyTests.ts to replace direct submission_items inserts with proper submission helper usage (submitParkCreation), aligning with relational schema. Update dep-001 to create parks via helpers and adjust item retrieval/cleanup accordingly. Modify dep-002 to verify relational submission structure via helpers, ensuring tests interact with new schema and avoid legacy item_data usage. This fixes schema/mapping mismatches and aligns tests with the approved Phase 2 approach.
Implements a CleanupReport UI component to display detailed cleanup results after test runs, including tables cleaned, records deleted per table, duration, and errors. Integrates with IntegrationTestRunner to show cleanup summary post-run and exports a compact inline view.
Adds a new test data cleanup utility to safely remove test fixtures after integration test suites. Includes type-safe cleanup functions for parks, rides, companies, ride_models, locations, and submissions, with safety checks (is_test_data filters) and progress logging. Integrates cleanup invocation post-run to prevent database bloat and preserves safety against prod data deletion.
