Skip to content

[infra] Add UNIQUE constraint on webhook_events.delivery_id (PRD PR-2) #43

Open
Open
[infra] Add UNIQUE constraint on webhook_events.delivery_id (PRD PR-2)#43
Labels
complexity:lowTrivial to low efforthelp wantedExtra attention is neededinfraCI, Docker, deploymentphase-2Phase 2: Feature CompletesecuritySecurity hardening

Description

@yinkscss
yinkscss
opened on Jun 18, 2026

Context

PRD v0.2 AC-F3.5 and PR-2 require deduplication via unique delivery_id on webhook_events.

Problem

migrations/001_init.sql stores delivery_id but has no UNIQUE constraint. Issue #9 covers application logic; schema must enforce at DB level.

Proposed scope

  • Add migration 002_webhook_delivery_id_unique.sql with partial unique index on delivery_id WHERE delivery_id IS NOT NULL
  • Handle conflict in gateway insert path

Acceptance criteria

  • Duplicate X-GitHub-Delivery cannot insert second row
  • Gateway returns idempotent success without second chain submission
  • Migration is backward-safe for existing rows

References

  • migrations/001_init.sql
  • crates/gateway/src/attestation.rs (persist_webhook_event)
  • docs/PRD.md (AC-F3.5, PR-2)

Metadata

Metadata

Assignees

No one assigned

    Labels

    complexity:lowTrivial to low efforthelp wantedExtra attention is neededinfraCI, Docker, deploymentphase-2Phase 2: Feature CompletesecuritySecurity hardening

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions