Implement rate limiting for `submitCompanyCreation` and `submitCompanyUpdate` to prevent abuse and ensure pipeline integrity. This includes adding checks for submission rate limits and recording submission attempts.
Added `recordSubmissionAttempt(userId)` to `submitParkCreation`, `submitParkUpdate`, `submitRideCreation`, and `submitRideUpdate` in `src/lib/entitySubmissionHelpers.ts`. This ensures that rate limit counters are incremented after a successful rate limit check, closing a vulnerability that allowed for unlimited submissions of parks and rides.
Implement Phase 4 by adding `recordSubmissionAttempt` and `withRetry` logic to the ban check for composite submissions. This ensures better error handling and prevents bypass of ban checks due to transient network issues.
Apply migration to enhance the `validate_submission_items_for_approval` function with specific error codes and item details. Update `process_approval_transaction` to utilize this enhanced error information for improved debugging and monitoring. This completes Phase 3 of the pipeline audit.
Implement rate limiting, ban checks, retry logic, and breadcrumb tracking for ride model creation and update functions. Wrap existing ban checks and database operations in retry logic.
Implement rate limiting, ban checks, retry logic, and breadcrumb tracking for all 8 company submission functions: manufacturer, designer, operator, and property_owner (both create and update). This ensures consistency with other protected entity types and enhances the robustness of the submission pipeline.
Update the `process_approval_transaction` function to utilize the new `error_code` and `item_details` returned by the enhanced `validate_submission_items_for_approval` function. This will improve error handling and debugging by providing more specific information when validation fails.
Implement rate limiting, validation, retry logic, and ban checking for photo and timeline submissions. This includes updates to `UppyPhotoSubmissionUpload.tsx` and `entitySubmissionHelpers.ts`.
This commit implements Phase 3 of the Sacred Pipeline, focusing on enhanced error handling. It includes:
- **Transaction Status Polling Endpoint**: A new edge function `check-transaction-status` allows clients to poll the status of moderation transactions using idempotency keys.
- **Expanded Error Sanitizer Patterns**: The `src/lib/errorSanitizer.ts` file has been updated with more comprehensive patterns to remove sensitive information from error messages, making them safer for display and logging. User-friendly replacements for common errors are also included.
- **Rate Limiting for Submission Creation**: Client-side rate limiting has been implemented in `src/lib/submissionRateLimiter.ts` and applied to key submission functions within `src/lib/entitySubmissionHelpers.ts` (e.g., `submitParkCreation`, `submitRideCreation`, `submitParkUpdate`, `submitRideUpdate`) to prevent abuse and accidental duplicate submissions.
Corrected an import error in the `run-cleanup-jobs` edge function. The function was attempting to import from a non-existent `../_shared/cors.ts` file. This has been resolved by defining the `corsHeaders` inline within the function, aligning with the pattern used in other edge functions.
The user approved the use of the Lovable tool. This commit reflects the successful connection and execution of the tool, which was used to implement Phase 1 of the Critical Database Fixes for the Sacred Pipeline. The fixes include adding validation, error logging, cascade deletes, and error boundaries.
Add persistence for transaction statuses to localStorage in ModerationQueue and SubmissionReviewManager components. This ensures that transaction statuses (processing, timeout, cached, completed, failed) are preserved across page refreshes, providing a more robust user experience during active transactions.
Implement visual indicators in the moderation queue and review manager to display the status of ongoing transactions. This includes states for processing, timeout, and cached results, providing users with clearer feedback on the system's activity.
Integrate transaction resilience features into the `useModerationActions` hook by refactoring the `invokeWithIdempotency` function. This change ensures that all moderation paths, including approvals, rejections, and retries, benefit from timeout detection, automatic lock release, and robust idempotency key management. The `invokeWithIdempotency` function has been replaced with a new `invokeWithResilience` function that incorporates these enhancements.
Integrate the `useTransactionResilience` hook into `SubmissionReviewManager.tsx` to add timeout detection, auto-release functionality, and idempotency key management to moderation actions. The `handleApprove` and `handleReject` functions have been updated to use the `executeTransaction` wrapper for these operations.
This commit implements Phase 4 of the Sacred Pipeline, focusing on transaction resilience. It introduces:
- **Timeout Detection & Recovery**: New utilities in `src/lib/timeoutDetection.ts` to detect, categorize (minor, moderate, critical), and provide recovery strategies for timeouts across various sources (fetch, Supabase, edge functions, database). Includes a `withTimeout` wrapper.
- **Lock Auto-Release**: Implemented in `src/lib/moderation/lockAutoRelease.ts` to automatically release submission locks on error, timeout, abandonment, or inactivity. Includes mechanisms for unload events and inactivity monitoring.
- **Idempotency Key Lifecycle Management**: A new module `src/lib/idempotencyLifecycle.ts` to track idempotency keys through their states (pending, processing, completed, failed, expired) using IndexedDB. Includes automatic cleanup of expired keys.
- **Enhanced Idempotency Helpers**: Updated `src/lib/idempotencyHelpers.ts` to integrate with the new lifecycle management, providing functions to generate, register, validate, and update the status of idempotency keys.
- **Transaction Resilience Hook**: A new hook `src/hooks/useTransactionResilience.ts` that combines timeout handling, lock auto-release, and idempotency key management for robust transaction execution.
- **Submission Queue Integration**: Updated `src/hooks/useSubmissionQueue.ts` to leverage the new submission queue and idempotency lifecycle functionalities.
- **Documentation**: Added `PHASE4_TRANSACTION_RESILIENCE.md` detailing the implemented features and their usage.
Create NetworkErrorBanner, SubmissionQueueIndicator, and enhanced retry progress UI components. Integrate them into the application using a ResilienceProvider to manage network status and submission queue states. Update App.tsx to include the ResilienceProvider.
Completed Phase 2 of the critical security fixes, enhancing database integrity. This includes adding UNIQUE constraints for slugs, implementing date precision validation, and establishing trigger-based validation for submission item dependencies. Data integrity checks for dates, ratings, and numeric fields have also been added, along with performance indexes.
The AI confirmed that the migration to implement Phase 1 of the critical security fixes was successful. It then ran a security scan and a Supabase linter, both of which returned zero issues. The AI has now completed Phase 1, which involved securing 13 tables with comprehensive RLS policies, MFA enforcement, ban checks, and proper access control. The AI has also provided suggestions for the next steps: verifying Phase 1 success and starting Phase 2, creating security documentation, or implementing Phase 3.
The AI has successfully completed Phase 3, securing all 7 submission tables with appropriate RLS policies. It then ran a security scan and the Supabase linter, both of which returned zero issues. This marks the completion of all security phases, with all tables and functions now secured.
Approve migration to fix RLS policies for ride_submissions, ride_model_submissions, and timeline_event_submissions. This includes dropping existing permissive policies and creating new ones to restrict access to users' own submissions and moderators.
The AI successfully fixed the `validate_slug_format` function by adding `SET search_path = public`.
The security linter now shows no issues.
A subsequent security scan revealed 9 findings, but 5 were identified as outdated due to previous RLS fixes in Phase 1 and Phase 2.
The remaining findings requiring attention are:
- `profiles` (needs field-level filtering)
- `contact_submissions` (needs RLS verification)
- `park_submissions` (needs RLS verification)
- `company_submissions` (needs RLS verification)
- `photo_submissions` (needs RLS verification)
The AI has completed Phase 2 of RLS security fixes, securing tables such as `user_roles`, `reviews`, `reports`, `submission_items`, `user_blocks`, and `user_preferences`. It also noted a remaining minor security warning regarding a mutable function search path.
The AI has addressed the remaining security warnings by ensuring all `SECURITY DEFINER` functions have `SET search_path = public`. A full security scan was then performed, revealing pre-existing issues with RLS policies on several tables, including `profiles`, `user_roles`, and `content_submissions`. These issues were not introduced by the recent changes but were uncovered by the scan. The AI will inform the user about these findings.
Apply `SET search_path = public` to the `is_user_banned` function to resolve lingering security warnings. This ensures all `SECURITY DEFINER` functions have a properly defined search path, enhancing security and preventing potential issues.
Approve and implement the Supabase migration for the pipeline monitoring alert system. This includes expanding alert types, adding new monitoring functions, and updating existing ones with escalating thresholds.
Implement comprehensive error handling and robustness measures across the entire pipeline as per the detailed plan. This includes database-level security, client-side validation, scheduled maintenance, and fallback mechanisms for edge function failures.
Correct parameter names in integration tests to resolve TypeScript errors. The errors indicate a mismatch between expected and actual parameter names (`p_user_id` vs `_user_id`) in Supabase-generated types, which are now being aligned.
Approve and apply the latest set of database migrations for Phase 4: Application Boundary Hardening. These migrations include orphan image cleanup, slug validation triggers, monitoring and alerting infrastructure, and scheduled maintenance functions.
The AI has implemented the Phase 3 plan, which includes adding approval failure monitoring to the existing error monitoring page, extending the ErrorAnalytics component with approval metrics, adding performance indexes, and creating the ApprovalFailureModal component.
Applies Phase 2 resilience improvements including slug uniqueness constraints, foreign key validation, and rate limiting. This includes new database migrations for slug uniqueness and foreign key validation, and updates to the edge function for rate limiting.
Update the date placeholder in `docs/ATOMIC_APPROVAL_TRANSACTIONS.md` from `2025-01-XX` to `2025-11-06` to accurately reflect the migration completion date.
Implement the destructive migration plan to remove the old approval flow entirely. This includes deleting the legacy edge function, removing the toggle component, simplifying frontend code, and updating documentation.
Update actions.ts and ApprovalTransactionToggle.tsx to default to the new atomic transaction RPC flow. The feature flag can now be used to disable the new flow for emergency rollback.
Implement blue-green deployment strategy for approval flow. This involves deploying the new RPC function alongside the existing edge function, creating a new edge function that calls the RPC, and adding a feature flag to the frontend to toggle between the old and new flows. The plan includes testing in production, gradual rollout, and eventual deprecation of the old edge function.
Implement all phases to fix session variable pollution by changing `is_local` to `true` in the `create_submission_with_items` database function and the `process-selective-approval` edge function. This ensures session variables are transaction-scoped, preventing data corruption and attribution errors. Includes database migration, edge function updates, and monitoring for attribution mismatches.
Implement orphaned image cleanup, temp refs cleanup, deadlock retry, and lock cleanup. These fixes address critical areas of data integrity, resource management, and system resilience within the submission pipeline.
