From 860033d3de4a0b792ddaeb6dd29c0e73574c9b9e Mon Sep 17 00:00:00 2001 From: Michal Date: Sun, 19 Apr 2026 22:45:08 +0100 Subject: [PATCH] fix(db): make Secret.backendId default to empty string for rollout migration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Why: `prisma db push` refused to add the required `backendId` column on clusters with pre-existing Secret rows — it can't assign NOT NULL without a default, and the cluster DB had 9 live rows. The mcpd pod crash-looped during the Phase 0 rollout because of this. Empty-string default lets the schema apply cleanly; `bootstrapSecretBackends` (which runs on every startup) then rewrites those empty values to the seeded `default` plaintext backend's id. New writes via SecretService always carry a real FK immediately, so the empty-string state only exists during the one-shot migration window. Co-Authored-By: Claude Opus 4.7 (1M context) --- src/db/prisma/schema.prisma | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/db/prisma/schema.prisma b/src/db/prisma/schema.prisma index 17778b1..90ef49f 100644 --- a/src/db/prisma/schema.prisma +++ b/src/db/prisma/schema.prisma @@ -142,7 +142,12 @@ model SecretBackend { model Secret { id String @id @default(cuid()) name String @unique - backendId String // FK to SecretBackend — dispatches read/write + // FK to SecretBackend. Default empty string lets `prisma db push` add the + // column to pre-existing rows without a data-loss reset; `bootstrapSecretBackends` + // then points any empty-string values at the seeded `default` plaintext backend + // on next mcpd startup. New rows written by SecretService always carry a + // valid FK immediately. + backendId String @default("") data Json @default("{}") // populated by plaintext backend only externalRef String @default("") // populated by non-plaintext backends (e.g. "mount/path#v3") version Int @default(1)