Skip to content

Lovable sync 1777298482#84

Closed
adm01-debug wants to merge 33 commits into
mainfrom
lovable-sync-1777298482
Closed

Lovable sync 1777298482#84
adm01-debug wants to merge 33 commits into
mainfrom
lovable-sync-1777298482

Conversation

@adm01-debug
Copy link
Copy Markdown
Owner

@adm01-debug adm01-debug commented Apr 30, 2026

📋 Descrição

🎯 Tipo de mudança

  • 🚀 feat — nova funcionalidade
  • 🐛 fix — correção de bug
  • ♻️ refactor — refatoração (sem mudança de comportamento)
  • 🔧 chore — manutenção, deps, config
  • 📚 docs — documentação
  • 🚨 hotfix — correção urgente em produção

🌐 Sistemas afetados

  • Bitrix24 (CRM, SPAs, BizProc)
  • Supabase (DB, Edge Functions, RLS, migrations)
  • n8n (workflows)
  • Evolution API / WhatsApp
  • Bling (NFe, OAuth)
  • Cloudflare (Workers, Images, Tunnels)
  • Frontend (UI, dashboards)
  • Outro: ____

🧪 Como testar

✅ Checklist pré-merge

  • Sem secrets, tokens ou credenciais hardcoded
  • Variáveis de ambiente novas documentadas
  • Migrations com backup em _backup_*_YYYYMMDD se destrutivas
  • Testado em ambiente local ou staging quando aplicável
  • Sem console.log com payloads sensíveis
  • CodeRabbit revisou o PR

🔄 Plano de rollback

🔗 Issues relacionadas

lovable-dev Bot and others added 30 commits April 27, 2026 13:35
@lovable-dev @adm01-debug
Changes
68853ef 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Reforçou gate de typecheck no CI
cd97caa 
X-Lovable-Edit-ID: edt-1117f999-7cd9-4ec2-862e-cc615534245e
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
8067b0b 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
8dae703 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
e5d862f 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
3b02a0a 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Adicionou gate de npm audit CI
31f5919 
X-Lovable-Edit-ID: edt-b5dd2279-0eb2-489d-850c-77feb2340fda
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
7bb5bd9 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
6c79bb8 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
905676f 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
035ba00 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
93efe74 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
335b325 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Implementou MFA enforcement
6284f98 
X-Lovable-Edit-ID: edt-46a5e5e9-6a5f-4c64-b846-ba5ac1ab6d5d
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
d795848 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
e9a0d95 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
d1b03e4 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
0b652a3 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
f07a4c5 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
a1e404c 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
a44f22b 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
1f9e1a1 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
97cf441 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
2f3c3c6 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
b59105f 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
bd23e56 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Instrumentou rotas críticas
21a24a6 
X-Lovable-Edit-ID: edt-431b9f06-e566-45ed-97cc-1b657acb52a8
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
942c20f 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
6321605 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
548aa73 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
lovable-dev Bot and others added 3 commits April 27, 2026 14:00
@lovable-dev @adm01-debug
Changes
5217c37 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Changes
23c78eb 
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
@lovable-dev @adm01-debug
Configurou alertas de webhooks
69b53fb 
X-Lovable-Edit-ID: edt-e844ac62-d9ed-47e9-ad5b-94dcdd8e899d
Co-authored-by: adm01-debug <231131902+adm01-debug@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 30, 2026 21:23
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 30, 2026

Warning

Rate limit exceeded

@adm01-debug has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 12 minutes and 16 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d324b135-3cb1-4e08-802a-570ed2f7b119

📥 Commits

Reviewing files that changed from the base of the PR and between b26a8c6 and 69b53fb.

📒 Files selected for processing (12)
  • .github/workflows/ci.yml
  • .security/npm-audit-baseline.json
  • docs/observability/webhook-alerts-spec.sql
  • docs/observability/webhook-alerts.md
  • scripts/check-client-structured-logging.mjs
  • scripts/check-npm-audit.mjs
  • src/hooks/useSecretsManager.ts
  • src/hooks/useStepUpAuth.ts
  • src/pages/public-approval/usePublicQuoteApproval.ts
  • supabase/functions/_shared/authorize.ts
  • supabase/functions/tests/authorize-mfa_test.ts
  • supabase/functions/webhook-alerts-monitor/index.ts

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1) 
Validation error: String must contain at most 250 character(s) at "tone_instructions"
⚙️ Configuration instructions
  • Please see the configuration documentation for more information.
  • You can also validate your configuration using the online YAML validator.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch lovable-sync-1777298482

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 12 minutes and 16 seconds.

Comment @coderabbitai help to get the list of available commands and usage tips.

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 69b53fb220

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread supabase/functions/webhook-alerts-monitor/index.ts
Comment on lines +1 to +3
/**
* webhook-alerts-monitor
* ----------------------------------------------------------------
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add new edge function to authz manifest

This commit introduces webhook-alerts-monitor but does not add it to supabase/functions/_shared/edge-authz-manifest.ts, which makes the existing CI gate fail closed (node scripts/check-edge-authorization.mjs reports Edge function "webhook-alerts-monitor" não está declarada). As a result, PRs containing this change will fail the authorization coverage check until the function is registered with the correct category/enforcement metadata.

Useful? React with 👍 / 👎.

Copilot AI reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Introduz observabilidade e gates de segurança/telemetria: um monitor cron para métricas de webhooks com alertas no Sentry, enforcement de MFA no helper SSOT de autorização das edge functions, e novos gates de CI (npm audit baseline + structured logging no client).

Changes:

  • Adiciona edge function webhook-alerts-monitor + documentação/spec SQL para detecção de falhas/spikes de webhooks e envio de eventos ao Sentry.
  • Estende _shared/authorize.ts com enforcement de MFA (AAL2 ou step-up token) e adiciona testes unitários Deno para os cenários críticos.
  • Instrumenta rotas críticas no client com createClientLogger + propagação de headers e adiciona gates de CI para npm audit baseline e structured logging no client.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 10 comments.

Show a summary per file
File Description
supabase/functions/webhook-alerts-monitor/index.ts Nova edge function cron para detectar alertas de webhook e enviar eventos ao Sentry.
supabase/functions/_shared/authorize.ts Adiciona opções/fluxo de MFA (AAL2 ou step-up token) ao SSOT de autorização.
supabase/functions/tests/authorize-mfa_test.ts Testes unitários do enforcement de MFA e do decoder de claims usado no fluxo.
src/pages/public-approval/usePublicQuoteApproval.ts Propaga request_id e adiciona logs estruturados nas chamadas à edge quote-public-view.
src/hooks/useStepUpAuth.ts Propaga request_id e adiciona logs estruturados no fluxo step-up (request/password/otp/cancel).
src/hooks/useSecretsManager.ts Adiciona logs estruturados e melhora classificação de sucesso/erro para métricas do secrets-manager.
scripts/check-npm-audit.mjs Novo gate CI para bloquear vulnerabilidades novas acima do threshold vs baseline.
scripts/check-client-structured-logging.mjs Novo gate CI para garantir logger estruturado + propagação de headers em rotas críticas do client.
docs/observability/webhook-alerts.md Documenta thresholds, tags/fingerprint no Sentry e setup de cron/secret.
docs/observability/webhook-alerts-spec.sql Spec “SSOT” das queries de detecção (read-only) para webhook alerts.
.security/npm-audit-baseline.json Baseline inicial para o gate de npm audit.
.github/workflows/ci.yml Troca `npm audit

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread supabase/functions/webhook-alerts-monitor/index.ts
Comment on lines +4 to +7
* Cron-driven monitor que executa as queries de detecção definidas em
* docs/observability/webhook-alerts-spec.sql sobre `webhook_delivery_metrics`
* e dispara eventos Sentry quando um threshold é atingido.
*
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

O header do arquivo diz que o monitor executa as queries SSOT de docs/observability/webhook-alerts-spec.sql, mas a implementação faz .select(...).gte(...) e agrega em memória. Isso cria divergência (spec SQL pode mudar e o runtime não acompanha). Sugestão: ou implementar a detecção via SQL (view/RPC) baseada no spec, ou ajustar o comentário/docs para refletir que a SSOT é o código TS (e manter o spec SQL como referência apenas).

Suggested change
* Cron-driven monitor que executa as queries de detecção definidas em
* docs/observability/webhook-alerts-spec.sql sobre `webhook_delivery_metrics`
* e dispara eventos Sentry quando um threshold é atingido.
*
* Cron-driven monitor que consulta `webhook_delivery_metrics` via supabase-js,
* aplica a lógica de detecção/thresholds em código TypeScript e dispara eventos
* Sentry quando um threshold é atingido.
*
* Observação: `docs/observability/webhook-alerts-spec.sql` é mantido como
* referência documental da estratégia de detecção; a fonte de verdade do
* comportamento em runtime deste monitor é a implementação neste arquivo.
*

Copilot uses AI. Check for mistakes.
Comment thread supabase/functions/webhook-alerts-monitor/index.ts
Comment on lines +239 to +256
for (const a of alerts) {
const ok = await sendToSentry(a, requestId);
if (ok) {
sent++;
log.warn("alert_dispatched", {
alert: a.alert_id,
source: a.source,
direction: a.direction,
severity: a.severity,
});
} else {
skipped++;
log.warn("alert_skipped_no_sink", {
alert: a.alert_id,
source: a.source,
direction: a.direction,
});
}
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sendToSentry() retorna apenas boolean e no loop qualquer false é logado como alert_skipped_no_sink. Isso conflui casos diferentes (DSN ausente, DSN inválida, fetch falhou/429/5xx) e pode mascarar uma pane no sink. Sugestão: retornar um status/enum (ex.: no_dsn | invalid_dsn | http_failed | sent) e logar error quando havia DSN mas o POST falhou, incluindo status/body (c/ truncation).

Copilot uses AI. Check for mistakes.
Comment thread .security/npm-audit-baseline.json
@@ -0,0 +1 @@
{"$schema":"./baseline.schema.json","generatedAt":null,"threshold":"high","knownAdvisories":[],"notes":"Atualize com UPDATE_BASELINE=1 node scripts/check-npm-audit.mjs após revisar cada CVE."}
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

O baseline foi commitado com generatedAt: null e sem a estrutura gerada pelo próprio gate (pretty JSON + timestamp ISO). Como o script já tem UPDATE_BASELINE=1 para gerar o formato canônico, vale atualizar este arquivo usando o script para evitar confusão e garantir que o baseline refletirá exatamente o filtro aplicado (threshold/omit=dev).

Suggested change
{"$schema":"./baseline.schema.json","generatedAt":null,"threshold":"high","knownAdvisories":[],"notes":"Atualize com UPDATE_BASELINE=1 node scripts/check-npm-audit.mjs após revisar cada CVE."}
{
"$schema": "./baseline.schema.json",
"generatedAt": "2026-04-30T00:00:00.000Z",
"threshold": "high",
"knownAdvisories": [],
"notes": "Atualize com UPDATE_BASELINE=1 node scripts/check-npm-audit.mjs após revisar cada CVE."
}

Copilot uses AI. Check for mistakes.
Comment thread supabase/functions/webhook-alerts-monitor/index.ts
Comment on lines +212 to +224
const supabaseUrl = Deno.env.get("SUPABASE_URL");
const serviceKey = Deno.env.get("SUPABASE_SERVICE_ROLE_KEY");
if (!supabaseUrl || !serviceKey) {
log.error("monitor_misconfigured", { reason: "missing_service_role" });
return new Response(JSON.stringify({ error: "misconfigured" }), {
status: 500,
headers: { ...cors, "Content-Type": "application/json" },
});
}

const supabase = createClient(supabaseUrl, serviceKey, {
auth: { persistSession: false },
});
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Este endpoint não faz nenhum gate de autenticação/segredo (qualquer caller com acesso à URL pode disparar leitura via service_role e potencialmente gerar ruído no Sentry). Como ele usa SUPABASE_SERVICE_ROLE_KEY internamente, recomendo exigir um secret dedicado (ex.: X-Cron-Secret comparado com Deno.env.get("WEBHOOK_ALERTS_MONITOR_SECRET")) e retornar 401/403 se faltar/for inválido, antes de criar o client com service_role.

Copilot uses AI. Check for mistakes.
Comment thread supabase/functions/webhook-alerts-monitor/index.ts
Comment on lines +216 to +263
return new Response(JSON.stringify({ error: "misconfigured" }), {
status: 500,
headers: { ...cors, "Content-Type": "application/json" },
});
}

const supabase = createClient(supabaseUrl, serviceKey, {
auth: { persistSession: false },
});

let alerts: DetectedAlert[] = [];
try {
alerts = await detect(supabase);
} catch (err) {
log.error("monitor_detect_failed", { err: String(err) });
return new Response(JSON.stringify({ error: "detect_failed" }), {
status: 500,
headers: { ...cors, "Content-Type": "application/json" },
});
}

let sent = 0;
let skipped = 0;
for (const a of alerts) {
const ok = await sendToSentry(a, requestId);
if (ok) {
sent++;
log.warn("alert_dispatched", {
alert: a.alert_id,
source: a.source,
direction: a.direction,
severity: a.severity,
});
} else {
skipped++;
log.warn("alert_skipped_no_sink", {
alert: a.alert_id,
source: a.source,
direction: a.direction,
});
}
}

log.info("monitor_ok", { detected: alerts.length, sent, skipped });
return new Response(
JSON.stringify({ detected: alerts.length, sent, skipped, alerts }),
{ status: 200, headers: { ...cors, "Content-Type": "application/json" } },
);
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

O createStructuredLogger expõe log.respond(res) para anexar X-Request-Id e emitir request_end com status/duração; aqui as respostas são retornadas diretamente com new Response(...). Para manter a correlação e o evento final (especialmente em cron/monitoring), envolva os return new Response(...) com return log.respond(...) (inclusive nos early-returns de erro).

Copilot uses AI. Check for mistakes.
Comment thread scripts/check-client-structured-logging.mjs
Comment on lines +76 to +85
const invokesEdge = /supabase\.functions\.invoke\s*\(/.test(content);
if (!invokesEdge) continue; // arquivo não chama edge → fora de escopo

const usesLogger = /createClientLogger\s*\(/.test(content);
const propagatesHeaders =
/log\.headers\s*\(\s*\)/.test(content) ||
/REQUEST_ID_HEADER/.test(content);

if (usesLogger && propagatesHeaders) continue; // ✅

Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Este gate afirma que “toda invocação” de supabase.functions.invoke(...) deve propagar headers: log.headers(), mas o critério implementado só verifica se o arquivo contém createClientLogger( e log.headers() em QUALQUER lugar. Um arquivo pode ter múltiplas invocações e ainda passar mesmo com algumas chamadas sem headers. Sugestão: iterar por ocorrências de supabase.functions.invoke( e validar por chamada (heurística por bloco/linha) ou pelo menos exigir que TODAS as ocorrências contenham headers: próximo da invocação.

Copilot uses AI. Check for mistakes.
Comment thread scripts/check-client-structured-logging.mjs
Comment on lines +22 to +24
import { resolve, dirname, relative } from 'node:path';
import { fileURLToPath } from 'node:url';
import { execSync } from 'node:child_process';
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Imports relative e execSync não são usados neste script. Remover evita ruído e ajuda a manter o gate mínimo e fácil de auditar (especialmente por ser um script de CI).

Suggested change
import { resolve, dirname, relative } from 'node:path';
import { fileURLToPath } from 'node:url';
import { execSync } from 'node:child_process';
import { resolve, dirname } from 'node:path';
import { fileURLToPath } from 'node:url';

Copilot uses AI. Check for mistakes.
Comment thread scripts/check-npm-audit.mjs
Comment on lines +81 to +83
if (parsed && parsed.error && parsed.message?.includes('operation is not supported')) {
return { ok: false, reason: 'sandbox-unsupported', sandboxUnsupported: true };
}
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A detecção de ambiente “sandbox-unsupported” checa parsed.message, mas no JSON do npm audit --json os detalhes do erro normalmente ficam em parsed.error.summary/parsed.error.detail. Do jeito que está, esse branch tende a nunca disparar e o script pode seguir sem emitir o warning esperado. Sugestão: checar também parsed.error?.summary e parsed.error?.detail (e eventualmente res.stderr) por essas mensagens/códigos (ex.: ENOAUDIT/404).

Suggested change
if (parsed && parsed.error && parsed.message?.includes('operation is not supported')) {
return { ok: false, reason: 'sandbox-unsupported', sandboxUnsupported: true };
}
const auditErrorText = [
parsed?.message,
parsed?.error?.code,
parsed?.error?.summary,
parsed?.error?.detail,
res.stderr,
]
.filter(Boolean)
.join('\n')
.toLowerCase();
if (
parsed?.error &&
(
auditErrorText.includes('operation is not supported') ||
auditErrorText.includes('enoaudit') ||
(
auditErrorText.includes('404') &&
(
auditErrorText.includes('audit') ||
auditErrorText.includes('not found') ||
auditErrorText.includes('not support')
)
)
)
) {
return { ok: false, reason: 'sandbox-unsupported', sandboxUnsupported: true };
}

Copilot uses AI. Check for mistakes.
Comment thread docs/observability/webhook-alerts.md
Comment on lines +47 to +58
3. **Cron**: registrar via `supabase--insert` em `cron.schedule`:
```sql
select cron.schedule(
'webhook-alerts-monitor',
'*/1 * * * *',
$$
select net.http_post(
url := '<SUPABASE_URL>/functions/v1/webhook-alerts-monitor',
headers := jsonb_build_object(
'Content-Type','application/json',
'Authorization','Bearer <ANON_KEY>'
),
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

O exemplo de cron usa Authorization: Bearer <ANON_KEY>, mas ANON_KEY é público e não autentica o caller. Como a edge function usa service_role internamente (bypass RLS) e pode disparar alertas, isso deveria ser protegido com um secret dedicado (header tipo X-Cron-Secret) ou outra forma de autenticação não-pública; atualize o exemplo para refletir esse gate.

Copilot uses AI. Check for mistakes.
Comment thread docs/observability/webhook-alerts.md
Comment on lines +24 to +26
Para alterar thresholds, edite as constantes no topo de
`webhook-alerts-monitor/index.ts` (SSOT do runtime) e os defaults no
spec SQL.
Copy link

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aqui o doc diz que o spec SQL tem “defaults” e que o runtime é SSOT no TS; porém a função TS atualmente não executa o spec SQL (faz agregação em memória). Para evitar drift, ou alinhe o runtime para executar o spec, ou ajuste este parágrafo para não sugerir que alterar o spec SQL afetará o comportamento do monitor.

Suggested change
Para alterar thresholds, edite as constantes no topo de
`webhook-alerts-monitor/index.ts` (SSOT do runtime) e os defaults no
spec SQL.
Para alterar thresholds do monitor, edite as constantes no topo de
`webhook-alerts-monitor/index.ts` (SSOT do runtime). O spec SQL é apenas uma
referência documental no estado atual e deve ser mantido em sincronia
manualmente, sem afetar o comportamento do monitor.

Copilot uses AI. Check for mistakes.
@adm01-debug Claude
Copy link
Copy Markdown
Owner Author

adm01-debug commented May 6, 2026

@coderabbitai full review

Generated by Claude Code

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 6, 2026

Your organization has reached its limit of developer seats under the Pro Plan. In order to use the Chat feature, please assign a seat to the PR author after buying additional seats by visiting https://app.coderabbit.ai/login

@adm01-debug
Copy link
Copy Markdown
Owner Author

adm01-debug commented May 8, 2026

🚪 Fechando — sync do Lovable, feature descontinuada.

Decisão de produto registrada na sessão de 08/05/2026: o Lovable foi descontinuado. Não vamos mais aplicar syncs do Lovable bot porque:

  1. Lovable está sendo migrado pro Supabase próprio na Fase 3 da auditoria
  2. Os 18.451 commits do Lovable bot (gpt-engineer-app) já catalogados em F1-9 — incluindo 20 commits "Reverted to commit X" — confirmaram a estratégia de sair
  3. PRs de sync do Lovable agora introduzem ruído no repo sem benefício

Se algum dos arquivos desse sync for genuinamente útil (ex: novos scripts em scripts/, observability docs), a recomendação é cherry-pick manual em PR separado pra não puxar os outros arquivos junto.

— Claude (sessão de housekeeping de PRs, 08/05/2026)

@adm01-debug adm01-debug closed this May 8, 2026
adm01-debug added a commit that referenced this pull request May 8, 2026
@adm01-debug
docs(sessao): registra housekeeping de PRs de 08/05/2026 (v1.9)
6fb04c1 
Documenta a sessão de housekeeping de PRs onde foram:
- Criados PRs #99 (cleanup pedidos F1-5.3) e #101 (fix CI)
- Fechados #82 e #84 (Lovable obsoleto)
- Comentado #83 (recomendação de fechar)
- Aplicados 3 fixes do CodeRabbit/Codex/Copilot ao PR #99
- Mapeados 7 PRs Dependabot pendentes de decisão

Adiciona:
- docs/sessoes/2026-05-08-housekeeping-prs.md (novo, 293 linhas)
  Relatório completo destinado a próximo Claude pra retomar contexto
  rapidamente. Inclui TL;DR, estado dos PRs antes/depois, descrição
  detalhada de cada PR, achados técnicos (8 pegadinhas catalogadas),
  estado do repo, handoff pra próxima sessão.

- Entrada v1.9 no Changelog do AUDITORIA_2026-05-07.md
  Resumo executivo da sessão com link pro relatório completo.
@adm01-debug adm01-debug deleted the lovable-sync-1777298482 branch May 9, 2026 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adm01-debug