Skip to content

Add SQLite-backed alerts API#273

Merged
spalen0 merged 8 commits into
mainfrom
db
Jun 15, 2026
Merged

Add SQLite-backed alerts API#273
spalen0 merged 8 commits into
mainfrom
db

Conversation

@spalen0

@spalen0 spalen0 commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • add SQLite-backed alert persistence and best-effort capture from Telegram, structured alerts, crash alerts, ops errors, and automation digests
  • add stdlib read-only alerts API plus monitoring-api systemd unit, deploy install integration, runbook docs, and retention job
  • migrate utils.cache state to SQLite with legacy text read-through, CACHE_BACKEND=file rollback, and deploy/migrate-file-cache-to-db.sh for live imports

Verification

  • uv run --extra dev ruff format .
  • uv run --extra dev ruff check .
  • uv run --extra dev mypy --explicit-package-bases utils/paths.py utils/store.py utils/cache.py utils/migrate_cache_to_db.py utils/telegram.py utils/alert.py utils/runner.py automation/runner.py api utils/prune_alerts.py
  • uv run --extra dev pytest tests/ (502 passed, 4 skipped)
  • bash -n deploy/install.sh
  • bash -n deploy/migrate-file-cache-to-db.sh
  • deploy migration wrapper smoke-tested against a temp CACHE_DIR

@spalen0 spalen0 mentioned this pull request Jun 14, 2026
Draft
spalen0 and others added 3 commits June 15, 2026 12:50
@spalen0 @claude
Harden alerts store/API: close connections, gitignore db, test isolation
348d524 
- store.py: wrap every connection in contextlib.closing so they actually
  close (sqlite3's own `with` only manages the transaction); matters for the
  long-lived API process that opened a connection per request
- .gitignore: add monitoring.db{,-wal,-shm} (+ cache-id-daily.txt, nonces.txt)
  so local/DEBUG runs don't leave committable state in the repo root
- telegram.py: drop the redundant skipped_debug delivery update; the single
  insert already records the terminal status
- api/server.py: next_cursor uses rows[-1]["id"] (rows are id DESC) instead of min()
- conftest.py: strip TELEGRAM_*/PAT_DISPATCH and force LOG_LEVEL=INFO in the
  isolation fixture so a developer's .env can't fail tests or fire live sends

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@spalen0 @claude
Add Caddy reverse proxy config for alerts API (Hetzner)
ea2f417 
- deploy/Caddyfile: auto-TLS, public GET /healthz, bearer-token gate on the
  rest, upstream timeouts to shield the stdlib server, optional rate_limit
  blocks (caddy-ratelimit plugin), env-driven domain/token/email
- alerts-api.md: Caddy install + Hetzner firewall guidance (keep 8923 local,
  allow 22/80/443 only, fail2ban, optional Cloudflare)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@spalen0 @claude
Support multiple bearer tokens for alerts API
1cdebf5 
- Caddyfile: gate /v1/* on any token in pipe-separated ALERTS_API_TOKENS via
  header_regexp, so each consumer gets its own revocable token
- alerts-api.md: document generating tokens (openssl rand -hex 32), where to
  store them (password manager + systemd override, never in git), and
  add/rotate/revoke via restart

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@spalen0 spalen0 merged commit 5209e83 into main Jun 15, 2026
2 checks passed
@spalen0 spalen0 deleted the db branch June 15, 2026 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@spalen0