chore: 2.0.0-alpha.9 — security & correctness hardening (Void 3.0 quick wins)
- Q3: prod void DB role NOSUPERUSER (vector marked trusted; deploy/README documents it) - Q4: buildChildEnv allow-list for the claude subprocess (no OWNER_TOKEN/DATABASE_URL/secrets leak) - Q5: pending-change approve claims-before-applying + reopens on failure (no re-approvable dup) - Q6: /capture/upload validates space_id (UUID+existence); pg pool statement_timeout 30s - Q9: disabled failing syncoid-donatello timer on Z Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
@@ -1,5 +1,18 @@
|
||||
# Deploy notes — Void 2.0
|
||||
|
||||
## DB role posture (CT 310 — `void2-db`, alpha-9+)
|
||||
- The `void` DB role is **NOSUPERUSER** (least privilege). It owns the `void` + `void_test`
|
||||
databases and the `public` schema, so it can run all migrations and the test-harness
|
||||
`resetDb` without superuser.
|
||||
- The `vector` (pgvector) extension was marked **trusted** so the non-superuser `void` role
|
||||
can `CREATE EXTENSION vector` (needed by `tests/helpers/db.js` on each reset):
|
||||
```
|
||||
echo 'trusted = true' >> /usr/share/postgresql/16/extension/vector.control
|
||||
```
|
||||
**⚠ Re-apply this after any pgvector package upgrade** (the package may overwrite the
|
||||
control file). `pgcrypto` ships trusted already.
|
||||
- Revert (emergency): as `postgres` on CT 310, `ALTER ROLE void SUPERUSER;`.
|
||||
|
||||
## App deploy (CT 311 — `void2-app`)
|
||||
|
||||
One-time setup on the target host:
|
||||
|
||||
Reference in New Issue
Block a user