Commit Graph

5 Commits

Author SHA1 Message Date
overseer 8395df0f80 fix: complete user-delete FK lockstep across PG and SQLite schemas
The prior user-deletion work updated the PG schema and a live-PG migration
but left the canonical schema definitions inconsistent, breaking user
deletion on fresh PG installs and on all SQLite dev installs.

- schema.sql: add ON DELETE SET NULL to context_files.updated_by (was the
  only user FK missing it; fresh PG installs could not delete an authoring
  user).
- schema_sqlite.sql: bring five user_id FK columns into lockstep with PG
  (drop NOT NULL, add ON DELETE SET NULL): project_context.updated_by,
  context_files.updated_by, change_requests.submitted_by,
  reviews.reviewer_id, audit_log.user_id.
- schema_sqlite.sql: remove the audit_log append-only UPDATE/DELETE triggers.
  ON DELETE SET NULL on audit_log.user_id is an UPDATE the trigger aborted,
  so deleting any user who had ever logged in failed. This mirrors schema.sql,
  which dropped the equivalent PG triggers in fc1a2f5; append-only is enforced
  at the application layer (db.py only INSERTs into audit_log).
- db.py: user_delete no longer swallows non-FK exceptions on the SQLite path
  (Exception masked sqlite3.IntegrityError); only FK violations map to the
  soft "user_has_references" response, everything else propagates. PG
  rollback-on-any-error (shared-connection cascade fix) is preserved.
- db.py: document that SQLite cannot ALTER FK constraints in place; existing
  dev DBs must be recreated to pick up these changes.
- server.py: the global 409 handler no longer leaks raw psycopg text (index
  names, column expressions) to API callers; it is logged instead.
- migrate_user_fk_set_null.py: use the column from FKS_TO_FIX directly instead
  of re-deriving it from the constraint name.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 17:35:34 +00:00
overseer 80635ce011 fix: drop NOT NULL on user_id FK columns for ON DELETE SET NULL
audit_log.user_id, change_requests.submitted_by, reviews.reviewer_id
were NOT NULL but had ON DELETE SET NULL — PG can't set a NOT NULL
column to NULL on delete, so user deletion failed. Migration now drops
NOT NULL before altering the FK constraint.
2026-06-25 14:47:37 +00:00
overseer 9bb89ee62f feat: allow user deletion — FK constraints ON DELETE SET NULL
- schema.sql: all user_id FKs now ON DELETE SET NULL (was RESTRICT)
- migrate_user_fk_set_null.py: drop+readd constraints on existing DBs
- entrypoint.sh: runs migration automatically on startup (non-fatal)
- db.py: rollback moved before FK check (cleanup)

Deleting a user now nullifies their references in audit_log,
project_context, context_files, change_requests, reviews instead of
blocking with a 409.
2026-06-25 14:43:58 +00:00
overseer fc1a2f5103 feat: PostgreSQL migration, OAuth write MCP, Streamable HTTP, env-driven config, admin UI, landing page
- Migrate database from SQLite to PostgreSQL 16 (dual-backend with SQLite fallback)
- Add Streamable HTTP MCP transport (replaces SSE): /readonly/mcp, /write/mcp, /mcp
- Add OAuth ctxd.write scope and public write MCP surface
- Add ctxd.write token validation (write-scoped tokens only on /write/mcp)
- Add env-driven configuration (.env file with env var precedence over ctxd.yaml)
- Add PostgreSQL to docker-compose.yml with healthcheck
- Add psycopg dependency, migration script (SQLite → PostgreSQL)
- Add admin UI: projects tab with typed-confirm delete, user management (list/manage subtabs)
- Add OAuth client management: create, list, revoke (UI, CLI, API)
- Add user active/inactive lifecycle (PATCH/DELETE APIs)
- Add public landing page with themed login form (cookie-based session)
- Add get_client_guide MCP tool (locked LLM-CLIENT.MD in ctxd-docs project)
- Add DELETE /projects/<id> endpoint with cascading deletes
- Add project_delete to db.py with FK ON DELETE SET NULL for audit_log
- Add cookie-based session auth (ctxd_session cookie on login)
- Add landing.html (public host) vs ui.html (internal dashboard)
- Add schema_sqlite.sql for SQLite fallback
- Add auth_password.py (PBKDF2-SHA256 password hashing)
- Add .env.example template with all documented env vars
- Add README.md with full setup, config, API, CLI, and troubleshooting docs
- Add SKILL.md (canonical LLM client guide, lives in project root)
- Update Traefik template: route everything except /mcp
- Update OAuth discovery: advertise ctxd.write scope, /readonly/mcp resource
- Update Hermes MCP config: /mcp endpoint with Bearer header
- Remove DB-level audit_log triggers (conflict with FK ON DELETE SET NULL)
- Remove SSE transport code (replaced by Streamable HTTP)
- Untrack __pycache__ and data/ctxd.db from git
2026-06-24 22:50:54 +00:00
overseer 3c9742ff87 Initial Commit 2026-06-23 23:54:37 +00:00