feat: add lib/config.ts with stale-while-revalidate caching + invalidate endpoint

- lib/config.ts: getConfig<T>(table, ttlMs?) with 5-min TTL cache
- Stale-while-revalidate: returns cached data immediately, refreshes in background
- getConfigValue() helper with env var fallback for migration period
- invalidateConfig(table?) to force-refresh on dashboard save
- POST /api/dashboard/config/invalidate with auth + table validation
- lib/types/config.ts: typed interfaces for all 6 config tables
- Uses SUPABASE_SERVICE_ROLE_KEY for server-side config reads (no RLS)

Co-authored-by: dashboard <dashboard@miriad.systems>

Author: Miriad

app/api/dashboard/config/invalidate/route.ts

@@ -0,0 +1,61 @@
+import { NextResponse } from "next/server";
+import { createClient } from "@/lib/supabase/server";
+import { invalidateConfig } from "@/lib/config";
+import type { ConfigTable } from "@/lib/types/config";
+
+export const dynamic = "force-dynamic";
+
+const VALID_TABLES: ConfigTable[] = [
+	"pipeline_config",
+	"remotion_config",
+	"content_config",
+	"sponsor_config",
+	"distribution_config",
+	"gcs_config",
+];
+
+export async function POST(request: Request) {
+	// Fail-closed auth
+	const hasSupabase =
+		(process.env.NEXT_PUBLIC_SUPABASE_URL || process.env.SUPABASE_URL) &&
+		(process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY || process.env.SUPABASE_ANON_KEY);
+
+	if (!hasSupabase) {
+		return NextResponse.json({ error: "Auth not configured" }, { status: 503 });
+	}
+
+	const supabase = await createClient();
+	const {
+		data: { user },
+	} = await supabase.auth.getUser();
+
+	if (!user) {
+		return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+	}
+
+	try {
+		const body = await request.json().catch(() => ({}));
+		const { table } = body as { table?: string };
+
+		// Validate table name if provided
+		if (table && !VALID_TABLES.includes(table as ConfigTable)) {
+			return NextResponse.json(
+				{ error: `Invalid table: ${table}. Valid tables: ${VALID_TABLES.join(", ")}` },
+				{ status: 400 },
+			);
+		}
+
+		invalidateConfig(table as ConfigTable | undefined);
+
+		return NextResponse.json({
+			success: true,
+			invalidated: table ?? "all",
+		});
+	} catch (error) {
+		console.error("Failed to invalidate config:", error);
+		return NextResponse.json(
+			{ error: "Failed to invalidate config" },
+			{ status: 500 },
+		);
+	}
+}

lib/config.ts

@@ -0,0 +1,155 @@
+import { createClient } from "@supabase/supabase-js";
+import type { ConfigTable, ConfigTypeMap } from "@/lib/types/config";
+
+/**
+ * Supabase config module with stale-while-revalidate caching.
+ *
+ * Caching behavior:
+ * - Cold start: fetches from Supabase, caches result
+ * - Warm (< TTL): returns cached data, zero DB queries
+ * - Stale (> TTL): returns cached data immediately, refreshes in background
+ * - Invalidate: called by dashboard "Save" button via /api/dashboard/config/invalidate
+ *
+ * Serverless reality: each Vercel instance has its own in-memory cache.
+ * Worst case: TTL propagation delay across instances. Acceptable for config.
+ */
+
+const DEFAULT_TTL_MS = 5 * 60 * 1000; // 5 minutes
+
+interface CacheEntry<T> {
+	data: T;
+	fetchedAt: number;
+	refreshing: boolean;
+}
+
+const cache = new Map<string, CacheEntry<unknown>>();
+
+/**
+ * Create a Supabase client for config reads.
+ * Uses service role key for server-side access (no RLS).
+ */
+function getSupabaseClient() {
+	const url = process.env.SUPABASE_URL || process.env.NEXT_PUBLIC_SUPABASE_URL;
+	const key = process.env.SUPABASE_SERVICE_ROLE_KEY;
+
+	if (!url || !key) {
+		throw new Error(
+			"Missing SUPABASE_URL or SUPABASE_SERVICE_ROLE_KEY for config access",
+		);
+	}
+
+	return createClient(url, key, {
+		auth: {
+			autoRefreshToken: false,
+			persistSession: false,
+		},
+	});
+}
+
+/**
+ * Fetch a singleton config row from Supabase and update the cache.
+ */
+async function refreshConfig<T extends ConfigTable>(
+	table: T,
+): Promise<ConfigTypeMap[T]> {
+	const supabase = getSupabaseClient();
+	const { data, error } = await supabase
+		.from(table)
+		.select("*")
+		.limit(1)
+		.single();
+
+	if (error) {
+		throw new Error(`Config fetch failed for ${table}: ${error.message}`);
+	}
+
+	cache.set(table, {
+		data,
+		fetchedAt: Date.now(),
+		refreshing: false,
+	});
+
+	return data as ConfigTypeMap[T];
+}
+
+/**
+ * Get config for a table with stale-while-revalidate caching.
+ *
+ * @param table - The config table name
+ * @param ttlMs - Cache TTL in milliseconds (default: 5 minutes)
+ * @returns The config row data
+ *
+ * @example
+ * const pipeline = await getConfig("pipeline_config");
+ * console.log(pipeline.gemini_model); // "gemini-2.0-flash"
+ */
+export async function getConfig<T extends ConfigTable>(
+	table: T,
+	ttlMs = DEFAULT_TTL_MS,
+): Promise<ConfigTypeMap[T]> {
+	const cached = cache.get(table) as CacheEntry<ConfigTypeMap[T]> | undefined;
+	const now = Date.now();
+
+	// Fresh cache — return immediately
+	if (cached && now - cached.fetchedAt < ttlMs) {
+		return cached.data;
+	}
+
+	// Stale cache — return stale data, refresh in background
+	if (cached && !cached.refreshing) {
+		cached.refreshing = true;
+		refreshConfig(table).catch((err) => {
+			console.error(`Background config refresh failed for ${table}:`, err);
+			cached.refreshing = false;
+		});
+		return cached.data;
+	}
+
+	// No cache — must fetch synchronously
+	return refreshConfig(table);
+}
+
+/**
+ * Force-invalidate cached config. Called by the dashboard after saving settings.
+ *
+ * @param table - Specific table to invalidate, or undefined to clear all
+ */
+export function invalidateConfig(table?: ConfigTable) {
+	if (table) {
+		cache.delete(table);
+	} else {
+		cache.clear();
+	}
+}
+
+/**
+ * Get a config value with an env var fallback.
+ * Use during migration — once all config is in Supabase, remove fallbacks.
+ *
+ * @example
+ * const model = await getConfigValue("pipeline_config", "gemini_model", process.env.GEMINI_MODEL);
+ */
+export async function getConfigValue<
+	T extends ConfigTable,
+	K extends keyof ConfigTypeMap[T],
+>(
+	table: T,
+	key: K,
+	fallback?: ConfigTypeMap[T][K],
+): Promise<ConfigTypeMap[T][K]> {
+	try {
+		const config = await getConfig(table);
+		const value = config[key];
+		if (value !== undefined && value !== null) {
+			return value;
+		}
+	} catch (err) {
+		console.warn(`Config lookup failed for ${String(table)}.${String(key)}, using fallback:`, err);
+	}
+
+	if (fallback !== undefined) {
+		return fallback;
+	}
+
+	throw new Error(`No config value for ${String(table)}.${String(key)} and no fallback provided`);
+}

lib/types/config.ts

@@ -0,0 +1,81 @@
+/**
+ * Supabase config table types.
+ * Each interface maps to a singleton row in the corresponding Supabase table.
+ */
+
+export interface PipelineConfig {
+	id: number;
+	gemini_model: string;
+	elevenlabs_voice_id: string;
+	youtube_upload_visibility: string;
+	youtube_channel_id: string;
+	enable_notebooklm_research: boolean;
+	quality_threshold: number;
+	stuck_timeout_minutes: number;
+	max_ideas_per_run: number;
+	updated_at: string;
+}
+
+export interface RemotionConfig {
+	id: number;
+	aws_region: string;
+	function_name: string;
+	serve_url: string;
+	max_render_timeout_sec: number;
+	memory_mb: number;
+	disk_mb: number;
+	updated_at: string;
+}
+
+export interface ContentConfig {
+	id: number;
+	rss_feeds: { name: string; url: string }[];
+	trend_sources_enabled: Record<string, boolean>;
+	system_instruction: string;
+	target_video_duration_sec: number;
+	scene_count_min: number;
+	scene_count_max: number;
+	updated_at: string;
+}
+
+export interface SponsorConfig {
+	id: number;
+	cooldown_days: number;
+	rate_card_tiers: { name: string; description: string; price: number }[];
+	outreach_email_template: string;
+	max_outreach_per_run: number;
+	updated_at: string;
+}
+
+export interface DistributionConfig {
+	id: number;
+	notification_emails: string[];
+	youtube_description_template: string;
+	youtube_default_tags: string[];
+	resend_from_email: string;
+	updated_at: string;
+}
+
+export interface GcsConfig {
+	id: number;
+	bucket_name: string;
+	project_id: string;
+	updated_at: string;
+}
+
+export type ConfigTable =
+	| "pipeline_config"
+	| "remotion_config"
+	| "content_config"
+	| "sponsor_config"
+	| "distribution_config"
+	| "gcs_config";
+
+export type ConfigTypeMap = {
+	pipeline_config: PipelineConfig;
+	remotion_config: RemotionConfig;
+	content_config: ContentConfig;
+	sponsor_config: SponsorConfig;
+	distribution_config: DistributionConfig;
+	gcs_config: GcsConfig;
+};