Add `WithoutOverlapping` middleware to `DatabaseBackupJob` keyed by backup ID
with timeout-based lock expiry to prevent concurrent runs.
Mark long-running backup executions as failed when they exceed the stale
time threshold, and add periodic retention enforcement in
`CleanupInstanceStuffsJob` with cache-based throttling.
Also add float casts for retention max-storage fields on
`ScheduledDatabaseBackup` and comprehensive feature tests covering
overlap middleware, stale detection, casts, and retention behavior.
Using 'stub' as default would break existing installations that stored files
under the default tenantId 'storage-single-tenant' (pre-TENANT_ID era).
After upgrading, storage-api would look for files under 'stub/...' prefix
instead of 'storage-single-tenant/...', making all existing files inaccessible.
- Update Kong to 3.9.1 with new awk-based entrypoint script (replaces fragile eval/echo)
- Add request-transformer plugin to all secure Kong routes for API key translation
- Fix hide_credentials: false on REST and GraphQL routes
- Add post-function plugin on storage route for S3 presigned URL compatibility
- Add opaque API key support (SUPABASE_PUBLISHABLE_KEY, SUPABASE_SECRET_KEY)
- Update Vector router to use contains() matching for Coolify container names
- Add auto-generated self-signed TLS cert for Supavisor (fixes Supabase CLI connectivity)
- Fix logs not queryable in Studio by separating public/private Logflare access tokens
- Update image versions: Kong 3.9.1, Studio 2026.03.16, PostgREST v14.6, Storage v1.44.2, Edge Runtime v1.71.2
- Fix IMGPROXY_ENABLE_WEBP_DETECTION -> IMGPROXY_AUTO_WEBP
- Add deno-cache volume for faster Edge Function cold starts
- Make POOLER_TENANT_ID configurable
- Add start_period to Realtime and Supavisor healthchecks
- Add KONG_PROXY_ACCESS_LOG configuration
- Update SQL init scripts to use $POSTGRES_USER instead of hardcoded supabase_admin
The pinned commit hashes (00bd9272, 33cef775) are from ~Nov 2025 and
incompatible with convex npm package >=1.30, causing deploy failures
with "missing field `functions`" errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Parse `/tree/...` URLs by first capturing the full branch candidate, then
iteratively resolving valid branch names for GitHub API lookups and deriving
the remaining path as base directory. Also adjust env var editor/input view
classes (`font-sans`, `w-full`) and add/extend feature tests for both branch
parsing and multiline toggle rendering.
Covers Upgrade Livewire component mount behavior for:
- initializing latest version from cached versions data
- falling back to 0.0.0 when versions cache is unavailable
Add `monospace` prop to Textarea component so font-mono is no longer
applied by default. Apply it explicitly to env variable editors, private
key fields, and shared variable forms where monospace is appropriate.
Use Alpine.js x-data/x-model to make the multiline toggle reactive
without a full Livewire round-trip. Add wire:key on the input/textarea
wrappers to force proper DOM replacement when switching modes.
Allow SharedVariables Livewire components (Environment, Project, Server)
to accept UUID parameters directly via mount() instead of relying solely
on route parameters. This enables Livewire component testing without a
live route context.
Also adds comment field support when saving/updating server shared
environment variables, guards PostgreSQL-specific migration statements
from running under SQLite (test environment compatibility), and expands
the feature test suite with server shared variable scenarios including
inline comment preservation and update behaviour.
Extract duplicated inline StandaloneDocker attribute arrays in the
Server boot lifecycle into a dedicated method, eliminating repetition
between the root-server (id=0) and normal-server paths.
Also harden the shared_environment_variables migration by wrapping
DDL statements in DB::transaction() and using DROP CONSTRAINT IF EXISTS
to make the migration safely re-runnable.
Add unit test covering the extracted method to verify uuid is always
present in bootstrap attributes.
Replaces Model::forceCreate([...]) calls with (new Model)->forceFill([...])->save()
across SettingsBackup, Server, and User models to avoid bypassing Eloquent
model event lifecycle during record creation.
Replace all uses of `forceFill`, `forceCreate`, and `forceFill` with their
non-force equivalents across models, actions, controllers, and Livewire
components. Add explicit `$fillable` arrays to all affected Eloquent models
to enforce mass assignment protection.
Add ModelFillableCreationTest and ModelFillableRegressionTest to verify that
model creation respects fillable constraints and prevent regressions.
Clear `branches` and `total_branches_count` in `loadRepositories` to avoid stale branch data after repo refreshes. Update the Livewire view to use the shared loading button pattern for refresh/load actions, and expand feature coverage for repository refresh behavior and refresh button visibility.
Use `$this->mainServer` when resolving environment variable values across
deployment env generation (runtime, buildtime, nixpacks, args, and secrets
hash) so shared server-scoped values are applied consistently.
Also add `server_id` to `SharedEnvironmentVariable::$fillable` and normalize
the Livewire Blade file newline.
Handle database status updates more reliably by listening for `ServiceChecked`
and using explicit `refresh()` handlers in Livewire database components.
Also switch guarded clone/create paths to `forceFill`/`forceCreate` in helper
flows to avoid missing persisted attributes during app/service cloning.
Update log/terminal font stacks to Geist (with bundled variable fonts) and add
coverage for SSL status refresh, persistent volume UUID cloning, and log font
styling.
