mirror of
https://github.com/harvard-edge/cs249r_book.git
synced 2026-05-06 17:49:07 -05:00
d8f6abae4b
Phase 3 is CODE-COMPLETE; actual D1 creation + Worker deployment
require authenticated Cloudflare credentials (user action gate per
kickoff stop-conditions).
staffml-vault-worker/
wrangler.toml — DB binding, CORS allowlist, TTL env vars,
SCHEMA_FINGERPRINT placeholder,
GRACE_WINDOW_SECONDS for cross-release
serving.
src/index.ts — 6 endpoints (manifest, questions, questions/:id,
search, stats) with ETag + cursor pagination +
SWR Cache-Control + CORS.
src/types.ts — Env binding + row shapes.
README.md — deploy-day runbook.
Key v2.1 behaviors wired:
- X-Vault-Release is INFORMATIONAL (not hard-reject) — worker serves
from release_metadata.release_id; header is SLI signal only. Fixes
Soumith H-NEW-2 local-dev + SWR revalidation brownout.
- schema_fingerprint cold-start check hashes actual sqlite_master DDL
(not metadata-vs-metadata, closes Dean N-4). On mismatch: Cache-API
read-only mode with X-Vault-Degraded header, never 5xx (closes
Chip N-H1 total-outage risk).
- Cache keys keyed by release_id → deploy-time atomic POP
invalidation (H-14).
- ETag format: '<release_id>:q:<content_hash>' — 304 support
(Soumith H-NEW-2).
- Cursor pagination via opaque base64 {offset, filter_hash} tokens
(H-20). Clients never construct cursors.
- CORS allowlist from wrangler var; no wildcard in prod.
staffml-vault-types/
index.ts — shared TS contract types; pnpm workspace
protocol between worker + site (Soumith
M-NEW-1 resolution).
package.json — @staffml/vault-types, workspace-private.
vault-cli/scripts/
emit_d1_schema.py — generates d1-schema.sql from compiler DDL;
reports SHA-256 fingerprint to paste into
wrangler.toml SCHEMA_FINGERPRINT var.
d1-schema.sql — committed schema; applied to fresh D1 via
'wrangler d1 execute <db> --file d1-schema.sql'.
Deploy-day gates (per CUTOVER_QA.md §0 and TESTING.md phase-entry):
1. License decision resolved (L-10 still OPEN).
2. wrangler d1 create staffml-vault (prod + staging) — user action.
3. Apply d1-schema.sql + seed via d1-migration.sql.
4. FTS5 load-test gate: p99 warm ≤100ms, p99 cold ≤500ms,
≤500 D1 row-reads/query (Dean N-5 cost gate).
5. Data-plane SLI crons emitting to Grafana.
39 lines
1.1 KiB
Python
39 lines
1.1 KiB
Python
#!/usr/bin/env python3
|
|
"""Emit the D1 schema DDL from the compiler module.
|
|
|
|
Output file lives at ``interviews/vault-cli/scripts/d1-schema.sql`` — committed
|
|
so ``wrangler d1 execute ... --file`` can apply it to a fresh D1 instance.
|
|
|
|
The schema fingerprint in wrangler.toml should be set to SHA-256 of the
|
|
normalized DDL (whitespace-collapsed) so the Worker's cold-start check can
|
|
verify the D1 instance matches what was published.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import hashlib
|
|
import re
|
|
import sys
|
|
from pathlib import Path
|
|
|
|
sys.path.insert(0, str(Path(__file__).resolve().parents[1] / "src"))
|
|
|
|
from vault_cli.compiler import DDL # noqa: E402
|
|
|
|
|
|
def main() -> int:
|
|
out = Path(__file__).parent / "d1-schema.sql"
|
|
out.write_text(DDL.strip() + "\n", encoding="utf-8")
|
|
|
|
normalized = re.sub(r"\s+", " ", DDL).strip()
|
|
fingerprint = hashlib.sha256(normalized.encode("utf-8")).hexdigest()
|
|
|
|
print(f"wrote {out}")
|
|
print(f"schema_fingerprint: {fingerprint}")
|
|
print(f" set SCHEMA_FINGERPRINT={fingerprint} in wrangler.toml after each DDL change.")
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|