Fix/pagination cursor bench schema tts scan#1008
Open
lonerthefirst3-sudo wants to merge 4 commits into
Open
Conversation
Adds format validation for cursor values in validate_pagination so that tampered/invalid cursors (containing <, >, null bytes, etc.) return 400 Bad Request instead of propagating to the database and risking a 500. Adds PageResponse<T> builder that trims the sentinel row and sets next_cursor only when there is a next page (last page gets no field). New tests cover: empty result set, single-item result, exactly one full page, limit-boundary sentinel, valid-looking cursor (deleted-item path), tampered cursors with invalid chars, null bytes, and empty string, and asserts the error produces HTTP 400. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…nchmarks branch The existing api-criterion-benchmarks job compared against a 10% threshold; raises it to 20% per the acceptance criteria. The save-api-bench-baseline job previously filed a PR to update baseline.json in the main tree; now it pushes directly to a dedicated `benchmarks` orphan branch (api-benchmark-baseline.json) so the file is not mixed with source history. The comparison step on PRs first tries the branch baseline, falling back to the committed seed file on first run. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a schema-drift-check CI job that:
- Spins up a fresh PostgreSQL 16 service container
- Applies every migration in services/api/database/migrations/ in order,
failing immediately if any migration file errors
- Dumps the resulting schema with pg_dump --schema-only --no-owner
- Normalises and diffs the dump against the committed snapshot at
services/api/database/schema.sql
- Fails with a clear diff output and remediation instructions if drift is
detected; uploads the live dump as a CI artifact for inspection
Also adds the initial schema.sql snapshot derived from migrations 000–016.
The snapshot must be updated as part of every migration PR.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The container-scanning job previously built and scanned only the API Docker image, leaving the TTS service (services/tts/Dockerfile) unscanned. Adds a build + Trivy scan step for the TTS image in the same job, using the same severity threshold (CRITICAL,HIGH, exit-code 1). Each image's SARIF output is uploaded with a distinct category (trivy-api / trivy-tts) so findings appear under separate entries in the GitHub Security tab. npm audit --audit-level=high for TTS dependencies was already present in dependency-scan.yml and is unchanged. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
@lonerthefirst3-sudo Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Type of Change
Testing Done
Checklist
Related Issues