Skip to content

feat: platform dev-seed lifecycle endpoint#141

Merged
I-am-nothing merged 1 commit into
mainfrom
feat/dev-seed-endpoint
Jul 6, 2026
Merged

feat: platform dev-seed lifecycle endpoint#141
I-am-nothing merged 1 commit into
mainfrom
feat/dev-seed-endpoint

Conversation

@I-am-nothing

Copy link
Copy Markdown
Contributor

Platform dev-seed lifecycle endpoint

Adds POST /__mirrorstack/platform/lifecycle/app/seed so the platform can push a targeted per-app-per-module data snapshot into a dev-mounted module's local schema over the already-authenticated tunnel. This is what lets a deployed + installed module be dev-mounted with its real installed data (and a producer's exposure-anchored dependency tables for cross-reads) without a full-stack copy — focus-issue F2.

What's in it

  • system/lifecycle.go SeedHandler: COPY-text ingestion via PgConn().CopyFrom (matches the platform seeder's CopyTo), if-empty guard so existing local dev writes are never overwritten, optional CreateSQL to materialize producer dependency tables, sanitized identifiers (pgx.Identifier.Sanitize), 2MB body cap.
  • Dev/tunnel-only: mounted if scope == ScopeApp && !runtime.IsLambda() and behind the same internalAuth platform-token gate as install/upgrade — a deployed Lambda exposes no seed surface.
  • Wire contract byte-matches api-platform feat/dev-mount-overlay's internal/shared/devseed seeder.

Verification

  • go build ./..., go vet ./..., go test ./... (unit + -tags integration against real Postgres) — PASS.
  • Opus security review: initial MEDIUM (seed mounted in the Lambda runtime → raw CreateSQL in prod) is fixed (the !runtime.IsLambda() gate) with a 401/mount test; all other trust-boundary points came back clean (auth gate inherited, guard-bypass scoped to the seed path only, identifiers sanitized, no route lost its body cap). Added an 8MB /platform group backstop so a future route can't be uncapped.

Land order

Enables api-platform feat/dev-mount-overlay's seeder at runtime. Independent build (the platform side is an HTTP client), but module pointers must bump to this SDK version for F2 to actually work end to end.

🤖 Generated with Claude Code

POST /__mirrorstack/platform/lifecycle/app/seed (dev/tunnel-only, gated by internalAuth + !runtime.IsLambda) lets the platform push a targeted per-app-per-module data snapshot into a dev-mounted module's local schema over the authenticated tunnel: COPY-text ingestion via PgConn().CopyFrom, if-empty guard so existing local dev writes are preserved, optional CreateSQL to materialize a producer's exposure-anchored dependency tables, sanitized identifiers, 2MB body cap. Enables a deployed-installed module to be dev-mounted with its real data (F2) without a full-stack copy. Adds an 8MB group backstop on /platform so a future route can't be uncapped.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@I-am-nothing I-am-nothing merged commit 6c57be7 into main Jul 6, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant