m/paliad
1
0
Fork 0
Code Issues 146 Pull Requests 8 Actions 3 Packages Projects Releases Wiki Activity

Compare commits

base: m:mai/cronus/coder-cicd-slice-a
Branches Tags
m:main m:mai/bohr/coder-apply-m-s-caption m:mai/faraday/coder-generated-document m:mai/planck/coder-b5-b6-train-share m:mai/archimedes/fixer-port-engine m:mai/maxwell/coder-b4-akte-mode m:mai/lorenz/coder-b3-event-triggered m:mai/euler/fixer-builder-add m:mai/brunel/fixer-prod-500s-after-b1 m:mai/galileo/coder-b1-b2-mvp-train m:mai/pasteur/fixer-pkg-litigationplann m:mai/newton/coder-b0-scenario-db m:mai/edison/inventor-prd-columnar m:mai/knuth/coder-workflow-tracker m:mai/atlas/inventor-extend-tools m:mai/cronus/inventor-unified m:mai/atlas/inventor-deadline-system m:mai/atlas/inventor-followup-rules m:mai/athena/consultant-deadline m:mai/brunel/fixer-dark-mode-support m:mai/knuth/coder-cronus-fristenrechn m:mai/ritchie/coder-mig-153-proceeding m:mai/atlas/inventor-proceeding m:mai/cronus/inventor-fristenrechner m:mai/curie/coder-mig152-clone-dedupe m:mai/darwin/researcher-lexy-draft m:mai/knuth/coder-dedupe-null m:mai/cronus/coder-composer-slice-f m:mai/cronus/coder-composer-slice-e m:mai/cronus/coder-composer-slice-d m:mai/curie/coder-slice-b6-url-rename m:mai/curie/coder-slice-b5-go-rename m:mai/cronus/coder-composer-slice-c m:mai/curie/coder-slice-b4-destructive-drop m:mai/cronus/coder-composer-slice-b m:mai/cronus/coder-composer-slice-a m:mai/cronus/inventor-prd-for m:mai/knuth/coder-verfahrensablauf m:mai/ritchie/coder-make-backup m:mai/diesel/fixer-dark-mode-css m:mai/curie/coder-slice-b3-read-cutover m:mai/diesel/fixer-verfahrensablauf m:mai/curie/coder-slice-b2-dual-write m:mai/cronus/coder-slice-d-scenarios m:mai/knuth/coder-backfill-applies m:mai/hermes/gitster-verfahrensablauf m:mai/cronus/coder-berufung-labels-refactor m:mai/diesel/hotfix-2-mig-134-missing m:mai/curie/coder-slice-b1-procedural-events m:mai/cronus/coder-slice-c-upc-snapshot m:mai/brunel/hotfix-rename-upc-apl m:mai/cronus/coder-slice-b3-primary-party m:mai/cronus/coder-slice-b2-catalog-query m:mai/cronus/inventor-litigation-slice-b m:mai/curie/researcher-slice-b-zero m:mai/cronus/inventor-litigation m:mai/artemis/gitster-remove-admin m:mai/ritchie/coder-sort-post-trigger m:mai/knuth/coder-conditional-label m:mai/hermes/coder-verfahrensablauf m:mai/brunel/rebase-121-conditional m:mai/knuth/coder-conditional-rule m:mai/hermes/gitster-dark-mode-fix m:mai/ritchie/coder-submission-form m:mai/artemis/gitster-re-surface m:mai/brunel/fixer-views-any-filters m:mai/cronus/coder-cicd-slice-a m:mai/knuth/coder-wave-1-tier-1-rule m:mai/ritchie/coder-upc-damages-add m:mai/cronus/inventor-ci-cd-pre m:mai/brunel/rebase-108-language m:mai/hermes/gitster-admin-rules-list m:mai/artemis/gitster-submission m:mai/icarus/gitster-verfahrensablauf m:mai/orpheus/gitster-search-input m:mai/atlas/coder-event-card-choices-slice-ab m:mai/hermes/gitster-date-range m:mai/demeter/gitster-submission m:mai/knuth/coder-hl-patents-style m:mai/hermes/gitster-draft-editor m:mai/atlas/inventor-per-event-card m:mai/knuth/coder-deadline-rule-tier m:mai/cronus/coder-procedural-events-slice-a m:mai/hermes/gitster-deadline-form m:mai/artemis/gitster-add-missing-i18n m:mai/demeter/gitster-paliadin-chat m:mai/brunel/wave0-tier0-deadline-fixes m:mai/artemis/coder-docker-compose-yml m:mai/icarus/coder-inbox-overhaul-slice-a m:mai/atlas/coder-date-range-picker-slice-a m:mai/brunel/fixer-de-inf-lg-cfi m:mai/cronus/inventor-procedural m:mai/hermes/gitster-event-type-modal m:mai/cronus/coder-backup-mode m:mai/curie/researcher-bulletproof m:mai/hermes/gitster-draft-editor-focus-jump m:mai/cronus/inventor-backup-mode m:mai/hermes/gitster-submissions m:mai/artemis/gitster-deadline-form m:mai/brunel/fixer-submission-preview m:mai/brunel/fixer-test-data-reset m:mai/artemis/gitster-approval-withdraw m:mai/demeter/gitster-events m:mai/hermes/gitster-sidebar-loses m:mai/hermes/gitster-browse-a m:mai/brunel/fixer-submissions-demo m:mai/icarus/inventor-inbox-overhaul m:mai/atlas/inventor-symmetric-date m:mai/artemis/gitster-demote-daten m:mai/hermes/gitster-team-view-mailto m:mai/knuth/coder-global-schriftsatze m:mai/knuth/coder-schriftsatze m:mai/ritchie/coder-author-demo-docx m:mai/knuth/coder-add-schriftsatze m:mai/knuth/coder-add-checklist m:mai/knuth/coder-anchor-lookup-must m:mai/tesla/dashboard-resize-clamp m:mai/knuth/coder-demote-projekt m:mai/knuth/coder-paliadin-chat m:mai/knuth/coder-print-views m:mai/knuth/coder-add-proceeding m:mai/knuth/coder-submission m:mai/ritchie/coder-extend-team-email m:mai/knuth/coder-changelog-catch-up m:mai/tesla/dashboard-overlap m:mai/pasteur/fixercoder-dashboard m:mai/newton/inventor-configurable m:mai/dirac/inventorcoder-user m:mai/gauss/inventorcoder-team-admin m:mai/kepler/inventorcoder-project m:mai/darwin/roadmap-ccr-en m:mai/euler/coder-small-ux-polish m:mai/darwin/fristenrechner-cleanup m:mai/darwin/fixercoder-priority-bug m:mai/leibniz/inventor-caldav-multi m:mai/hertz/inventor-unified-modal m:mai/archimedes/inventor-excel-data m:mai/boltzmann/inventor-gap-tolerant m:mai/copernicus/submission-slice-1 m:mai/fermi/interactive-session m:mai/hertz/inventor-suggest-changes m:mai/copernicus/inventor-submission m:mai/mendel/test-strategy-slice-1 m:mai/mendel/inventor-test-strategy m:mai/ampere/custom-views-improvements m:mai/joule/mig-097-apply-huygens-s m:mai/ohm/workstream-b-rename m:mai/huygens/workstream-a-backfill m:mai/kelvin/t-204-phase-2-proceeding m:mai/bohr/ingest-t-paliad-203-rule m:mai/curie/fristenrechner-gap m:mai/maxwell/inbox-grey-out m:mai/rutherford/slice-9-follow-up-b-re m:mai/dirac/slice-9-follow-up-a m:mai/bose/determinator-cascade-slice-3 m:mai/bose/determinator-cascade-slice-2 m:mai/bose/determinator-row-cascade m:mai/lorenz/fristen-phase-3-slice-9 m:mai/curie/fristen-phase-3-slice-12 m:mai/planck/aichat-phase-b-paliad m:mai/young/fristen-phase-3-slice-11b m:mai/lorenz/fristen-phase-3-slice-11a m:mai/lorenz/fristen-phase-3-slice-10 m:mai/lorenz/fristen-phase-3-slice-8 m:mai/lorenz/fristen-phase-3-slice-7 m:mai/lorenz/fristen-phase-3-slice-6 m:mai/lorenz/fristen-phase-3-slice-5 m:mai/lorenz/fristen-phase-3-slice-4 m:mai/lorenz/fristen-phase-3-slice-3 m:mai/lorenz/fristen-phase-3-slice-2 m:mai/lorenz/fristen-phase-3-slice-1 m:mai/pauli/fristen-phase2-design m:mai/tesla/project-timeline-chart m:mai/pauli/fristen-logic-audit m:mai/pauli/determinator-b1-row-by m:mai/noether/tools-cleanup-slice-1 m:mai/kelvin/inventor-tools-surface m:mai/planck/paliadin-per-user-rls m:mai/maxwell/bug-bundle-filterbar m:mai/faraday/project-timeline-chart m:mai/schroedinger/smarttimeline-slice-4 m:mai/bohr/smarttimeline-slice-3 m:mai/gauss/smarttimeline-slice-2 m:mai/riemann/filterbar-phase-2-slice m:mai/lagrange/smarttimeline-design-the m:mai/curie/researcher-determinator m:mai/noether/collapse-regel-typ-on m:mai/riemann/inventor-universal m:mai/minkowski/project-level-our-side m:mai/dirac/inventor-inline-paliadin m:mai/feynman/fristenrechner m:mai/minkowski/navbar-dashboard-reorg m:mai/shannon/approval-rework m:mai/einstein/consultant-deadline-data m:mai/curie/researcher-upc-rop-audit m:mai/noether/paliadin-real-claude m:mai/noether/inventor-paliadin m:mai/hilbert/inventor-approval-policy m:mai/shannon/bug-frist-due-date m:mai/fritz/bug-fristen-termine m:mai/godel/inventor-projects-page m:mai/fritz/bug-paliadin-chat m:mai/kepler/inventor-profession-vs m:mai/noether/inventor-paliadin-in-app m:mai/fritz/bulk-team-email-send-to m:mai/noether/inventor-local-chat-for m:mai/noether/inventor-data-display m:mai/fritz/bug-derived-team-members m:mai/fritz/bug-sidebar-visibly m:mai/noether/inventor-project m:mai/shannon/bug-project-team-add m:mai/cronus/inventor-dual-control m:mai/fritz/bug-edit-mode-on m:mai/cronus/inventor-holidays-per m:mai/ritchie/phase-h-ai-deadline
..
compare: m:mai/ritchie/coder-upc-damages-add
Branches Tags
m:main m:mai/bohr/coder-apply-m-s-caption m:mai/faraday/coder-generated-document m:mai/planck/coder-b5-b6-train-share m:mai/archimedes/fixer-port-engine m:mai/maxwell/coder-b4-akte-mode m:mai/lorenz/coder-b3-event-triggered m:mai/euler/fixer-builder-add m:mai/brunel/fixer-prod-500s-after-b1 m:mai/galileo/coder-b1-b2-mvp-train m:mai/pasteur/fixer-pkg-litigationplann m:mai/newton/coder-b0-scenario-db m:mai/edison/inventor-prd-columnar m:mai/knuth/coder-workflow-tracker m:mai/atlas/inventor-extend-tools m:mai/cronus/inventor-unified m:mai/atlas/inventor-deadline-system m:mai/atlas/inventor-followup-rules m:mai/athena/consultant-deadline m:mai/brunel/fixer-dark-mode-support m:mai/knuth/coder-cronus-fristenrechn m:mai/ritchie/coder-mig-153-proceeding m:mai/atlas/inventor-proceeding m:mai/cronus/inventor-fristenrechner m:mai/curie/coder-mig152-clone-dedupe m:mai/darwin/researcher-lexy-draft m:mai/knuth/coder-dedupe-null m:mai/cronus/coder-composer-slice-f m:mai/cronus/coder-composer-slice-e m:mai/cronus/coder-composer-slice-d m:mai/curie/coder-slice-b6-url-rename m:mai/curie/coder-slice-b5-go-rename m:mai/cronus/coder-composer-slice-c m:mai/curie/coder-slice-b4-destructive-drop m:mai/cronus/coder-composer-slice-b m:mai/cronus/coder-composer-slice-a m:mai/cronus/inventor-prd-for m:mai/knuth/coder-verfahrensablauf m:mai/ritchie/coder-make-backup m:mai/diesel/fixer-dark-mode-css m:mai/curie/coder-slice-b3-read-cutover m:mai/diesel/fixer-verfahrensablauf m:mai/curie/coder-slice-b2-dual-write m:mai/cronus/coder-slice-d-scenarios m:mai/knuth/coder-backfill-applies m:mai/hermes/gitster-verfahrensablauf m:mai/cronus/coder-berufung-labels-refactor m:mai/diesel/hotfix-2-mig-134-missing m:mai/curie/coder-slice-b1-procedural-events m:mai/cronus/coder-slice-c-upc-snapshot m:mai/brunel/hotfix-rename-upc-apl m:mai/cronus/coder-slice-b3-primary-party m:mai/cronus/coder-slice-b2-catalog-query m:mai/cronus/inventor-litigation-slice-b m:mai/curie/researcher-slice-b-zero m:mai/cronus/inventor-litigation m:mai/artemis/gitster-remove-admin m:mai/ritchie/coder-sort-post-trigger m:mai/knuth/coder-conditional-label m:mai/hermes/coder-verfahrensablauf m:mai/brunel/rebase-121-conditional m:mai/knuth/coder-conditional-rule m:mai/hermes/gitster-dark-mode-fix m:mai/ritchie/coder-submission-form m:mai/artemis/gitster-re-surface m:mai/brunel/fixer-views-any-filters m:mai/cronus/coder-cicd-slice-a m:mai/knuth/coder-wave-1-tier-1-rule m:mai/ritchie/coder-upc-damages-add m:mai/cronus/inventor-ci-cd-pre m:mai/brunel/rebase-108-language m:mai/hermes/gitster-admin-rules-list m:mai/artemis/gitster-submission m:mai/icarus/gitster-verfahrensablauf m:mai/orpheus/gitster-search-input m:mai/atlas/coder-event-card-choices-slice-ab m:mai/hermes/gitster-date-range m:mai/demeter/gitster-submission m:mai/knuth/coder-hl-patents-style m:mai/hermes/gitster-draft-editor m:mai/atlas/inventor-per-event-card m:mai/knuth/coder-deadline-rule-tier m:mai/cronus/coder-procedural-events-slice-a m:mai/hermes/gitster-deadline-form m:mai/artemis/gitster-add-missing-i18n m:mai/demeter/gitster-paliadin-chat m:mai/brunel/wave0-tier0-deadline-fixes m:mai/artemis/coder-docker-compose-yml m:mai/icarus/coder-inbox-overhaul-slice-a m:mai/atlas/coder-date-range-picker-slice-a m:mai/brunel/fixer-de-inf-lg-cfi m:mai/cronus/inventor-procedural m:mai/hermes/gitster-event-type-modal m:mai/cronus/coder-backup-mode m:mai/curie/researcher-bulletproof m:mai/hermes/gitster-draft-editor-focus-jump m:mai/cronus/inventor-backup-mode m:mai/hermes/gitster-submissions m:mai/artemis/gitster-deadline-form m:mai/brunel/fixer-submission-preview m:mai/brunel/fixer-test-data-reset m:mai/artemis/gitster-approval-withdraw m:mai/demeter/gitster-events m:mai/hermes/gitster-sidebar-loses m:mai/hermes/gitster-browse-a m:mai/brunel/fixer-submissions-demo m:mai/icarus/inventor-inbox-overhaul m:mai/atlas/inventor-symmetric-date m:mai/artemis/gitster-demote-daten m:mai/hermes/gitster-team-view-mailto m:mai/knuth/coder-global-schriftsatze m:mai/knuth/coder-schriftsatze m:mai/ritchie/coder-author-demo-docx m:mai/knuth/coder-add-schriftsatze m:mai/knuth/coder-add-checklist m:mai/knuth/coder-anchor-lookup-must m:mai/tesla/dashboard-resize-clamp m:mai/knuth/coder-demote-projekt m:mai/knuth/coder-paliadin-chat m:mai/knuth/coder-print-views m:mai/knuth/coder-add-proceeding m:mai/knuth/coder-submission m:mai/ritchie/coder-extend-team-email m:mai/knuth/coder-changelog-catch-up m:mai/tesla/dashboard-overlap m:mai/pasteur/fixercoder-dashboard m:mai/newton/inventor-configurable m:mai/dirac/inventorcoder-user m:mai/gauss/inventorcoder-team-admin m:mai/kepler/inventorcoder-project m:mai/darwin/roadmap-ccr-en m:mai/euler/coder-small-ux-polish m:mai/darwin/fristenrechner-cleanup m:mai/darwin/fixercoder-priority-bug m:mai/leibniz/inventor-caldav-multi m:mai/hertz/inventor-unified-modal m:mai/archimedes/inventor-excel-data m:mai/boltzmann/inventor-gap-tolerant m:mai/copernicus/submission-slice-1 m:mai/fermi/interactive-session m:mai/hertz/inventor-suggest-changes m:mai/copernicus/inventor-submission m:mai/mendel/test-strategy-slice-1 m:mai/mendel/inventor-test-strategy m:mai/ampere/custom-views-improvements m:mai/joule/mig-097-apply-huygens-s m:mai/ohm/workstream-b-rename m:mai/huygens/workstream-a-backfill m:mai/kelvin/t-204-phase-2-proceeding m:mai/bohr/ingest-t-paliad-203-rule m:mai/curie/fristenrechner-gap m:mai/maxwell/inbox-grey-out m:mai/rutherford/slice-9-follow-up-b-re m:mai/dirac/slice-9-follow-up-a m:mai/bose/determinator-cascade-slice-3 m:mai/bose/determinator-cascade-slice-2 m:mai/bose/determinator-row-cascade m:mai/lorenz/fristen-phase-3-slice-9 m:mai/curie/fristen-phase-3-slice-12 m:mai/planck/aichat-phase-b-paliad m:mai/young/fristen-phase-3-slice-11b m:mai/lorenz/fristen-phase-3-slice-11a m:mai/lorenz/fristen-phase-3-slice-10 m:mai/lorenz/fristen-phase-3-slice-8 m:mai/lorenz/fristen-phase-3-slice-7 m:mai/lorenz/fristen-phase-3-slice-6 m:mai/lorenz/fristen-phase-3-slice-5 m:mai/lorenz/fristen-phase-3-slice-4 m:mai/lorenz/fristen-phase-3-slice-3 m:mai/lorenz/fristen-phase-3-slice-2 m:mai/lorenz/fristen-phase-3-slice-1 m:mai/pauli/fristen-phase2-design m:mai/tesla/project-timeline-chart m:mai/pauli/fristen-logic-audit m:mai/pauli/determinator-b1-row-by m:mai/noether/tools-cleanup-slice-1 m:mai/kelvin/inventor-tools-surface m:mai/planck/paliadin-per-user-rls m:mai/maxwell/bug-bundle-filterbar m:mai/faraday/project-timeline-chart m:mai/schroedinger/smarttimeline-slice-4 m:mai/bohr/smarttimeline-slice-3 m:mai/gauss/smarttimeline-slice-2 m:mai/riemann/filterbar-phase-2-slice m:mai/lagrange/smarttimeline-design-the m:mai/curie/researcher-determinator m:mai/noether/collapse-regel-typ-on m:mai/riemann/inventor-universal m:mai/minkowski/project-level-our-side m:mai/dirac/inventor-inline-paliadin m:mai/feynman/fristenrechner m:mai/minkowski/navbar-dashboard-reorg m:mai/shannon/approval-rework m:mai/einstein/consultant-deadline-data m:mai/curie/researcher-upc-rop-audit m:mai/noether/paliadin-real-claude m:mai/noether/inventor-paliadin m:mai/hilbert/inventor-approval-policy m:mai/shannon/bug-frist-due-date m:mai/fritz/bug-fristen-termine m:mai/godel/inventor-projects-page m:mai/fritz/bug-paliadin-chat m:mai/kepler/inventor-profession-vs m:mai/noether/inventor-paliadin-in-app m:mai/fritz/bulk-team-email-send-to m:mai/noether/inventor-local-chat-for m:mai/noether/inventor-data-display m:mai/fritz/bug-derived-team-members m:mai/fritz/bug-sidebar-visibly m:mai/noether/inventor-project m:mai/shannon/bug-project-team-add m:mai/cronus/inventor-dual-control m:mai/fritz/bug-edit-mode-on m:mai/cronus/inventor-holidays-per m:mai/ritchie/phase-h-ai-deadline

1 Commits
mai/cronus ... mai/ritchi

Author SHA1 Message Date
mAi
cb44b3b8cc mAi: #117 + #118 - t-paliad-285/-286 UPC dmgs+pi court followup (mig 133) 
Adds the post-submission court phase to upc.dmgs.cfi and the appeal
route to upc.pi.cfi. The Verfahrensablauf timeline currently stops at
the last party submission (dmgs.rejoin / pi.order); without these rows
the interim conference / oral hearing / decision / appeal sub-tree
never renders, even though atlas's #96 spawn mechanism is in place.

Migration 133 (single slot, coordinated with knuth's #116 on 132):

Section A — UPC Damages tree end (#117):
- upc.dmgs.cfi.interim       court-set, R.105
- upc.dmgs.cfi.oral          court-set, R.118 / R.250
- upc.dmgs.cfi.decision      court-set, R.118 / R.144
- upc.dmgs.cfi.appeal_spawn  2mo, R.220.1(a) / R.224.1(a), spawn → upc.apl.merits

Section B — UPC PI appeal route (#118):
- upc.pi.cfi.appeal_spawn    2mo, R.220.1(a) / R.224.1(a), spawn → upc.apl.merits
  PI orders under R.211 dispose of the urgent question and ride the
  main 2-month track; the 15-day R.220.1(c) order track does not apply.

Same shape as mig 095 inf.appeal_spawn and the upc.inf.cfi
interim/oral/decision rows from mig 012. Court-set rows reuse the
shared interim-conference / oral-hearing / decision concepts.

Citations: docs/research-deadlines-completeness-2026-05-25.md §D + Tier 4 (R.144), docs/audit-upc-rop-deadlines-2026-05-08.md §D R.144 + §F R.220.1(a)/R.224.1(a). Per-row RoP citation in the migration header.

Idempotent INSERT NOT EXISTS guards per row + post-insert DO block that RAISEs EXCEPTION if any expected row is missing or the spawn shape (is_spawn / spawn_proceeding_type_id / parent_id) is wrong.

go build ./... clean, go test ./internal/... clean, bun run build clean.
 2026-05-25 17:25:19 +02:00
13 changed files with 465 additions and 7006 deletions
Expand all files Collapse all files

242
.gitea/workflows/test.yaml
View File

@@ -1,242 +0,0 @@
# Paliad CI gate (t-paliad-282 / m/paliad#114).
#
# Single workflow, two purposes:
#
# - On every push: gate tier — build + unit + migration smoke. Red gate
# means no further work and (on main) no deploy.
# - On push to main with gate green: deploy step — calls the Dokploy
# compose-deploy API for paliad's compose Zx147ycurfYagKRl_Zzyo, then
# polls /health/ready until the new container reports 200.
#
# The deploy step REPLACES the previous Gitea-push → Dokploy webhook path
# (per m's Q11.4 pick: soft-launch with both alive for ~1 week, then
# disable the Dokploy auto-deploy toggle). Soft-launch leaves Dokploy's
# autoDeploy=true intact today — the workflow's deploy step is additive
# and idempotent (Dokploy's deploy is itself idempotent).
#
# Catches the three failure classes from 2026-05-25:
#
# - brunel slot collision (~13:20) — TestMigrations_NoDuplicateSlot,
# pure unit, no DB needed.
# - hermes dropped-col refs (~16:05) — TestBootSmoke, applies all NEW
# migrations (those not in the snapshot) end-to-end against a
# scratch DB restored from internal/db/testdata/prod-snapshot.sql.
# - mig 129 42501 ownership (~14:56→) — TestMigrations_EndToEndAsAppRole,
# applies new migrations as the prod-shaped `postgres` role (which
# is NOT a superuser on supabase/postgres — same shape as
# youpc-supabase prod, see internal/db/testdata/README.md).
#
# Snapshot approach: dump paliad schema + applied_migrations rows from
# prod, commit them. CI restores → ApplyMigrations sees existing migs as
# applied, only runs NEW migs (the ones this PR adds). This sidesteps the
# fresh-DB idempotence requirement on historical migrations (some of
# which use raw COMMIT or pre-installed extensions and can't be replayed
# from scratch). To refresh: `make refresh-snapshot`.
#
# Design: docs/design-cicd-pre-deploy-gate-2026-05-25.md (cronus inventor
# shift, t-paliad-282).
name: Paliad CI gate
on:
push:
branches:
- main
- 'mai/**'
pull_request:
branches: [main]
env:
GO_VERSION: '1.24'
BUN_VERSION: '1.2'
jobs:
# Gate job 1 — pure build. Catches go/bun build breakage that local
# `go build` would catch but which a worker might have skipped before
# pushing. Fast (~60 s) so a red here surfaces immediately.
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: go build
run: go build ./...
- name: go vet
run: go vet ./...
- name: Set up Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: ${{ env.BUN_VERSION }}
- name: bun install + build
working-directory: frontend
run: |
bun install --frozen-lockfile
bun run build
# Gate job 2 — Go test suite + migration smoke against snapshot-restored
# scratch DB.
#
# The Postgres service container uses the same supabase/postgres image
# as youpc-supabase prod. The CI scratch DB starts empty; a setup step
# installs pg_trgm + restores the snapshot. After restore, paliad
# schema is at HEAD-of-snapshot and applied_migrations covers every
# migration up to (and including) the snapshot's max version.
#
# ApplyMigrations called in TestBootSmoke / TestMigrations_EndToEndAsAppRole
# sees the snapshot's applied set, finds whatever NEW migrations this
# PR added on top, and applies only those. The role-split smoke runs as
# `postgres` (which is NOT a superuser on supabase/postgres, matching
# the prod role topology) — any new migration that needs supabase_admin
# privilege fails here as it would in prod.
test-go:
runs-on: ubuntu-latest
services:
# supabase/postgres baked-in auth schema + supabase role topology
# matches youpc-supabase prod. `postgres` here is NOT a superuser
# (verified live: \du postgres shows "Create role, Create DB,
# Replication, Bypass RLS" — no Superuser). This is the prod-shaped
# role the deploy uses.
postgres:
image: supabase/postgres:15.8.1.060
env:
POSTGRES_PASSWORD: ci
POSTGRES_DB: paliad_scratch
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U postgres"
--health-interval 5s
--health-timeout 5s
--health-retries 30
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: Install postgresql-client
run: |
apt-get update -qq && apt-get install -y -qq postgresql-client
# Snapshot restore. Two prep steps as supabase_admin (the actual
# superuser): GRANT CREATE so the `postgres` role can later create
# schemas if a new mig needs it; install pg_trgm so the snapshot's
# trigram indexes restore. Snapshot itself loads as `postgres`.
- name: Provision + restore snapshot
env:
PGPASSWORD: ci
run: |
set -euo pipefail
psql -h localhost -U supabase_admin -d paliad_scratch -v ON_ERROR_STOP=1 \
-c "GRANT CREATE ON DATABASE paliad_scratch TO postgres;" \
-c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
psql -h localhost -U postgres -d paliad_scratch -v ON_ERROR_STOP=1 \
-f internal/db/testdata/prod-snapshot.sql
# Pre-flight: catches brunel slot collision in seconds, no DB
# contact (still useful even though the test-go job has Postgres
# running, because the failure mode is independent).
- name: Migration coordination check
run: go test -count=1 -run TestMigrations_NoDuplicateSlot ./internal/db/
# Role-split end-to-end apply. Connects as `postgres` (NOT a
# superuser on supabase/postgres) and runs ApplyMigrations against
# the snapshot-restored DB. Existing migs are skipped (already in
# applied_migrations); NEW migs in this PR apply here. If a new
# migration assumes supabase_admin privilege, fails with the same
# 42501 error class that took paliad.de offline on 2026-05-25.
- name: Migration end-to-end (deploy role)
env:
TEST_APP_DATABASE_URL: postgres://postgres:ci@localhost:5432/paliad_scratch?sslmode=disable
run: go test -count=1 -run TestMigrations_EndToEndAsAppRole ./internal/db/
# Boot smoke. Confirms ApplyMigrations succeeds + applied set
# matches on-disk set + /healthz returns 200 + /health/ready
# returns 200 (the live-pool variant via TestHealthReady_Live).
- name: Boot smoke + readiness
env:
TEST_DATABASE_URL: postgres://postgres:ci@localhost:5432/paliad_scratch?sslmode=disable
run: go test -count=1 -run 'TestBootSmoke|TestHealthReady_Live' ./cmd/server/
# Full Go test suite WITHOUT TEST_DATABASE_URL so live-DB service
# tests skip (same shape as a developer laptop without a scratch
# DB). Live-DB tests in internal/services/* will be activated by a
# follow-up shift once the snapshot is verified stable across
# multiple PRs — they need investigation against supabase/postgres
# 15.8 (parameter type inference differs subtly from youpc-supabase).
- name: go test ./... (pure + skip-on-no-DB)
run: go test -count=1 ./internal/... ./cmd/...
# Deploy step. Only runs on push to main and only after both gate jobs
# are green. Calls Dokploy's compose.deploy with the paliad compose ID
# (Zx147ycurfYagKRl_Zzyo) and polls /health/ready until it returns 200
# or times out.
#
# Skipped on PR / feature branch pushes — those run the gate tier as
# a status check but don't trigger a prod deploy. Dokploy's existing
# autoDeploy=true webhook continues to fire during the soft-launch
# window (per Q11.4); it can be disabled in the Dokploy UI once this
# workflow has gated ≥5 successful green deploys.
deploy:
runs-on: ubuntu-latest
needs: [build, test-go]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- name: Trigger Dokploy compose deploy
env:
DOKPLOY_KEY: ${{ secrets.DOKPLOY_TOKEN }}
DOKPLOY_API: http://100.99.98.201:3000/api/trpc
COMPOSE_ID: Zx147ycurfYagKRl_Zzyo
run: |
set -euo pipefail
if [ -z "${DOKPLOY_KEY:-}" ]; then
echo "ERROR: DOKPLOY_TOKEN secret is not configured."
echo " Set the secret in Gitea repo settings before this step can deploy."
exit 2
fi
echo "==> POST compose.deploy"
curl -sS --connect-timeout 5 --max-time 30 \
-X POST \
-H "x-api-key: $DOKPLOY_KEY" \
-H "Content-Type: application/json" \
-d "{\"json\":{\"composeId\":\"$COMPOSE_ID\"}}" \
"$DOKPLOY_API/compose.deploy"
echo
- name: Wait for /health/ready
run: |
set -euo pipefail
echo "==> polling https://paliad.de/health/ready"
# Up to 5 minutes (60 × 5 s) — paliad's cold-start is normally
# ≤30 s; the longer budget covers slow image pulls + migration
# apply.
for i in $(seq 1 60); do
status=$(curl -sS --connect-timeout 3 --max-time 5 \
-o /dev/null -w '%{http_code}' \
https://paliad.de/health/ready || echo "000")
if [ "$status" = "200" ]; then
echo "ready after ${i} poll(s)"
exit 0
fi
echo " [$i/60] status=$status — sleeping 5s"
sleep 5
done
echo "ERROR: /health/ready did not return 200 within 5 minutes."
echo " The deploy fired but the new container is not serving."
echo " Investigate: ssh mlake 'docker logs --tail 50 compose-transmit-multi-byte-driver-v7jth9-web-1'"
exit 1

72
Makefile
View File

@@ -21,24 +21,18 @@
# the test runner's working dirs. None of them touch internal/db/migrations/
# files.
.PHONY: help verify-migrations verify-mig verify-mig-app test test-go test-frontend refresh-snapshot
.PHONY: help verify-migrations verify-mig test test-go
help:
@echo "Paliad — developer targets"
@echo ""
@echo " verify-migrations Dry-run pending migrations + boot smoke (needs TEST_DATABASE_URL)"
@echo " verify-mig Alias for verify-migrations"
@echo " verify-mig-app End-to-end migration smoke as non-superuser role"
@echo " (needs TEST_APP_DATABASE_URL — t-paliad-282 / m/paliad#114)"
@echo " test Short test pass — covers gate tier"
@echo " test-go Full Go suite with race detector"
@echo " test-frontend Frontend bun:test suite"
@echo ""
@echo "Set TEST_DATABASE_URL to enable live-DB tests. Example:"
@echo " export TEST_DATABASE_URL=postgres://paliad:...@localhost:11833/paliad_test"
@echo ""
@echo "Set TEST_APP_DATABASE_URL to enable the role-split smoke. Example:"
@echo " export TEST_APP_DATABASE_URL=postgres://paliad_app:...@localhost:5432/paliad_scratch"
# Gate target — the test that would have caught mig 098 / mig 099 before
# deploy. Combines:
@@ -77,67 +71,3 @@ test:
# (full suite, not per-PR).
test-go:
go test -race ./...
# Frontend bun:test suite. Runs the 4 existing pure-TS tests today; will
# grow as mendel's Slice 3 (frontend test infill) lands.
test-frontend:
cd frontend && bun test
# Role-split end-to-end migration smoke — the catch for the mig 129 42501
# ownership class (m/paliad#114). Runs ApplyMigrations as a non-superuser
# role against TEST_APP_DATABASE_URL. Fails the build if any migration
# assumes more privilege than the deploy role has.
#
# Developer setup (local):
# psql -c "CREATE ROLE paliad_app LOGIN PASSWORD 'ci' NOSUPERUSER;"
# psql -c "CREATE DATABASE paliad_scratch OWNER paliad_app;"
# export TEST_APP_DATABASE_URL=postgres://paliad_app:ci@localhost:5432/paliad_scratch
verify-mig-app:
@if [ -z "$$TEST_APP_DATABASE_URL" ]; then \
echo "ERROR: TEST_APP_DATABASE_URL is not set."; \
echo " The role-split migration smoke cannot run without a non-superuser scratch DB."; \
echo " See Makefile comments above this target for setup."; \
exit 2; \
fi
go test -count=1 -run TestMigrations_EndToEndAsAppRole ./internal/db/
# Refresh the prod schema snapshot used by CI's migration smoke
# (t-paliad-282 / m/paliad#114). Connects to youpc-supabase prod, dumps
# the paliad schema + applied_migrations rows, strips rows beyond the
# current branch's max on-disk version, and writes
# internal/db/testdata/prod-snapshot.sql.
#
# When to refresh:
# - After merging a PR that added a new migration to main.
# - When CI's migration smoke starts spuriously failing because the
# snapshot's applied set diverges from on-disk by more than this
# branch's worth of new migs.
#
# Requires PALIAD_PROD_DATABASE_URL env var (a Postgres URL with
# pg_dump rights on youpc-supabase). Example:
# export PALIAD_PROD_DATABASE_URL='postgres://postgres:PW@100.99.98.201:11833/postgres'
refresh-snapshot:
@if [ -z "$$PALIAD_PROD_DATABASE_URL" ]; then \
echo "ERROR: PALIAD_PROD_DATABASE_URL is not set."; \
echo " Refresh requires read access to youpc-supabase prod."; \
exit 2; \
fi
@echo "==> dumping paliad schema (no owner, no privs)..."
@pg_dump --schema-only --schema=paliad --no-owner --no-privileges \
--no-publications --no-subscriptions \
"$$PALIAD_PROD_DATABASE_URL" > internal/db/testdata/prod-snapshot.sql.tmp
@echo "==> appending applied_migrations rows..."
@pg_dump --data-only --table=paliad.applied_migrations \
--no-owner --no-privileges \
"$$PALIAD_PROD_DATABASE_URL" >> internal/db/testdata/prod-snapshot.sql.tmp
@echo "==> stripping pg16 \\restrict / \\unrestrict commands for pg15 compat..."
@sed -i.bak '/^\\restrict /d; /^\\unrestrict /d' internal/db/testdata/prod-snapshot.sql.tmp
@rm -f internal/db/testdata/prod-snapshot.sql.tmp.bak
@echo "==> stripping applied_migrations rows beyond branch's max on-disk version..."
@MAX_VER=$$(ls internal/db/migrations/*.up.sql | xargs -I{} basename {} | sed 's/_.*//' | sort -n | tail -1); \
awk -v max=$$MAX_VER ' \
/^[0-9]+\t/ { split($$0, a, "\t"); if (a[1]+0 > max) next; } \
{ print } \
' internal/db/testdata/prod-snapshot.sql.tmp > internal/db/testdata/prod-snapshot.sql
@rm internal/db/testdata/prod-snapshot.sql.tmp
@wc -l internal/db/testdata/prod-snapshot.sql

1
cmd/server/main.go
View File

@@ -165,7 +165,6 @@ func main() {
sysAuditSvc := services.NewSystemAuditLogService(pool)
checklistTemplateSvc := services.NewChecklistTemplateService(pool, checklistCatalogSvc, sysAuditSvc, users)
svcBundle = &handlers.Services{
Pool: pool,
Project: projectSvc,
Team: teamSvc,
PartnerUnit: partnerUnitSvc,

45
cmd/server/main_smoke_test.go
View File

@@ -98,51 +98,6 @@ func TestBootSmoke(t *testing.T) {
if body := strings.TrimSpace(rec.Body.String()); body != "ok" {
t.Errorf("GET /healthz: body=%q; want \"ok\"", body)
}
// (4) Readiness probe. With a nil Services bundle the endpoint MUST
// report 503 — that's the contract documented in handlers/handlers.go.
// A separate svc-with-Pool case is exercised in TestHealthReady (live).
rec = httptest.NewRecorder()
req = httptest.NewRequest(http.MethodGet, "/health/ready", nil)
mux.ServeHTTP(rec, req)
if rec.Code != http.StatusServiceUnavailable {
t.Errorf("GET /health/ready (nil svc): status=%d; want 503", rec.Code)
}
}
// TestHealthReady_Live asserts the readiness probe answers 200 when the
// pool is reachable, 503 when it isn't. Requires TEST_DATABASE_URL.
//
// Why a separate test: TestBootSmoke runs Register with svc=nil to keep
// its setup minimal; the pool-reachable path needs the pool wired in
// through svc.Pool. Two tests, two assertions, no entanglement.
func TestHealthReady_Live(t *testing.T) {
url := os.Getenv("TEST_DATABASE_URL")
if url == "" {
t.Skip("TEST_DATABASE_URL not set — skipping live readiness probe")
}
if err := db.ApplyMigrations(url); err != nil {
t.Fatalf("db.ApplyMigrations: %v", err)
}
pool, err := db.OpenPool(url)
if err != nil {
t.Fatalf("open pool: %v", err)
}
mux := http.NewServeMux()
authClient := auth.NewClient("https://test.invalid", "anon-key", []byte("test-secret"))
handlers.Register(mux, authClient, "", &handlers.Services{Pool: pool})
rec := httptest.NewRecorder()
req := httptest.NewRequest(http.MethodGet, "/health/ready", nil)
mux.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Errorf("GET /health/ready (live pool): status=%d, body=%q; want 200", rec.Code, rec.Body.String())
}
if body := strings.TrimSpace(rec.Body.String()); body != "ready" {
t.Errorf("GET /health/ready (live pool): body=%q; want \"ready\"", body)
}
}
// embeddedMigrationVersions returns every N where N_*.up.sql exists in

181
docs/cicd-runner-setup-2026-05-25.md
View File

@@ -1,181 +0,0 @@
# CI/CD runner setup — paliad
**Companion to:** `docs/design-cicd-pre-deploy-gate-2026-05-25.md` (Slice A, t-paliad-282 / m/paliad#114)
**Date:** 2026-05-25
**Audience:** mlake / mriver admin (m or head)
Slice A's `.gitea/workflows/test.yaml` requires (a) at least one online Gitea Actions runner and (b) a Dokploy API token wired as a repo secret. Both are one-time setup actions that paliad's source tree cannot perform itself — they live on infra-side. This doc lists them so the workflow can go green on its first run.
---
## 0. Pre-flight: what already exists
Verified live (2026-05-25 cronus inventor shift):
- Gitea 1.24.4 on `mgit.msbls.de`, `has_actions: true` on `m/paliad`.
- `/api/v1/admin/actions/runners` reports **2 runners** registered. They are likely the shared runners used by `m/mGreen` and `m/mGeo` (both have `.gitea/workflows/deploy.yml` with `runs-on: self-hosted`).
- `m/paliad/actions/tasks` reports `total_count=0` — paliad has never run a workflow yet.
The existing runners may already be capable of running paliad's workflow without further setup. The verification step (§3) below tells you whether they are.
---
## 1. Runner placement decision (m's Q11.1)
m's pick: **mriver**.
Rationale: mriver hosts the mai worker fleet but workers spend most of their time waiting on Anthropic. mlake's Dokploy + Swarm workload is more contended. A new runner on mriver adds the least pressure to either box.
If mriver is offline or saturated when CI first fires, fall back to the existing mlake-side runners (they're already registered; no provisioning needed).
---
## 2. One-time setup (admin steps)
### 2.1 Register a new Gitea Actions runner on mriver
```bash
# On mriver, as m:
# 1. Download the act_runner binary (matching Gitea 1.24.x)
curl -L -o /usr/local/bin/act_runner \
https://gitea.com/gitea/act_runner/releases/download/v0.2.13/act_runner-0.2.13-linux-amd64
chmod +x /usr/local/bin/act_runner
# 2. Get a runner registration token. In the Gitea UI:
# /admin → Actions → Runners → "Create new Runner"
# (or org-scope: /m/paliad/settings/actions/runners)
# Copy the token.
# 3. Register
mkdir -p ~/act_runner && cd ~/act_runner
act_runner register --no-interactive \
--instance https://mgit.msbls.de \
--token <REGISTRATION_TOKEN> \
--name mriver-paliad-1 \
--labels ubuntu-latest:docker://node:20-bookworm
# 4. Run as a systemd unit (preferred) or as a session daemon
# Systemd unit example: /etc/systemd/system/act_runner.service
# [Unit]
# Description=Gitea Actions runner
# After=network.target
# [Service]
# User=m
# WorkingDirectory=/home/m/act_runner
# ExecStart=/usr/local/bin/act_runner daemon
# Restart=on-failure
# [Install]
# WantedBy=multi-user.target
sudo systemctl enable --now act_runner
sudo systemctl status act_runner
```
**Why `ubuntu-latest:docker://node:20-bookworm` for the label?** Gitea Actions' `runs-on: ubuntu-latest` resolves via the runner's label map. Mapping it to a Docker image gives the workflow a sandbox with Docker available — required for our Postgres service container in `test.yaml`. mriver should have Docker (for `paliadin-shim`); if not, install it.
### 2.2 Register the Dokploy API token as a repo secret
The workflow's `deploy` job needs `secrets.DOKPLOY_TOKEN`. Use the existing project-wide Dokploy API key (the one stored in `~/.claude/skills/mai-dokploy/SKILL.md`).
In the Gitea UI:
- Navigate to `https://mgit.msbls.de/m/paliad/settings/actions/secrets`
- Click "Add secret"
- Name: `DOKPLOY_TOKEN`
- Value: `mai-ottosSyRHMhmLhhhXaCbKzbqKBuSqzqEtmKDOPelPCeimTaYsbmaVslVyEgJZGCIxVdz`
Or via API (mAi identity):
```bash
curl --netrc-file ~/.netrc-mai -sS -X POST \
-H "Content-Type: application/json" \
https://mgit.msbls.de/api/v1/repos/m/paliad/actions/secrets/DOKPLOY_TOKEN \
-d '{"data":"mai-ottosSyRHMhmLhhhXaCbKzbqKBuSqzqEtmKDOPelPCeimTaYsbmaVslVyEgJZGCIxVdz"}'
```
(Requires repo-owner permission. If mAi lacks it, m runs it.)
---
## 3. Verify the runner sees the workflow
After (2.1) + (2.2):
```bash
# Push the Slice A branch (the one this doc lives on)
git push origin mai/cronus/coder-cicd-slice-a
# Confirm the runner picked up the job
curl --netrc-file ~/.netrc-mai -sS \
"https://mgit.msbls.de/api/v1/repos/m/paliad/actions/tasks?limit=5" | jq '.'
```
A new task per job should appear (build, test-go). If `total_count` stays 0, the runner labels don't match the workflow's `runs-on`. Re-register with `--labels ubuntu-latest` (no docker:// suffix) and the existing runners on mlake will pick it up via shell mode.
---
## 4. Soft-launch (m's Q11.4)
m's pick: **keep both Dokploy auto-deploy and the workflow's deploy step alive for ~1 week. After ≥5 successful green deploys via the workflow, disable Dokploy's autoDeploy in the Dokploy UI for the paliad compose.**
While both are live, every push to main fires:
1. Dokploy webhook (existing path) → deploys immediately, no gate.
2. Gitea workflow → on green, ALSO calls `compose.deploy`.
The second call is idempotent — if Dokploy already deployed the same commit, this is a no-op. The workflow's value during soft-launch is the **gate signal**: a red workflow on a green main = the bad migration shipped via the unguarded webhook and broke prod, and the workflow is shouting about it.
After confidence builds:
1. In the Dokploy UI, navigate to the paliad compose → Settings.
2. Toggle "Auto Deploy" off.
3. Save.
From this point, the only path to deploy is the workflow's deploy job. Red workflow = no deploy.
---
## 5. What Slice A catches today — and what it doesn't
After this branch (`mai/cronus/coder-cicd-slice-a`) merges to main:
### Catches (active in CI)
- **Build breakage** — `go build`, `go vet`, `bun run build`. Red gate, no deploy.
- **Slot collisions** — `TestMigrations_NoDuplicateSlot` runs without a DB. A PR adding migration N when version N already exists fails at gate time. This is the brunel-class catch (m/paliad#114 ~13:20 outage).
- **New-migration shape errors (hermes class)** — `TestBootSmoke` runs `ApplyMigrations` against the snapshot-restored DB. New migs from this PR get applied for real; any column/relation/syntax error fails the gate before merge.
- **New-migration ownership errors (mig 129 42501 class)** — `TestMigrations_EndToEndAsAppRole` runs `ApplyMigrations` connected as `postgres` (NON-superuser on `supabase/postgres:15.8.1.060`, same role topology as youpc-supabase prod). Any migration that assumes supabase_admin privilege fails with the same `42501 must be owner` error class that took paliad.de offline on 2026-05-25.
- **Readiness probe regressions** — `TestHealthReady_Live` confirms `/health/ready` returns 200 against a live pool, 503 against a nil pool.
- **Pure-Go test regressions** — `go test ./internal/... ./cmd/...` runs without `TEST_DATABASE_URL` (live-DB service tests skip the same way they do on a developer laptop without a scratch DB).
### Mechanism — the snapshot approach
CI's scratch DB starts from a `pg_dump` of youpc-supabase paliad schema +
`paliad.applied_migrations` rows, committed to `internal/db/testdata/prod-snapshot.sql`. After restore, the scratch DB is at "paliad HEAD of snapshot" and `ApplyMigrations` sees only this PR's new migrations as pending.
This sidesteps the fresh-DB idempotence problem: several historical migrations (notably mig 037's missing `CREATE EXTENSION pg_trgm`, mig 051's inner `COMMIT;`) can't be replayed from scratch against `supabase/postgres:15.8.1.060`. The snapshot pins everything that's already applied in prod and lets CI focus on what's new — which is what we actually care about for outage prevention.
Snapshot refresh: `make refresh-snapshot` with `PALIAD_PROD_DATABASE_URL` set (see `internal/db/testdata/README.md`).
### Known gap — live-DB service tests don't run in CI
`internal/services/*_test.go` tests with `TEST_DATABASE_URL` set fail against `supabase/postgres:15.8.1.060` with `42P08 inconsistent types deduced for parameter` errors on some INSERT bind paths. The same tests pass against youpc-supabase prod. Cause is unconfirmed — likely subtle differences in type inference between the dockerized image and the prod cluster's configuration. CI today runs `go test ./...` without `TEST_DATABASE_URL` so these tests skip. Not blocking outage prevention; tracked as a follow-up for the post-Slice-A coder.
### Migration cleanup also bundled in this PR
Two surgical migration improvements that surfaced during snapshot debugging — kept here because they're small and harmless:
- **mig 024 + 027** — `ALTER INDEX` / `ALTER POLICY` exception handlers now catch `undefined_object` OR `undefined_table` OR `duplicate_object`. Old handler caught only `undefined_object`; Postgres raises `undefined_table` when the source object never existed and `duplicate_object` when the destination already exists. The expanded handler makes the migrations truly idempotent across the three plausible states: source-still-German (rename succeeds), already-renamed (catches duplicate_object), and fresh-DB-never-had-German (catches undefined_table).
Other migration history bugs (mig 037 missing pg_trgm, mig 051 inner COMMIT) are tracked as a separate cleanup task — not blocking, because the snapshot bypasses them.
### Verification checklist (after Slice A merges)
1. **Workflow green on its first PR run?** Check `/m/paliad/actions`. If not, fix before merging.
2. **Dokploy `compose.deploy` call succeeds?** The workflow's `deploy` job logs the POST response. A successful response is a Dokploy job ID; a 4xx is an auth or compose-id problem.
3. **`/health/ready` returns 200 within 5 minutes after a green deploy?** The workflow polls this. If it times out, the migration may have failed silently inside the new container — check `docker logs --tail 50 compose-transmit-multi-byte-driver-v7jth9-web-1` on mlake.
4. **Reproduce the slot-collision catch locally:** rename `131_…up.sql` to `129_…` (duplicate slot) → workflow MUST fail at `Migration coordination check`. Revert before pushing.
5. **Reproduce the role-split catch locally:** add a no-op migration `132_test_supersedes.up.sql` containing `REINDEX SYSTEM paliad_scratch;` (requires superuser). Workflow MUST fail at `Migration end-to-end (deploy role)`. Revert before pushing.
---
## 6. Future polish (Slice D, m's Q4 R-pick)
`mai-test` post-merge shift: once Slice A is stable, wire a Gitea webhook on push-to-main that fires `/mai-test` as a follow-up shift. It runs the broader smoke + integration suite and posts results as a Gitea commit status. Not blocking; the gate doesn't depend on it.
Implementation belongs in `m/mAi` (the mai webhook handler), not in paliad. Out of scope for Slice A.

51
internal/db/migrate_test.go
View File

@@ -116,57 +116,6 @@ func TestMigrations_DryRun(t *testing.T) {
}
}
// TestMigrations_NoDuplicateSlot is a free-standing pre-flight check that
// scanEmbeddedMigrations refuses to walk a tree where two *.up.sql files
// claim the same NNN slot. This is the brunel-slot-collision class of
// outage (m/paliad#114, 2026-05-25 ~13:20): a worker writes a migration
// at slot N while another shipped slot N from a separate branch, both
// merge, both end up in the embed.FS, and the runner refuses to start.
//
// Catching this at CI time (no DB needed) lets the second PR fail before
// it merges, instead of breaking prod at the next deploy. Pure unit test;
// runs even on developer laptops that don't set TEST_DATABASE_URL.
func TestMigrations_NoDuplicateSlot(t *testing.T) {
if _, err := scanEmbeddedMigrations(); err != nil {
t.Fatalf("scanEmbeddedMigrations: %v "+
"(two migrations share the same NNN slot — coordinate with head "+
"and rename one of them before merging)", err)
}
}
// TestMigrations_EndToEndAsAppRole applies every embedded migration in
// numeric order against a scratch DB connected as a NON-SUPERUSER role.
// This is the prod-shape smoke that the per-mig BEGIN/ROLLBACK dry-run
// (TestMigrations_DryRun) cannot deliver: the dry-run runs each
// statement in isolation and rolls back, so it cannot reproduce the
// mig-129-class outage (m/paliad#114, 2026-05-25 ~14:56 — pq: must be
// owner of table project_event_choices, SQLSTATE 42501) where a
// migration assumes ownership the deploy role doesn't have.
//
// Requires TEST_APP_DATABASE_URL — a Postgres URL whose role is NOT a
// superuser and does NOT own the `paliad` schema (m's Q11.2 pick:
// generic two-role model, see docs/design-cicd-pre-deploy-gate-2026-05-25.md
// §6.2(a)). The CI workflow creates the role + schema split before
// invoking the test; a developer who wants to reproduce the gate locally
// runs the same SQL preamble (see Makefile target `verify-migrations`).
//
// Skipped without TEST_APP_DATABASE_URL — keeps `go test ./...` green
// on machines that haven't set up the role split.
func TestMigrations_EndToEndAsAppRole(t *testing.T) {
url := os.Getenv("TEST_APP_DATABASE_URL")
if url == "" {
t.Skip("TEST_APP_DATABASE_URL not set — skipping role-split end-to-end migration smoke")
}
if err := ApplyMigrations(url); err != nil {
t.Fatalf("ApplyMigrations as app role failed: %v "+
"(a migration assumes more privilege than the deploy role has — "+
"common cases: ALTER TABLE on a schema-owner table, CREATE EXTENSION "+
"without grants, SET ROLE without permission. Fix the migration to "+
"work as the deploy role, or arrange for the schema to be owned by "+
"the deploy role)", err)
}
}
// readAppliedVersions returns the set of versions present in
// paliad.applied_migrations on the scratch DB. Missing table → empty set
// (fresh-DB path; the table only exists after the runner has been called).

26
internal/db/migrations/024_rename_department_columns.up.sql
View File

@@ -26,24 +26,24 @@ DO $$ BEGIN ALTER TABLE paliad.department_members RENAME COLUMN dezernat_id TO d
-- Constraints (primary key + foreign keys + check). Renaming a pkey
-- constraint also renames the underlying index of the same name.
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_pkey TO departments_pkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_lead_user_id_fkey TO departments_lead_user_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_office_check TO departments_office_check; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_pkey TO department_members_pkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_dezernat_id_fkey TO department_members_department_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_user_id_fkey TO department_members_user_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_pkey TO departments_pkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_lead_user_id_fkey TO departments_lead_user_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_office_check TO departments_office_check; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_pkey TO department_members_pkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_dezernat_id_fkey TO department_members_department_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_user_id_fkey TO department_members_user_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- Standalone indexes (non-pkey).
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER INDEX paliad.dezernate_office_idx RENAME TO departments_office_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernate_lead_idx RENAME TO departments_lead_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernat_mitglieder_user_idx RENAME TO department_members_user_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernate_office_idx RENAME TO departments_office_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernate_lead_idx RENAME TO departments_lead_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernat_mitglieder_user_idx RENAME TO department_members_user_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- RLS policies
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER POLICY dezernate_select ON paliad.departments RENAME TO departments_select; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernate_write ON paliad.departments RENAME TO departments_write; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernat_mitglieder_select ON paliad.department_members RENAME TO department_members_select; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernat_mitglieder_write ON paliad.department_members RENAME TO department_members_write; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernate_select ON paliad.departments RENAME TO departments_select; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernate_write ON paliad.departments RENAME TO departments_write; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernat_mitglieder_select ON paliad.department_members RENAME TO department_members_select; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernat_mitglieder_write ON paliad.department_members RENAME TO department_members_write; EXCEPTION WHEN undefined_object THEN NULL; END $$;

26
internal/db/migrations/027_rename_to_partner_units.up.sql
View File

@@ -63,27 +63,27 @@ ALTER TABLE paliad.partner_unit_members RENAME COLUMN department_id TO partner_u
-- 5. Rename constraints. Postgres auto-renames the underlying index for
-- pkey/uniq constraints; standalone indexes are renamed in step 6.
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_pkey TO partner_units_pkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_lead_user_id_fkey TO partner_units_lead_user_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_office_check TO partner_units_office_check; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_pkey TO partner_unit_members_pkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_department_id_fkey TO partner_unit_members_partner_unit_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_user_id_fkey TO partner_unit_members_user_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_pkey TO partner_units_pkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_lead_user_id_fkey TO partner_units_lead_user_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_office_check TO partner_units_office_check; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_pkey TO partner_unit_members_pkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_department_id_fkey TO partner_unit_members_partner_unit_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_user_id_fkey TO partner_unit_members_user_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- 6. Rename non-pkey indexes.
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER INDEX paliad.departments_office_idx RENAME TO partner_units_office_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.departments_lead_idx RENAME TO partner_units_lead_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.department_members_user_idx RENAME TO partner_unit_members_user_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.departments_office_idx RENAME TO partner_units_office_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.departments_lead_idx RENAME TO partner_units_lead_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.department_members_user_idx RENAME TO partner_unit_members_user_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- 7. Rename RLS policies.
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER POLICY departments_select ON paliad.partner_units RENAME TO partner_units_select; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY departments_write ON paliad.partner_units RENAME TO partner_units_write; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY department_members_select ON paliad.partner_unit_members RENAME TO partner_unit_members_select; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY department_members_write ON paliad.partner_unit_members RENAME TO partner_unit_members_write; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY departments_select ON paliad.partner_units RENAME TO partner_units_select; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY departments_write ON paliad.partner_units RENAME TO partner_units_write; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY department_members_select ON paliad.partner_unit_members RENAME TO partner_unit_members_select; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY department_members_write ON paliad.partner_unit_members RENAME TO partner_unit_members_write; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- 8. Audit table for partner-unit events. Mutations on partner_units +

33
internal/db/migrations/133_upc_dmgs_pi_court_followup.down.sql Normal file
View File

@@ -0,0 +1,33 @@
-- Reverses mig 133. Removes the 5 new rules:
-- * upc.dmgs.cfi.interim
-- * upc.dmgs.cfi.oral
-- * upc.dmgs.cfi.decision
-- * upc.dmgs.cfi.appeal_spawn
-- * upc.pi.cfi.appeal_spawn
--
-- The audit_reason is required by the mig 079 trigger for DELETE;
-- set_config at top supplies it.
--
-- Idempotent — if a rule is already missing the DELETE matches zero
-- rows and the audit log records nothing extra.
SELECT set_config(
'paliad.audit_reason',
'mig 133 (down): revert UPC Damages tree-end rows and UPC PI appeal-spawn (t-paliad-285 / m/paliad#117 + t-paliad-286 / m/paliad#118)',
true);
-- Delete the spawn rows first so the parent_id reference goes away
-- before the parent decision row is removed.
DELETE FROM paliad.deadline_rules
WHERE submission_code IN (
'upc.dmgs.cfi.appeal_spawn',
'upc.pi.cfi.appeal_spawn')
AND lifecycle_state = 'published';
DELETE FROM paliad.deadline_rules
WHERE submission_code IN (
'upc.dmgs.cfi.interim',
'upc.dmgs.cfi.oral',
'upc.dmgs.cfi.decision')
AND proceeding_type_id = 17
AND lifecycle_state = 'published';

405
internal/db/migrations/133_upc_dmgs_pi_court_followup.up.sql Normal file
View File

@@ -0,0 +1,405 @@
-- t-paliad-285 (m/paliad#117) + t-paliad-286 (m/paliad#118) —
-- post-submission court followup for UPC Damages and appeal route
-- for UPC Provisional Measures.
--
-- m's 2026-05-25 report: the upc.dmgs.cfi proceeding stops at the
-- last party submission (rejoin) — no interim conference, no oral
-- hearing, no decision row, no appeal-spawn. The upc.pi.cfi
-- proceeding has its decision row (`pi.order`) but no spawn into
-- the appeal tree. Both gaps prevent the Verfahrensablauf timeline
-- from rendering the court phase plus any downstream appeal sub-
-- tree that atlas's #96 spawn-rendering mechanism is otherwise
-- ready to surface.
--
-- Two sections in one migration (slot 133 — knuth on 132, paliadin
-- coordinated):
--
-- A. UPC Damages tree-end rows (#117)
-- A1 upc.dmgs.cfi.interim UPC RoP R.105 court-set hearing
-- A2 upc.dmgs.cfi.oral UPC RoP R.118 / R.250 court-set hearing
-- A3 upc.dmgs.cfi.decision UPC RoP R.118 / R.144 court-set decision
-- A4 upc.dmgs.cfi.appeal_spawn UPC RoP R.220.1(a) / R.224.1(a) 2mo, spawn → upc.apl.merits (id=11)
--
-- B. UPC Provisional Measures appeal route (#118)
-- B1 upc.pi.cfi.appeal_spawn UPC RoP R.220.1(a) / R.224.1(a) 2mo, spawn → upc.apl.merits (id=11)
--
-- Source citations:
-- * docs/research-deadlines-completeness-2026-05-25.md
-- — §2.1 (upc.dmgs.cfi has only 4 rules: R.131.2 / R.137.2 / R.139)
-- — §D Damages table (R.144 tree-end row missing — listed
-- in Tier 4 as "cosmetic", upgraded to Tier-0 by m's
-- report once the wider follow-up gap was understood)
-- * docs/audit-upc-rop-deadlines-2026-05-08.md §D row R.144,
-- §F R.220.1(a) / R.224.1(a) (verified verbatim in youpc DB
-- under law_type=UPCRoP).
-- * UPC Rules of Procedure (consolidated):
-- R.105 — Interim conference (court fixes after written
-- procedure closes; same structural shape as the inf
-- interim conference, already modelled as `upc.inf.cfi.interim`).
-- R.118 — Decision after oral hearing; general rule for
-- deciding panels.
-- R.250 — Determination of damages decision; damages-
-- specific decision rule (chains R.144 indication →
-- damages award).
-- R.144 — Final decision on damages quantum (tree-end
-- anchor for §A3).
-- R.220.1(a) — Appeal lies from any final decision /
-- decision disposing of the case at first instance.
-- A PI order under R.211 disposes of the urgent question
-- and is therefore appealable on the main 2-month track
-- (not the 15-day order track of R.220.1(c), which covers
-- case-management and procedural orders requiring leave).
-- Curie's §F table confirms the main-track wiring for
-- decisions on merits / disposing orders.
-- R.224.1(a) — Statement of Appeal within 2 months of
-- service of the final decision; the deadline-notes text
-- mirrors mig 095's inf.appeal_spawn / rev.appeal_spawn.
-- R.224.2(a) — Statement of grounds within 4 months
-- (separate deadline in the spawned upc.apl.merits
-- proceeding; already present as upc.apl.merits.grounds).
--
-- Shape decisions (mirroring mig 012 / mig 095 conventions):
-- * Court-set rows (interim / oral / decision) carry
-- primary_party='court', event_type='hearing'|'decision',
-- duration_value=0, is_court_set=true, parent_id=NULL,
-- concept_id reuses the shared concepts already wired for
-- upc.inf.cfi (interim-conference / oral-hearing / decision).
-- * Spawn rows carry primary_party='both', is_spawn=true,
-- spawn_proceeding_type_id=11 (upc.apl.merits), spawn_label
-- identical to the merits spawn already in production. The
-- spawn row's parent_id is the spawning decision/order row
-- (so the audit log carries the trigger link).
-- * No condition_expr — m's F2.3 decision recorded in mig 095
-- §3: "the appeal deadline should always be triggered by a
-- decision … appeal is always a possibility." Visibility
-- filtering on the frontend hides appeals on projects where
-- no appeal is contemplated.
-- * sequence_order numbering follows the inf convention
-- (40=interim, 50=oral, 60=decision, 80=appeal_spawn) so the
-- Verfahrensablauf timeline orders consistently across
-- proceedings. For PI the existing pi.order sits at
-- sequence_order=3; the appeal_spawn lands at 10 (clear of
-- the writ phase, room for future court-phase rows).
--
-- Idempotency: every INSERT is gated by `WHERE NOT EXISTS (… same
-- submission_code, proceeding_type_id, lifecycle_state)`. Re-apply
-- against an already-migrated DB inserts zero rows and the audit
-- log carries no duplicate entries.
--
-- audit_reason set_config required at the top — the mig 079 trigger
-- on paliad.deadline_rules raises EXCEPTION 'audit reason required'
-- on INSERT/UPDATE/DELETE without it.
SELECT set_config(
'paliad.audit_reason',
'mig 133: t-paliad-285 / m/paliad#117 + t-paliad-286 / m/paliad#118 — UPC Damages tree-end rows (interim conference R.105, oral hearing R.118/R.250, decision R.118/R.144, appeal-spawn R.220.1(a)) and UPC Provisional Measures appeal-spawn R.220.1(a); see docs/research-deadlines-completeness-2026-05-25.md §D and docs/audit-upc-rop-deadlines-2026-05-08.md §D/§F',
true);
-- =============================================================================
-- A. UPC Damages — court-phase tree end (m/paliad#117)
-- =============================================================================
-- A1. upc.dmgs.cfi.interim — Interim conference (UPC RoP R.105).
-- Court-set hearing fixed by the judge-rapporteur once the
-- written procedure closes. Identical shape to
-- upc.inf.cfi.interim; reuses the shared interim-conference
-- concept node.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state,
concept_id)
SELECT
17,
NULL,
'upc.dmgs.cfi.interim',
'Zwischenverfahren',
'Interim Conference',
NULL,
'court',
'hearing',
0,
'months',
'after',
NULL,
'Termin vom Gericht bestimmt',
'Date set by the court',
40,
false,
NULL,
NULL,
true,
NULL,
false,
NULL,
'optional',
true,
'published',
'e5071152-d408-4455-b644-9e79d86fd538'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.interim'
AND proceeding_type_id = 17
AND lifecycle_state = 'published');
-- A2. upc.dmgs.cfi.oral — Oral hearing (UPC RoP R.118 / R.250).
-- Court-set hearing after the interim conference / close of
-- written procedure. Same shape as upc.inf.cfi.oral; reuses
-- the shared oral-hearing concept node.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state,
concept_id)
SELECT
17,
NULL,
'upc.dmgs.cfi.oral',
'Mündliche Verhandlung',
'Oral Hearing',
NULL,
'court',
'hearing',
0,
'months',
'after',
NULL,
NULL,
NULL,
50,
false,
NULL,
NULL,
true,
NULL,
false,
NULL,
'optional',
true,
'published',
'd6e5b793-dcf1-4d83-81ff-34f42dbb3693'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.oral'
AND proceeding_type_id = 17
AND lifecycle_state = 'published');
-- A3. upc.dmgs.cfi.decision — Damages decision (UPC RoP R.118 /
-- R.144 / R.250). Court-set decision delivered after oral
-- hearing; closes the §3.1 audit gap (R.144 tree-end). Same
-- shape as upc.inf.cfi.decision; reuses the shared decision
-- concept node.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state,
concept_id)
SELECT
17,
NULL,
'upc.dmgs.cfi.decision',
'Entscheidung',
'Decision',
NULL,
'court',
'decision',
0,
'months',
'after',
NULL,
NULL,
NULL,
60,
false,
NULL,
NULL,
true,
NULL,
false,
NULL,
'optional',
true,
'published',
'472fc32d-cc4f-4aa4-8ace-e422031812de'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.decision'
AND proceeding_type_id = 17
AND lifecycle_state = 'published');
-- A4. upc.dmgs.cfi.appeal_spawn — Appeal against damages decision
-- (UPC RoP R.220.1(a), 2-month main track; grounds R.224.2(a)
-- run as a separate deadline in the spawned upc.apl.merits
-- proceeding). Parent points at the freshly-inserted
-- upc.dmgs.cfi.decision; the SELECT subquery resolves it
-- after A3 lands. Same shape as the mig 095 inf.appeal_spawn.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state)
SELECT
17,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.decision'
AND proceeding_type_id = 17
AND lifecycle_state = 'published'
AND is_active = true),
'upc.dmgs.cfi.appeal_spawn',
'Berufung gegen Schadensentscheidung',
'Appeal against damages decision',
'Berufung gegen die Entscheidung über die Schadensbemessung (R.118 / R.144). Statutarische Frist von 2 Monaten ab Zustellung der Entscheidung (R.224.1(a)); die Berufungsbegründung folgt mit 4 Monaten ab Zustellung (R.224.2(a), eigenständige Frist im Berufungsverfahren).',
'both',
'filing',
2,
'months',
'after',
'RoP.220.1.a',
'Innerhalb von 2 Monaten ab Zustellung der Schadensentscheidung Berufungsschrift einreichen (R.224.1(a)). Die Berufungsbegründung (R.224.2(a), 4 Monate) läuft als separate Frist im Berufungsverfahren.',
'Within 2 months of service of the damages decision lodge the Statement of appeal (R.224.1(a)). The Statement of grounds (R.224.2(a), 4 months) runs as an independent deadline in the appeal proceeding.',
80,
true,
11,
'Berufungsverfahren öffnen',
true,
'UPC.RoP.220.1',
false,
NULL,
'optional',
false,
'published'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.appeal_spawn'
AND proceeding_type_id = 17
AND lifecycle_state = 'published');
-- =============================================================================
-- B. UPC Provisional Measures — appeal route (m/paliad#118)
-- =============================================================================
-- B1. upc.pi.cfi.appeal_spawn — Appeal against PI order (UPC RoP
-- R.220.1(a), 2-month main track). PI orders under R.211
-- dispose of the urgent question and are appealable on the
-- main 2-month track (R.220.1(a)/R.224.1(a)); the 15-day
-- order track of R.220.1(c) is for case-management /
-- procedural orders requiring leave and does not apply to
-- PI dispositions. Parent points at the existing
-- upc.pi.cfi.order (sequence_order=3) so the spawn fires
-- once the order is anchored on a project's timeline.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state)
SELECT
10,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.order'
AND proceeding_type_id = 10
AND lifecycle_state = 'published'
AND is_active = true),
'upc.pi.cfi.appeal_spawn',
'Berufung gegen Anordnung',
'Appeal against PI order',
'Berufung gegen die einstweilige Anordnung nach R.211. Eine PI-Anordnung erledigt die einstweilige Streitfrage und wird wie eine Endentscheidung im Hauptverfahren behandelt: statutarische Frist von 2 Monaten ab Zustellung (R.224.1(a)); die Berufungsbegründung folgt mit 4 Monaten ab Zustellung (R.224.2(a), eigenständige Frist im Berufungsverfahren). Die 15-Tage-Spur nach R.220.1(c) / R.220.2 gilt für Verfahrensanordnungen mit Zulassung und ist hier nicht einschlägig.',
'both',
'filing',
2,
'months',
'after',
'RoP.220.1.a',
'Innerhalb von 2 Monaten ab Zustellung der PI-Anordnung Berufungsschrift einreichen (R.224.1(a)). Die Berufungsbegründung (R.224.2(a), 4 Monate) läuft als separate Frist im Berufungsverfahren.',
'Within 2 months of service of the PI order lodge the Statement of appeal (R.224.1(a)). The Statement of grounds (R.224.2(a), 4 months) runs as an independent deadline in the appeal proceeding.',
10,
true,
11,
'Berufungsverfahren öffnen',
true,
'UPC.RoP.220.1',
false,
NULL,
'optional',
false,
'published'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.appeal_spawn'
AND proceeding_type_id = 10
AND lifecycle_state = 'published');
-- =============================================================================
-- C. Post-insert verification — raise if any expected row is missing
-- (matches the mig 095 / 127 convention; protects against a future
-- re-shape of the table that silently drops one of the WHERE NOT
-- EXISTS predicates).
-- =============================================================================
DO $$
DECLARE
v_missing text;
BEGIN
SELECT string_agg(expected, ', ' ORDER BY expected)
INTO v_missing
FROM (VALUES
('upc.dmgs.cfi.interim'),
('upc.dmgs.cfi.oral'),
('upc.dmgs.cfi.decision'),
('upc.dmgs.cfi.appeal_spawn'),
('upc.pi.cfi.appeal_spawn')
) AS t(expected)
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules dr
WHERE dr.submission_code = t.expected
AND dr.lifecycle_state = 'published'
AND dr.is_active = true);
IF v_missing IS NOT NULL THEN
RAISE EXCEPTION
'mig 133: expected published rules missing after insert: %', v_missing;
END IF;
IF NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules dr
WHERE dr.submission_code = 'upc.dmgs.cfi.appeal_spawn'
AND dr.proceeding_type_id = 17
AND dr.spawn_proceeding_type_id = 11
AND dr.is_spawn = true
AND dr.parent_id IS NOT NULL
AND dr.lifecycle_state = 'published'
) THEN
RAISE EXCEPTION
'mig 133: upc.dmgs.cfi.appeal_spawn shape check failed (expected is_spawn=true, spawn_proceeding_type_id=11, parent_id set)';
END IF;
IF NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules dr
WHERE dr.submission_code = 'upc.pi.cfi.appeal_spawn'
AND dr.proceeding_type_id = 10
AND dr.spawn_proceeding_type_id = 11
AND dr.is_spawn = true
AND dr.parent_id IS NOT NULL
AND dr.lifecycle_state = 'published'
) THEN
RAISE EXCEPTION
'mig 133: upc.pi.cfi.appeal_spawn shape check failed (expected is_spawn=true, spawn_proceeding_type_id=11, parent_id set)';
END IF;
END $$;

69
internal/db/testdata/README.md vendored
View File

@@ -1,69 +0,0 @@
# `internal/db/testdata/` — CI snapshot
## `prod-snapshot.sql`
Schema-only `pg_dump` of paliad's prod DB (youpc-supabase paliad schema)
plus the rows of `paliad.applied_migrations` that match this branch's
on-disk migration set.
**Purpose.** Lets CI's migration smoke (`.gitea/workflows/test.yaml`)
restore a Postgres scratch DB to "paliad at HEAD-of-snapshot" without
having to replay 131 migrations from scratch. ApplyMigrations on the
restored DB sees the applied set and only runs whatever NEW migrations
this PR adds — exactly the integration shape we want to test, and the
same shape prod sees on every deploy.
**Why a snapshot at all.** Running ApplyMigrations from scratch against a
fresh `supabase/postgres:15.8.1.060` surfaces multiple fresh-DB
idempotence bugs in historical migrations (raw `COMMIT;` in mig 051,
missing `CREATE EXTENSION pg_trgm` for mig 037, ALTER POLICY
exception-handler gaps in mig 024/027 — the last is fixed in this PR).
Fixing them all is a separate cleanup. The snapshot sidesteps them by
starting CI from a state where every historical migration is already
applied as it was in prod.
**Schema scope.** `--schema=paliad` only. Auth schema comes baked into
`supabase/postgres`; CI's setup step installs `pg_trgm` before restoring.
**Ownership.** `--no-owner --no-privileges` keeps the dump portable
across role topologies (CI's supabase_admin / postgres / authenticated /
anon don't have to match prod's exact role layout). The role-split smoke
relies on `postgres` being a non-superuser, which is true on
supabase/postgres by default.
**Refresh.** Run `make refresh-snapshot` with `PALIAD_PROD_DATABASE_URL`
set to a Postgres URL with `pg_dump` rights on youpc-supabase. The
target appends data rows for `paliad.applied_migrations`, strips
`\restrict` / `\unrestrict` commands (pg 16 dump → pg 15 restore), and
filters out applied-migrations rows for versions beyond the branch's
local max. The CI workflow consumes the resulting file verbatim.
**Verify a refresh.** Boot a local scratch:
```bash
docker run -d --rm --name paliad-snap \
-e POSTGRES_PASSWORD=ci -e POSTGRES_DB=paliad_scratch \
-p 15433:5432 supabase/postgres:15.8.1.060
sleep 5
docker exec -e PGPASSWORD=ci paliad-snap psql -h localhost -U supabase_admin -d paliad_scratch \
-c "GRANT CREATE ON DATABASE paliad_scratch TO postgres;" \
-c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
cat internal/db/testdata/prod-snapshot.sql | docker exec -i -e PGPASSWORD=ci paliad-snap \
psql -h localhost -U postgres -d paliad_scratch -v ON_ERROR_STOP=1
TEST_DATABASE_URL="postgres://postgres:ci@localhost:15433/paliad_scratch?sslmode=disable" \
TEST_APP_DATABASE_URL="postgres://postgres:ci@localhost:15433/paliad_scratch?sslmode=disable" \
go test -count=1 -run 'TestMigrations|TestBootSmoke|TestHealthReady_Live' ./internal/db/ ./cmd/server/
docker stop paliad-snap
```
All four named tests must pass. If any fails after a refresh,
investigate before merging — usually because a new migration was added
to prod that this branch doesn't have on disk yet.
**Why is the snapshot not gzipped?** Small enough (~200 KB) that the
diff stays human-readable in `git diff` reviews. If it crosses ~1 MB,
gzip + decompress-on-restore in CI.
**Privacy.** Schema-only dump, no row data from any paliad table (except
`paliad.applied_migrations`, which contains migration filenames +
checksums — public info already in the repo).

6278
internal/db/testdata/prod-snapshot.sql vendored
View File

File diff suppressed because it is too large Load Diff

42
internal/handlers/handlers.go
View File

@@ -1,13 +1,9 @@
package handlers
import (
"context"
"encoding/json"
"net/http"
"strings"
"time"
"github.com/jmoiron/sqlx"
"mgit.msbls.de/m/paliad/internal/auth"
"mgit.msbls.de/m/paliad/internal/services"
@@ -54,12 +50,6 @@ func noCachePages(h http.Handler) http.Handler {
// Services bundles the Phase B + C database-backed services. Pass nil if
// DATABASE_URL was unset; the matter-management endpoints will return 503.
type Services struct {
// Pool is the raw connection pool. Held so the readiness probe
// (/health/ready) can ping it without going through any individual
// service. nil when DATABASE_URL was unset — in that case
// /health/ready returns 503.
Pool *sqlx.DB
Project *services.ProjectService
Team *services.TeamService
PartnerUnit *services.PartnerUnitService
@@ -198,38 +188,6 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
_, _ = w.Write([]byte("ok\n"))
})
// Readiness probe. Public, no auth. Distinct from /healthz: this
// returns 200 only when the DB pool is reachable. Reaching Register
// at all implies db.ApplyMigrations succeeded (cmd/server/main.go
// calls it before constructing svc), so a 200 here means "migrations
// applied AND pool responsive" — the contract Dokploy / Traefik should
// gate on, not the bind-and-serve check that /healthz answers.
//
// Three outcomes:
// - svc == nil OR svc.Pool == nil → 503 (DB-less knowledge-platform
// deployments report not-ready so an external orchestrator can
// distinguish them from a full prod boot).
// - PingContext fails within 2 s → 503 (pool unreachable).
// - PingContext succeeds → 200 "ready".
//
// Used by docker-compose.yml's healthcheck (Slice B) and by the
// post-deploy verification step in .gitea/workflows/test.yaml.
mux.HandleFunc("GET /health/ready", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cache-Control", "no-store")
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
if svc == nil || svc.Pool == nil {
http.Error(w, "db not configured\n", http.StatusServiceUnavailable)
return
}
ctx, cancel := context.WithTimeout(r.Context(), 2*time.Second)
defer cancel()
if err := svc.Pool.PingContext(ctx); err != nil {
http.Error(w, "db unreachable\n", http.StatusServiceUnavailable)
return
}
_, _ = w.Write([]byte("ready\n"))
})
// API endpoints (JSON, public)
mux.HandleFunc("POST /api/login", handleAPILogin)
mux.HandleFunc("POST /api/register", handleAPIRegister)