grant/proof-of-work
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
988a3cca9a2b5a3f1ae9e3b02202b3340e80659e
proof-of-work/start9/0.4/startos/actions/verifyDatabase.ts
T
Keysat 54fa77f2eb Sessions UI, CSV parser tests, route tests, composite indexes, verify-db action 
Per-user sessions UI (Settings -> Active sessions)
- listMySessions returns the current user's still-valid sessions with
  last-8-char token suffix (UX hint) and an isCurrent flag (the
  authoritative "this device" marker).
- revokeSession refuses if the target is the actor's current token —
  use Sign out for that flow. Per-row Revoke button on every other.
- revokeAllOtherSessions = the previously-internal `deleteOtherSessions`
  helper exposed as a single button "Sign out other devices".
- All gated to the actor's own userId (never lets a user touch another
  user's sessions).

CSV parser refactor + tests
- Extracted parseCSV, NAME_MAP, parseFloatMaybe, parseIntMaybe,
  getVariationNote, resolveExerciseName, parseDate from
  app/api/import/parse/route.ts to lib/csvParser.ts. Behavior
  byte-identical; route is now a thin wrapper that imports from the
  lib.
- 18 tests covering: empty input, simple rows, lowercased headers,
  quoted-field commas, escaped double quotes, CRLF normalization,
  empty-line handling; numeric maybe-parsers; getVariationNote known
  patterns + null pass-through; ALL 27 NAME_MAP entries map to their
  canonical target; named CSV-shorthand examples; M/D/YYYY + ISO date
  parsing with noon-UTC anchoring (so US negative-offset zones still
  see the same calendar day).

Workout + exercise CRUD route tests
- New tests/routes-crud.test.ts: GET/POST /api/exercises, GET/POST
  /api/workouts. 401 on unauthenticated, per-user data isolation,
  query filtering, soft-delete exclusion, isCustom stamping, duplicate
  detection, type-driven inputFields defaults (cardio gets
  duration+calories), Zod validation rejection, set creation with
  weight/reps/rpe persisted, negative-reps rejected.
- Helper builds NextRequest objects so the routes' nextUrl.searchParams
  access works.

Composite indexes for hot query paths (schema.prisma + entrypoint)
- Session: (userId, expiresAt) for "list my still-valid sessions" and
  per-user cleanup.
- Workout: (userId, deletedAt, date) for the workout list query
  (filter by user + alive + date order).
- SetLog: (workoutId, setNumber) for the always-ordered set fetch
  under each workout.
- Existing single-column indexes kept; composites are additive.
- Entrypoint runs CREATE INDEX IF NOT EXISTS so live snapshots pick
  up the new indexes on first boot after upgrade.

verify-database StartOS action (start9/0.4/startos/actions/verifyDatabase.ts)
- Read-only. Runs PRAGMA integrity_check + quick_check + row-count
  queries against /data/app.db, reports as a structured result.
- allowedStatuses: only-running. Mounts the volume read-only.
- Use after a StartOS Backup, after a host crash, or after a fresh
  sideload to confirm the data is sound before relying on it.

Test suite now 67 tests across 7 files in ~2.4s.
2026-05-09 10:53:30 -05:00

124 lines
4.5 KiB
TypeScript
Raw Blame History

import { sdk } from '../sdk'
/**
* verify-database — StartOS Package Action.
*
* Operator confidence check. Runs SQLite's `PRAGMA integrity_check` and
* a `PRAGMA quick_check` against /data/app.db, plus a few row-count
* sanity queries. Reports the results in the StartOS UI as a
* structured `result` so the operator can spot anomalies at a glance
* without dropping into a shell.
*
* Use cases:
* - "Did the StartOS Backup last night actually capture a healthy
* DB?" (Run the action AFTER a backup completes; integrity_check
* ok means the file is consistent.)
* - "I had a power loss / the host crashed — is the DB ok?"
* - "I just sideloaded a fresh image — did the seed copy correctly?"
*
* Read-only. Safe to run while the service is running. We use
* allowedStatuses: 'only-running' so the SQL goes through the live
* service's data-mounted subcontainer rather than starting one.
*/
export const verifyDatabase = sdk.Action.withoutInput(
'verify-database',
async () => ({
name: 'Verify database integrity',
description:
"Read-only. Runs SQLite PRAGMA integrity_check + quick_check against /data/app.db and reports row counts. Useful after a backup, a host crash, or a fresh sideload.",
warning: null,
visibility: 'enabled',
allowedStatuses: 'only-running',
group: null,
}),
async ({ effects }) => {
let result = { integrity: 'unknown', quickCheck: 'unknown', counts: {} as Record<string, string> }
await sdk.SubContainer.withTemp(
effects,
{ imageId: 'main' },
sdk.Mounts.of().mountVolume({
volumeId: 'main',
subpath: null,
mountpoint: '/data',
readonly: true,
}),
'verify-database',
async (sc) => {
const sql = [
"SELECT 'integrity:' || (SELECT * FROM pragma_integrity_check LIMIT 1);",
"SELECT 'quick:' || (SELECT * FROM pragma_quick_check LIMIT 1);",
"SELECT 'count:' || 'User' || '=' || (SELECT COUNT(*) FROM User);",
"SELECT 'count:' || 'Workout' || '=' || (SELECT COUNT(*) FROM Workout WHERE deletedAt IS NULL);",
"SELECT 'count:' || 'Exercise' || '=' || (SELECT COUNT(*) FROM Exercise);",
"SELECT 'count:' || 'SetLog' || '=' || (SELECT COUNT(*) FROM SetLog);",
"SELECT 'count:' || 'Session' || '=' || (SELECT COUNT(*) FROM Session WHERE expiresAt > CURRENT_TIMESTAMP);",
].join('\n')
const res = await sc.execFail(['sqlite3', '/data/app.db'], { input: sql }, 60_000)
const lines = res.stdout
.toString()
.split('\n')
.map((s) => s.trim())
.filter(Boolean)
for (const line of lines) {
if (line.startsWith('integrity:')) {
result.integrity = line.slice('integrity:'.length)
} else if (line.startsWith('quick:')) {
result.quickCheck = line.slice('quick:'.length)
} else if (line.startsWith('count:')) {
const [name, value] = line.slice('count:'.length).split('=')
if (name && value !== undefined) {
result.counts[name] = value
}
}
}
},
)
const ok = result.integrity === 'ok' && result.quickCheck === 'ok'
return {
version: '1',
title: ok ? 'Database is healthy' : 'Database integrity issues detected',
message: ok
? 'integrity_check + quick_check both returned ok. Row counts below.'
: `integrity_check returned: ${result.integrity}; quick_check returned: ${result.quickCheck}. Investigate before relying on the next backup.`,
result: {
type: 'group',
value: [
{
type: 'single',
name: 'integrity_check',
description: 'PRAGMA integrity_check result. Should be "ok".',
value: result.integrity,
copyable: false,
qr: false,
masked: false,
},
{
type: 'single',
name: 'quick_check',
description: 'PRAGMA quick_check result. Should be "ok".',
value: result.quickCheck,
copyable: false,
qr: false,
masked: false,
},
...Object.entries(result.counts).map(([name, value]) => ({
type: 'single' as const,
name: `${name} rows`,
description: name === 'Session' ? 'Active (unexpired) sessions.' : null,
value,
copyable: false,
qr: false,
masked: false,
})),
],
},
}
},
)
Reference in New Issue View Git Blame Copy Permalink