Skip to content

fix(grants): add DEFAULT PRIVILEGES for authenticated/anonymous + polling error logging#99

Merged
devin-ai-integration[bot] merged 2 commits into
feat/flows-panel-uifrom
feat/execution-table-grants
Jun 14, 2026
Merged

fix(grants): add DEFAULT PRIVILEGES for authenticated/anonymous + polling error logging#99
devin-ai-integration[bot] merged 2 commits into
feat/flows-panel-uifrom
feat/execution-table-grants

Conversation

@pyramation

Copy link
Copy Markdown
Contributor

Summary

The execution overlay UI was stuck on "executing..." forever because pollExecutionStatus silently caught all GraphQL errors — the catch {} blocks swallowed failures and nsRows stayed empty, causing overallStatus to always evaluate to 'running'.

Two fixes:

  1. DEFAULT PRIVILEGES for future tablesconstructive_compute_public and constructive_platform_function_graph_public now grant:

    • authenticated: SELECT, INSERT, UPDATE, DELETE on all future tables
    • anonymous: SELECT on all future tables

    This ensures any tables created after the initial GRANT ... ON ALL TABLES still get proper permissions.

  2. standalone_schema_access.sql grants for anonymous — adds USAGE + SELECT for the anonymous role on all public schemas. Previously only authenticated had explicit grants; now PostGraphile can serve unauthenticated requests (GraphQL explorer) without permission errors.

  3. Error logging in pollExecutionStatus — all three catch blocks now log via console.error so GraphQL failures are visible in browser dev tools:

    } catch (err) {
      console.error('[pollExecutionStatus] node_states query failed:', err);
    }

Root cause analysis: The grants from standalone_schema_access.sql use GRANT ... ON ALL TABLES IN SCHEMA which only covers tables existing at execution time. The ALTER DEFAULT PRIVILEGES ensures tables created afterward (e.g. by future migrations or partition management) are also covered.

Link to Devin session: https://app.devin.ai/sessions/b2291a8e333e445aa125a2efd1996206
Requested by: @pyramation

…or logging

- Add ALTER DEFAULT PRIVILEGES for authenticated (SELECT, INSERT, UPDATE, DELETE)
  and anonymous (SELECT only) on constructive_compute_public and
  constructive_platform_function_graph_public schemas
- Update standalone_schema_access.sql to grant anonymous role USAGE + SELECT on
  all public schemas (for unauthenticated GraphQL requests)
- Add console.error logging to pollExecutionStatus catch blocks so GraphQL
  failures are visible in browser dev tools instead of silently swallowed
- Regenerate sql/ packages for constructive-compute, constructive-platform-
  function-graph, and constructive-infra-seed
@devin-ai-integration

Copy link
Copy Markdown

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment, CI, and merge conflict monitoring

Anonymous grants are pointless — standalone mode sets anon_role='authenticated'
so all requests (even unauthenticated) use the authenticated role. Only the
authenticated DEFAULT PRIVILEGES are needed.
@devin-ai-integration devin-ai-integration Bot merged commit 41f33c6 into feat/flows-panel-ui Jun 14, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant