tracksolid_timescale_grafan.../migrations
david kiania b11294009b
Some checks are pending
Static Analysis / static (push) Waiting to run
Tests / test (push) Waiting to run
Static Analysis / static (pull_request) Waiting to run
Tests / test (pull_request) Waiting to run
fix(security,ingest): 260702 audit — secure the stack, correct poller counters
Security:
- .dockerignore + Dockerfile: stop baking .env / the 346MB OSM pbf into image
  layers; install pinned from uv.lock (reproducible builds) (SEC-04/05).
- docker-compose: DB port binds ${DB_BIND_ADDR:-127.0.0.1} — loopback-only by
  default; remote tooling moves to an SSH tunnel (SEC-01).
- webhook_receiver: CRITICAL startup warning + WEBHOOK_REQUIRE_TOKEN=1 fail-closed
  when JIMI_WEBHOOK_TOKEN is empty (SEC-02 / FIX-W01).

Correctness:
- FIX-M22/E07: capture cur.rowcount BEFORE RELEASE SAVEPOINT in poll_alarms/
  poll_trips/poll_parking — the RELEASE reported -1, producing "Alarms: -4 new
  events inserted" logs and negative ingestion_log.rows_inserted.
- FIX-W02: parse application/json push bodies (were silently dropped).
- FIX-W03: move webhook DB work off the event loop via asyncio.to_thread.
- FIX-M23: poll_trips phased so no txn/connection is held across Tracksolid +
  Nominatim (1 req/s) network calls.
- FIX-M24: sync_devices disables devices absent from every target (guarded).
- FIX-W04: reject device-clock-garbage alarm_time (2019 timestamps observed).
- get_token(): don't relabel already-aware timestamptz expiries (BUG-P9).

Observability/lifecycle:
- migration 21: v_ingest_health restricted to active pipeline endpoints so
  one-shot tools stop wedging /health/ingest at 'stale' (dry-run verified).
- FIX-M25: daily purge_audit_logs() trims ingestion_log (90d) + refresh_log (180d).
- remove orphaned duplicate migrations/10_driver_clock_views.sql; ruff lint config.

+5 webhook tests (82 pass). Report/plan/work-log in docs/reports/260702_*.
Local only; not deployed. CLAUDE.md fix-history edits left uncommitted (that file
also carries unrelated in-progress edits).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 09:51:02 +03:00
..
02_tracksolid_full_schema_rev.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
03_webhook_schema_migration.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
04_bug_fix_migration.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
05_enhancement_migration.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
06_business_analytics_migration.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
07_analytics_views.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
08_analytics_config.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
09_trips_enrichment.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
10_pgbouncer_auth.sql chore(repo): reorganize tree into migrations/ data/ legacy/ docs/ 2026-06-01 02:27:30 +03:00
11_reporting_schema.sql feat(db): capture reporting.* map-dashboard schema as migration 11 2026-06-05 12:32:44 +03:00
12_drop_ops.sql chore(db): purge unused ops + dwh_gold schemas 2026-06-05 18:11:03 +03:00
13_drop_dwh_gold.sql chore(db): purge unused ops + dwh_gold schemas 2026-06-05 18:11:03 +03:00
14_fleet_segment_and_vehicles_view.sql feat(reporting): fleet segmentation + deduped vehicle roster (migration 14) 2026-06-08 13:54:47 +03:00
15_map_exclude_cost_centres.sql feat(reporting): exclude non-operational vehicles from the live map (migration 15) 2026-06-08 14:18:30 +03:00
16_live_feed_vehicle_type.sql feat(reporting): add vehicle_type + fleet_segment to live map feed (migration 16) 2026-06-08 14:33:21 +03:00
17_fleetops_fuel_view.sql feat(dashboard_api): FleetOps analytics endpoints + fuel view (Phase 3) 2026-06-10 12:12:00 +03:00
18_grant_reporting_ro.sql feat(db): grant grafana_ro read access to reporting.* (Phase 0 role) 2026-06-10 12:24:55 +03:00
19_v_ingest_health.sql feat(stack): consolidate 7→4 services (merge pollers, drop pgbouncer/grafana) 2026-06-10 21:41:05 +03:00
20_restore_live_feed.sql fix(reporting): restore live-feed cost-centre exclusion + vehicle_type (migration 20) 2026-06-10 22:36:45 +03:00
21_ingest_health_active_only.sql fix(security,ingest): 260702 audit — secure the stack, correct poller counters 2026-07-02 09:51:02 +03:00