feat: platform dev-seed lifecycle endpoint#141
Merged
Conversation
POST /__mirrorstack/platform/lifecycle/app/seed (dev/tunnel-only, gated by internalAuth + !runtime.IsLambda) lets the platform push a targeted per-app-per-module data snapshot into a dev-mounted module's local schema over the authenticated tunnel: COPY-text ingestion via PgConn().CopyFrom, if-empty guard so existing local dev writes are preserved, optional CreateSQL to materialize a producer's exposure-anchored dependency tables, sanitized identifiers, 2MB body cap. Enables a deployed-installed module to be dev-mounted with its real data (F2) without a full-stack copy. Adds an 8MB group backstop on /platform so a future route can't be uncapped. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Platform dev-seed lifecycle endpoint
Adds
POST /__mirrorstack/platform/lifecycle/app/seedso the platform can push a targeted per-app-per-module data snapshot into a dev-mounted module's local schema over the already-authenticated tunnel. This is what lets a deployed + installed module be dev-mounted with its real installed data (and a producer's exposure-anchored dependency tables for cross-reads) without a full-stack copy — focus-issue F2.What's in it
system/lifecycle.goSeedHandler: COPY-text ingestion viaPgConn().CopyFrom(matches the platform seeder'sCopyTo), if-empty guard so existing local dev writes are never overwritten, optionalCreateSQLto materialize producer dependency tables, sanitized identifiers (pgx.Identifier.Sanitize), 2MB body cap.if scope == ScopeApp && !runtime.IsLambda()and behind the sameinternalAuthplatform-token gate as install/upgrade — a deployed Lambda exposes no seed surface.feat/dev-mount-overlay'sinternal/shared/devseedseeder.Verification
go build ./...,go vet ./...,go test ./...(unit +-tags integrationagainst real Postgres) — PASS.CreateSQLin prod) is fixed (the!runtime.IsLambda()gate) with a 401/mount test; all other trust-boundary points came back clean (auth gate inherited, guard-bypass scoped to the seed path only, identifiers sanitized, no route lost its body cap). Added an 8MB/platformgroup backstop so a future route can't be uncapped.Land order
Enables api-platform
feat/dev-mount-overlay's seeder at runtime. Independent build (the platform side is an HTTP client), but module pointers must bump to this SDK version for F2 to actually work end to end.🤖 Generated with Claude Code