Skip to content

Add admin memory verification console, loader, guard contract, docs, and tests#96

Open
besfeng23 wants to merge 1 commit into
mainfrom
codex/add-production-verification-route-and-safety-checks-2cf6rt
Open

Add admin memory verification console, loader, guard contract, docs, and tests#96
besfeng23 wants to merge 1 commit into
mainfrom
codex/add-production-verification-route-and-safety-checks-2cf6rt

Conversation

@besfeng23

Copy link
Copy Markdown
Owner

Motivation

  • Provide a read-only, authenticated admin verification surface to validate production memory-related gates and deployment proof before Phase 3D closure.
  • Centralize and document the expected route guard contract and checklist for closure reviews to avoid accidental public reads or unsafe mutations.
  • Add automated coverage to assert read-only behavior, gate detection, and redirect-only public routes.

Description

  • Add a new admin UI at app/admin/memory/verification/page.tsx that summarizes commit proof, gate states, route availability, unsafe gate detection, and a close/no-close recommendation.
  • Implement loadAdminMemoryVerification in lib/services/admin-memory-verification-loader.ts to assemble verification DTOs from runtime config, persisted-memory reads, and environment proof.
  • Introduce adminMemoryRouteGuardExpectations and helper accessors in lib/services/admin-memory-route-guard-contract.ts to codify expected guard properties for admin memory routes.
  • Add documentation at docs/phase-3d-production-verification.md and a unit test suite tests/unit/admin-memory-verification.test.ts validating gate detection, read-only behavior, redirect-only public routes, and guard expectations.

Testing

  • Ran the new unit tests in tests/unit/admin-memory-verification.test.ts with vitest, which exercise safe and unsafe env configurations and route/read protections, and they passed.
  • The tests assert detection of enabled dangerous gates, persisted read gate behavior, recommendation logic, and that public routes remain redirect-only, and all assertions succeeded.
  • File-level assertions verify that admin routes use server-derived sessions and do not reference service-role or mutation code paths, and these checks passed in the test run.

Codex Task

@vercel

vercel Bot commented Jun 26, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
memory Ready Ready Preview, Comment Jun 26, 2026 7:09am

@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@besfeng23, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 15 minutes and 34 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 21ac8f08-2915-45bb-a452-d0409682a7e3

📥 Commits

Reviewing files that changed from the base of the PR and between 877b95d and 49307a1.

📒 Files selected for processing (5)
  • app/admin/memory/verification/page.tsx
  • docs/phase-3d-production-verification.md
  • lib/services/admin-memory-route-guard-contract.ts
  • lib/services/admin-memory-verification-loader.ts
  • tests/unit/admin-memory-verification.test.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/add-production-verification-route-and-safety-checks-2cf6rt

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 49307a16e3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

return (
<AppShell>
<PageHeader eyebrow="Internal admin" title="Production memory verification" description="Read-only, authenticated/admin-only verification route for Phase 3D closure safety. It reports deployment proof, read availability, route guard status, persisted read gate, unsafe mutation/integration gates, public read status, and a close/no-close recommendation without enabling public reads or writes." />
{!session.ok ? <SectionCard title="Authentication required" description="No persisted rows or proof data are exposed without a Supabase operator session."><Link className="button-link button-link--primary" href={loginPath}>Start operator session</Link></SectionCard> : null}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Hide verification proof until authenticated

When session.ok is false this branch only adds the login card, but the page still continues to render the safety summary and Vercel/environment proof sections below, including commit and gate status details. For an unauthenticated request to this admin-only route, that exposes the internal verification proof that the page copy says requires a Supabase operator session; return the auth-required view early or gate the remaining sections behind session.ok.

Useful? React with 👍 / 👎.

Comment on lines +17 to +21
const session = await resolvePandoraServerSession();
const context = createRepositoryContextFromPandoraSession({ sessionResult: session, namespace });
const runtime = resolvePandoraRuntimeSafetyConfig();
const supabase = await createSupabaseServerClient();
const dto = await loadAdminMemoryVerification({ session, context: context.ok ? context.context : { namespace }, repository: new SupabasePersistedMemoryReadRepository(supabase as never), runtime });

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Require operator capability before verification reads

This route treats any successful Supabase session as sufficient and then loads the verification DTO/repository, while the new guard contract and page copy describe the route as admin/operator-only. In this codebase resolvePandoraServerSession creates ordinary real sessions with empty adminCapabilities and isInternalOperator: false, and other admin APIs such as readiness explicitly require those capabilities, so a non-operator authenticated user can still access the closure proof for their namespace here.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant