fix(api,web): resolve RLS context SQL error, workspace guard crash, and projects response unwrapping #531

jason.woltje · 2026-02-27T04:05:03Z

jason.woltje commented

2026-02-27 04:05:03 +00:00

Summary

Three runtime bugs found during production site testing at mosaic.woltje.com:

RLS context SQL error (500 on /api/tasks): used with Prisma tagged templates, producing parameterized SQL () that PostgreSQL rejects. Changed to matching the pattern already used in .
WorkspaceGuard crash (500 on GET requests): accessed without null-checking , causing TypeError on GET requests. Added runtime type guard.
Projects page crash (): expected a raw array but the API returns paginated wrapper. Added unwrapping. Affects Projects, Workspace, and Kanban pages.

Test plan

Prisma service unit tests pass (16/16)
Workspace guard unit tests pass (14/14)
Web and API typecheck clean
Lint passes with zero warnings
Verify /api/tasks returns 200 after deploy
Verify Projects, Workspace, Kanban pages load without crash
Verify File Manager loads without crash

🤖 Generated with Claude Code

## Summary Three runtime bugs found during production site testing at mosaic.woltje.com: - **RLS context SQL error (500 on /api/tasks)**: used with Prisma tagged templates, producing parameterized SQL () that PostgreSQL rejects. Changed to matching the pattern already used in . - **WorkspaceGuard crash (500 on GET requests)**: accessed without null-checking , causing TypeError on GET requests. Added runtime type guard. - **Projects page crash ()**: expected a raw array but the API returns paginated wrapper. Added unwrapping. Affects Projects, Workspace, and Kanban pages. ## Test plan - [x] Prisma service unit tests pass (16/16) - [x] Workspace guard unit tests pass (14/14) - [x] Web and API typecheck clean - [x] Lint passes with zero warnings - [ ] Verify /api/tasks returns 200 after deploy - [ ] Verify Projects, Workspace, Kanban pages load without crash - [ ] Verify File Manager loads without crash 🤖 Generated with [Claude Code](https://claude.com/claude-code)

jason.woltje added 1 commit 2026-02-27 04:05:04 +00:00

fix(api,web): resolve RLS context SQL error, workspace guard crash, and projects response unwrapping

ci/woodpecker/push/api Pipeline was successful

Details

ci/woodpecker/push/web Pipeline was successful

Details

07f507585f

Three runtime bugs found during production site testing:

1. PrismaService.setWorkspaceContext used SET LOCAL with Prisma tagged templates,
   which produces parameterized SQL ($1) that PostgreSQL rejects in SET statements.
   Changed to set_config() which safely accepts parameterized values — matching
   the pattern already used in RlsContextInterceptor.

2. WorkspaceGuard.extractWorkspaceId accessed request.body.workspaceId without
   null-checking body, causing TypeError on GET requests where body is undefined.
   Added runtime type guard with explicit cast.

3. fetchProjects() cast the API response as Project[] but the backend returns
   { data: Project[], meta: {...} } paginated wrapper. Added response.data
   unwrapping to match the actual API contract.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

jason.woltje merged commit e3cba37e8c into main

2026-02-27 04:18:35 +00:00

jason.woltje deleted branch fix/api-rls-and-projects-response

2026-02-27 04:18:36 +00:00

jason.woltje referenced this issue from a commit

2026-02-27 04:18:37 +00:00

fix(api,web): resolve RLS context SQL error, workspace guard crash, and projects response unwrapping (#531)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#531