git.stella-ops.org

stella-ops.org/git.stella-ops.org

Fork 0

Commit Graph

Author	SHA1	Message	Date
master	c5cc11c28f	feat(authority): wire auto-migration + idempotent schema (AGENTS.md §2.7) Brings Authority into §2.7 compliance. Previously AutoMigrate=true was set in Program.cs but no runner was wired; 001_initial_schema.sql was non-idempotent so wiring AddStartupMigrations against a pre-bootstrapped DB crash-looped. Discovered during DEPRECATE-003 when the new drop migration couldn't apply via Authority's own startup path. Idempotency fixes in 001_initial_schema.sql: - CREATE INDEX → CREATE INDEX IF NOT EXISTS (27 indexes) - CREATE TRIGGER → DROP TRIGGER IF EXISTS + CREATE TRIGGER (3 triggers) - CREATE POLICY → DROP POLICY IF EXISTS + CREATE POLICY (12 policies) - CREATE TABLE / FUNCTION (OR REPLACE) / RLS ENABLE / role DO blocks were already idempotent — left unchanged Wiring: - AddStartupMigrations("authority", "Authority", typeof(AuthorityDataSource) .Assembly) called inside RegisterAuthorityServices (canonical Signals/Scanner pattern). - Stale options.AutoMigrate = true + options.MigrationsPath removed from Program.cs. - Migrations\_archived\** excluded from the EmbeddedResource glob. Init script cleanup (migrations own schema authority now): - 04-authority-schema.sql: 569 lines → 60 lines (schema shells + guarded default-tenant seed fallback only; all DDL removed) - 04b-authority-dedicated-schema.sql: same reduction for dedicated DB Verification sequence — all PASS: 1. Green-field replay: 001 runs twice with zero semantic drift (pg_dump diff shows only session restrict nonce). 2. Wire against pre-migrated volume: runner applies 001+002 in 209ms, no crash-loop. 3. Wire + fresh schema: migrates 20 tables from empty in 395ms. 4. Idempotent restart: "Database is up to date", pure no-op. Sprint SPRINT_20260422_003_Authority_auto_migration_compliance created and archived in the same pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 16:03:43 +03:00
master	24be2f2268	chore(devops): dotnet release image + compose/bootstrap stabilization Sprint SPRINT_20260417_024_DevOps_dotnet_release_image_stabilization. - Dockerfile.platform + Dockerfile.dotnet-service adjustments for deterministic layer ordering and cache-friendly publish. - devops/release/components.json updates. - devops/compose: .env, README, legacy + stella-services docker-compose, stellaops env example, postgres-init 04/04b/15/16 authority + release schemas, setup.bootstrap.local.yaml. - Gitea build_release.py script. - scripts/register-local-integrations.ps1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-19 14:43:23 +03:00
master	88eba753ee	Isolate Authority DB from Concelier write pressure Problem: All 46+ services share one PostgreSQL database and connection pool. When Concelier runs advisory sync jobs (heavy writes), the shared pool starves Authority's OIDC token validation, causing login timeouts. Fix: Create a dedicated stellaops_authority database on the same Postgres instance. Authority gets its own connection string with an independent Npgsql connection pool (Maximum Pool Size=20, Minimum Pool Size=2). Changes: - 00-create-authority-db.sql: Creates stellaops_authority database - 04b-authority-dedicated-schema.sql: Applies full Authority schema (tables, indexes, RLS, triggers, seed data) to the dedicated DB - docker-compose.stella-ops.yml: New x-postgres-authority-connection anchor pointing to stellaops_authority. Authority service env updated. Shared pool reduced to Maximum Pool Size=50. The existing stellaops_platform.authority schema remains for backward compatibility. Authority reads/writes from the isolated database. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-01 12:32:03 +03:00

Author

SHA1

Message

Date

master

c5cc11c28f

feat(authority): wire auto-migration + idempotent schema (AGENTS.md §2.7)

Brings Authority into §2.7 compliance. Previously AutoMigrate=true was set
in Program.cs but no runner was wired; 001_initial_schema.sql was
non-idempotent so wiring AddStartupMigrations against a pre-bootstrapped
DB crash-looped. Discovered during DEPRECATE-003 when the new drop
migration couldn't apply via Authority's own startup path.

Idempotency fixes in 001_initial_schema.sql:
- CREATE INDEX → CREATE INDEX IF NOT EXISTS (27 indexes)
- CREATE TRIGGER → DROP TRIGGER IF EXISTS + CREATE TRIGGER (3 triggers)
- CREATE POLICY → DROP POLICY IF EXISTS + CREATE POLICY (12 policies)
- CREATE TABLE / FUNCTION (OR REPLACE) / RLS ENABLE / role DO blocks were
  already idempotent — left unchanged

Wiring:
- AddStartupMigrations("authority", "Authority", typeof(AuthorityDataSource)
  .Assembly) called inside RegisterAuthorityServices (canonical
  Signals/Scanner pattern).
- Stale options.AutoMigrate = true + options.MigrationsPath removed from
  Program.cs.
- Migrations\_archived\** excluded from the EmbeddedResource glob.

Init script cleanup (migrations own schema authority now):
- 04-authority-schema.sql: 569 lines → 60 lines (schema shells + guarded
  default-tenant seed fallback only; all DDL removed)
- 04b-authority-dedicated-schema.sql: same reduction for dedicated DB

Verification sequence — all PASS:
1. Green-field replay: 001 runs twice with zero semantic drift (pg_dump
   diff shows only session restrict nonce).
2. Wire against pre-migrated volume: runner applies 001+002 in 209ms, no
   crash-loop.
3. Wire + fresh schema: migrates 20 tables from empty in 395ms.
4. Idempotent restart: "Database is up to date", pure no-op.

Sprint SPRINT_20260422_003_Authority_auto_migration_compliance created
and archived in the same pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-22 16:03:43 +03:00

master

24be2f2268

chore(devops): dotnet release image + compose/bootstrap stabilization

Sprint SPRINT_20260417_024_DevOps_dotnet_release_image_stabilization.

- Dockerfile.platform + Dockerfile.dotnet-service adjustments for
  deterministic layer ordering and cache-friendly publish.
- devops/release/components.json updates.
- devops/compose: .env, README, legacy + stella-services docker-compose,
  stellaops env example, postgres-init 04/04b/15/16 authority + release
  schemas, setup.bootstrap.local.yaml.
- Gitea build_release.py script.
- scripts/register-local-integrations.ps1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-19 14:43:23 +03:00

master

88eba753ee

Isolate Authority DB from Concelier write pressure

Problem: All 46+ services share one PostgreSQL database and connection
pool. When Concelier runs advisory sync jobs (heavy writes), the shared
pool starves Authority's OIDC token validation, causing login timeouts.

Fix: Create a dedicated stellaops_authority database on the same Postgres
instance. Authority gets its own connection string with an independent
Npgsql connection pool (Maximum Pool Size=20, Minimum Pool Size=2).

Changes:
- 00-create-authority-db.sql: Creates stellaops_authority database
- 04b-authority-dedicated-schema.sql: Applies full Authority schema
  (tables, indexes, RLS, triggers, seed data) to the dedicated DB
- docker-compose.stella-ops.yml: New x-postgres-authority-connection
  anchor pointing to stellaops_authority. Authority service env updated.
  Shared pool reduced to Maximum Pool Size=50.

The existing stellaops_platform.authority schema remains for backward
compatibility. Authority reads/writes from the isolated database.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-01 12:32:03 +03:00

3 Commits