Some checks are pending
CI / lint-and-test (push) Waiting to run
* feat(kb): apply_proposal engine to land approved proposals into canonical Stage 2 of the KB apply pipeline (approve -> APPLY -> render -> surface). Turns an approved kb_stage.kb_proposals row into canonical public.* rows and flips the ledger to 'applied' in one verified transaction. - Connects as the narrow kb_apply role (never superuser): writes only strategies, strategy_nodes, claim_evidence, claim_edges + kb_proposals ledger. Enforces "agents propose, do not self-apply" at the DB boundary. - Per-type handlers: revise_strategy (versioned strategy + node replace), add_edge, attach_evidence (requires existing source_id; source minting is intentionally out of scope for kb_apply's grants). - Strict apply_payload contract (v1); freeform eval packets are normalized upstream, not applied directly. - --dry-run prints exact SQL; idempotent (refuses non-approved / already-applied); transactional with an in-txn DO-block invariant check that rolls back on failure. - Unit tests cover SQL builders, validation, dispatch, and status guards. * fix(kb): rowcount=1 apply guard + real applied_by FK stamp Closes the three draft-exit review items on the apply engine: - Ledger flip now runs in a DO block asserting exactly one 'approved' row moved to 'applied' (GET DIAGNOSTICS row_count). Closes the concurrent double-apply race — load_proposal (read) and the flip (write) are separate statements, so a row lock cannot span them; only one concurrent apply can match status='approved', so rowcount=1 is the authoritative guard. A loser RAISEs and the whole txn rolls back. - applied_by_agent_id is stamped as a real FK resolved from public.agents by handle, defaulting to the kb-apply service agent — no more NULL FK, no backfill needed. - scripts/kb_apply_prereqs.sql: one-time superuser bootstrap — inserts the kb-apply service-agent row (kb_apply never gets INSERT on agents), grants kb_apply SELECT on public.agents, and ensures the one-active-strategy unique index (idempotent; already present on prod). 18/18 unit tests pass. * fix(kb): hard-resolve applied_by handle, RAISE on NULL FK Resolve applied_by into a variable and assert NOT NULL before the ledger flip, instead of an inline subselect that silently stamps a NULL applied_by_agent_id on an unresolved handle. Since the FK is ON DELETE SET NULL, a bad handle (typo/unseeded agent) was a legal silent NULL -- the perpetually-NULL FK we eliminated. Unresolved handle now hard-fails -> rollback. Non-default --applied-by (operator, future drafters) is the path that goes through the lookup and could strand NULL.
31 lines
1.5 KiB
PL/PgSQL
31 lines
1.5 KiB
PL/PgSQL
-- kb_apply prerequisites -- run ONCE as the postgres superuser at deploy time.
|
|
--
|
|
-- Stage 2 of the KB apply pipeline (scripts/apply_proposal.py) connects as the
|
|
-- narrow kb_apply role and stamps applied_by_agent_id as a real FK. The FK is
|
|
-- resolved from public.agents by handle, so before the first apply:
|
|
-- 1. a 'kb-apply' service-agent row must exist (one-time bootstrap fixture),
|
|
-- 2. kb_apply needs SELECT on public.agents to resolve it (never INSERT),
|
|
-- 3. the one-active-strategy invariant must be enforced by a unique index.
|
|
--
|
|
-- Every statement is idempotent; re-running the file is a no-op. It grants no
|
|
-- write on public.agents to kb_apply -- the service-agent row is written here,
|
|
-- once, by the superuser, and the runtime role only ever reads it.
|
|
|
|
begin;
|
|
|
|
-- 1. Service-agent fixture. This INSERT is the one-time superuser bootstrap;
|
|
-- kb_apply itself never gains INSERT on public.agents (SELECT only, below).
|
|
insert into public.agents (id, handle, kind)
|
|
values ('44444444-4444-4444-4444-444444444444', 'kb-apply', 'service')
|
|
on conflict (handle) do nothing;
|
|
|
|
-- 2. Allow the apply tool to resolve applied_by_agent_id. Read-only, no INSERT.
|
|
grant select on public.agents to kb_apply;
|
|
|
|
-- 3. Enforce "one active strategy per agent" at the database. Already present on
|
|
-- current prod as one_active_strategy_per_agent; IF NOT EXISTS documents and
|
|
-- guarantees the dependency for fresh environments (no-op where it exists).
|
|
create unique index if not exists one_active_strategy_per_agent
|
|
on public.strategies (agent_id) where active;
|
|
|
|
commit;
|