|
5 | 5 |
|
6 | 6 | --- |
7 | 7 |
|
| 8 | +## [2026-05-31] — Fix critical migration drift + docs accuracy + sidecar logging |
| 9 | + |
| 10 | +**Status:** Done |
| 11 | +**Agent:** Kiro |
| 12 | + |
| 13 | +### What was done |
| 14 | +- **CRITICAL — Migration drift fixed.** The committed Prisma migrations were badly out of sync with `schema.prisma`: a fresh `db:migrate deploy` produced only 21 tables / 8 `users` columns, while `db:push` (and prod, patched out-of-band) had 30+ tables / 12 `users` columns. This broke the documented `db:migrate:deploy` deploy path and the API test suite (14/18 files failed at setup with `column totpEnabled does not exist`). |
| 15 | + - Generated reconciliation SQL via `prisma migrate diff` (migration-built DB → schema.prisma) and added migration `20260531000000_reconcile_schema_drift`. It adds the 10 missing tables (`task_assignees`, `sso_configs`, `roles`, `chat_attachments`, `mcp_tool_calls`, `invitations`, `comment_mentions`, `notification_preferences`, `audit_logs`, `sessions`), 3 enums (`invitation_statuses`, `permissions`, `task_assignee_roles`), 4 `users` columns (`totpSecret`, `totpEnabled`, `backupCodes`, `displayName`), `settings.taskDeletionMode`, and `roleId` FKs on workspace_members/team_members/project_access — all with indexes + FKs. |
| 16 | + - Made every statement **idempotent** (`IF NOT EXISTS`, guarded `DO $$ ... EXCEPTION WHEN duplicate_object` blocks) so it is safe against the already-reconciled production DB. |
| 17 | + - Added the missing `prisma/migrations/migration_lock.toml` (provider = postgresql) — without it, `prisma migrate diff --from-migrations` could not read the migrations dir. |
| 18 | + - **Verified:** fresh `migrate deploy` (all migrations incl. reconcile) → 31 tables, 12 user columns, and `prisma migrate diff` reports **"No difference detected"** vs schema. API test suite went from **14 failed/4 passed** to **18 passed / 149 tests / exit 0**. |
| 19 | +- **Docs accuracy.** Removed the false "100% test coverage on execution services" claim from `docs/CODEBASE_INDEX.md` (sidecar actually has 0 automated tests). Updated `docs/ARCHITECTURE.md` deployment section (DigitalOcean/PM2 → Azure Container Apps + ACR, current `deploy-azure.yml` pipeline) and auth section (added PAT + TOTP 2FA + SSO alongside GitHub OAuth). Softened the "GitHub OAuth is the only login method" line in `docs/features/api-reference.md`. |
| 20 | +- **Sidecar logging.** Confirmed the `console.*` → pino `logger` migration across all `apps/sidecar/src` services/routes (was already present in the working tree; verified 0 `console.` calls remain in non-test sidecar source, typecheck clean). This closes the last open guardrail from the F1 plan-compliance review (REJECT-4). |
| 21 | + |
| 22 | +### Files changed |
| 23 | +- `packages/db/prisma/migrations/20260531000000_reconcile_schema_drift/migration.sql` — new reconciliation migration (idempotent) |
| 24 | +- `packages/db/prisma/migrations/migration_lock.toml` — new (was missing) |
| 25 | +- `docs/CODEBASE_INDEX.md` — removed false 100% coverage claims (2 spots) |
| 26 | +- `docs/ARCHITECTURE.md` — Azure deployment + CI/CD rewrite; auth section updated (PAT/2FA/SSO) |
| 27 | +- `docs/features/api-reference.md` — auth line corrected |
| 28 | +- `apps/sidecar/src/**` — console→logger (verified; bulk of this was pre-existing working-tree work) |
| 29 | + |
| 30 | +### Verification |
| 31 | +- `prisma migrate deploy` on a fresh DB → 31 tables / 12 user cols; `migrate diff` vs schema → no difference |
| 32 | +- `pnpm --filter @openlinear/api test` → 18 files passed, 149 tests, exit 0 (was 14 failing) |
| 33 | +- `@openlinear/api`, `@openlinear/sidecar`, `@openlinear/db` typecheck → all exit 0 |
| 34 | +- `db:generate` → clean |
| 35 | + |
| 36 | +### Issues encountered / notes |
| 37 | +- Prod Neon DB already has all 31 tables + TOTP columns (someone ran `db:push` against it directly), but its `_prisma_migrations` history is the same incomplete set. The new idempotent reconcile migration is safe to mark-applied or run there; recommend `prisma migrate resolve --applied 20260531000000_reconcile_schema_drift` on prod so history matches without re-running DDL. |
| 38 | +- Both CI workflows (`deploy.yml` legacy/disabled, `deploy-azure.yml` active) use `db:push` for their ephemeral test DB, which is why CI didn't catch the drift. Consider switching CI to `migrate deploy` so the migration path is continuously exercised. |
| 39 | +- Pre-existing uncommitted working-tree changes (chat attachments, transcribe Cartesia URL, opencode init-guard, etc.) were left untouched per protocol. |
| 40 | + |
| 41 | +### Next steps / blockers (follow-ups — NOT done this session) |
| 42 | +- **Sidecar/execution-core test coverage: 0 tests.** The execution engine (clones repos, force-pushes branches, creates PRs) and `packages/execution-core` have no automated tests. Highest-value remaining gap. Add Vitest coverage for lifecycle, git, worktree, batch orchestrator/completion, and the pure `event-stream-processor`. |
| 43 | +- **Multi-tenant OpenCode isolation** (`docs/limitations.md`): cloud deployment still shares one OpenCode process/auth store across users, gated only by `OPENLINEAR_ALLOW_SHARED_OPENCODE=1`. Real per-user isolation (per-user `XDG_DATA_HOME` + process pool) still pending. |
| 44 | +- Consider making CI run `prisma migrate deploy` against a fresh DB (in addition to / instead of `db:push`) to prevent future drift. |
| 45 | + |
| 46 | +--- |
| 47 | + |
8 | 48 | ## [2026-05-26] — Fix sidecar startup crash (missing openid-client + otpauth + ALLOW_SHARED_OPENCODE) |
9 | 49 |
|
10 | 50 | **Status:** Done |
@@ -1552,3 +1592,26 @@ The sidecar was likely not running when login was attempted (single-tenant guard |
1552 | 1592 | ### Next steps / blockers |
1553 | 1593 | - Test full GitHub OAuth login flow in browser at http://localhost:3000 |
1554 | 1594 | - Ensure GitHub OAuth App callback URL includes `http://localhost:3001/api/auth/github/callback` |
| 1595 | + |
| 1596 | +--- |
| 1597 | + |
| 1598 | +## [2026-05-27] — Full codebase review, index, and CODEBASE_INDEX.md |
| 1599 | + |
| 1600 | +**Status:** Done |
| 1601 | +**Agent:** Sisyphus (OpenCode) |
| 1602 | + |
| 1603 | +### What was done |
| 1604 | +- Ran 4 parallel `kiroExplore` background agents exploring API, Frontend, Sidecar, and MCP/DB layers |
| 1605 | +- Read ~40+ key source files directly across all layers |
| 1606 | +- Cross-referenced results with direct reads to verify accuracy |
| 1607 | +- Created comprehensive `docs/CODEBASE_INDEX.md` (651 lines, 12 sections) |
| 1608 | + |
| 1609 | +### Files changed |
| 1610 | +- `docs/CODEBASE_INDEX.md` — New. Complete index covering: architecture overview, API (28 routes, 5 middleware, 12 services, 34 chat tools, auth, error handling, rate limiting, tests), Sidecar execution engine (17 execution files, 5 batch files, safeguards, execution flow), Frontend (15 pages, 27 component dirs, state management, API client, SSE, keyboard shortcuts), Desktop Tauri (4 Rust files, sidecar manager, deeplink), MCP Server (8 tools, stateless Worker, API integration), Database (25+ models, 13 enums, Prisma patterns, migrations), shared packages, CI/CD, patterns/conventions, production URLs, and key commands |
| 1611 | + |
| 1612 | +### Issues encountered |
| 1613 | +- 3 of 4 background sessions returned no output (likely expired); recovered by reading files directly |
| 1614 | +- Background sessions were "idle" but had full results in the final turn — retrieve messages worked on resumption |
| 1615 | + |
| 1616 | +### Next steps / blockers |
| 1617 | +- None. Codebase fully indexed. |
0 commit comments