edsger 0.72.3 → 0.72.4

package/dist/commands/quality-benchmark/index.d.ts

@@ -1,11 +1,10 @@
 /**
  * CLI command: `edsger quality-benchmark <productId>`
  *
- * Runs the quality-benchmark phase against the product's GitHub repo and
- * writes the resulting JSON report to disk. Persistence to the
- * `quality_reports` table is the caller's responsibility — desktop-app
- * picks the JSON up via stdout / file and writes via its supabase
- * client, exactly the same pattern used by other CLI commands.
+ * Runs the quality-benchmark phase against the product's GitHub repo,
+ * writes the resulting JSON report to disk, and persists it to the
+ * `quality_reports` table via the supabase SDK (RLS-scoped; MCP
+ * fallback when no desktop session is synced) unless --no-save.
  *
  * Default invocation (desktop): no --repo, no --branch — the CLI fetches
  * the product's GitHub config via MCP, clones (or reuses) the repo into
@@ -33,7 +32,7 @@ export interface QualityBenchmarkCliOptions {
     install?: boolean;
     output?: string;
     verbose?: boolean;
-    /** When false, skip the quality_reports/save MCP call. */
+    /** When false, skip persisting the report to quality_reports. */
     save?: boolean;
     /** Overwrite any existing report row for this (product, commit, rubric). */
     force?: boolean;

package/dist/commands/quality-benchmark/index.js

@@ -1,11 +1,10 @@
 /**
  * CLI command: `edsger quality-benchmark <productId>`
  *
- * Runs the quality-benchmark phase against the product's GitHub repo and
- * writes the resulting JSON report to disk. Persistence to the
- * `quality_reports` table is the caller's responsibility — desktop-app
- * picks the JSON up via stdout / file and writes via its supabase
- * client, exactly the same pattern used by other CLI commands.
+ * Runs the quality-benchmark phase against the product's GitHub repo,
+ * writes the resulting JSON report to disk, and persists it to the
+ * `quality_reports` table via the supabase SDK (RLS-scoped; MCP
+ * fallback when no desktop session is synced) unless --no-save.
  *
  * Default invocation (desktop): no --repo, no --branch — the CLI fetches
  * the product's GitHub config via MCP, clones (or reuses) the repo into
@@ -26,10 +25,10 @@
 import { mkdirSync, writeFileSync } from 'node:fs';
 import { dirname, resolve } from 'node:path';
 import { getGitHubConfigByProduct, getGitHubConfigByRepository, getRepositoryBasics, } from '../../api/github.js';
-import { callMcpEndpoint } from '../../api/mcp-client.js';
 import { fetchProductBasics } from '../../phases/find-shared/mcp.js';
 import { runQualityBenchmark, } from '../../phases/quality-benchmark/index.js';
 import { prepareQualityWorkspace } from '../../phases/quality-benchmark/workspace.js';
+import { saveQualityReport } from '../../services/quality-reports.js';
 import { getSupabase } from '../../supabase/client.js';
 import { logError, logInfo, logSuccess, logWarning, } from '../../utils/logger.js';
 export async function runQualityBenchmarkCli(productId, options) {
@@ -166,10 +165,12 @@ export async function runQualityBenchmarkCli(productId, options) {
     mkdirSync(dirname(outputPath), { recursive: true });
     writeFileSync(outputPath, JSON.stringify(reportEnvelope, null, 2), 'utf8');
     logSuccess(`Report written to ${outputPath}`);
-    // Persist via MCP unless the caller opted out.
+    // Persist to quality_reports unless the caller opted out. Goes through
+    // the supabase SDK directly (RLS-scoped), with an MCP fallback for
+    // sessions authorized by an MCP token only.
     if (options.save !== false) {
         try {
-            const saved = (await callMcpEndpoint('quality_reports/save', {
+            const saved = await saveQualityReport({
                 product_id: repoOnly ? null : productId,
                 repository_id: repositoryId,
                 commit_sha: outcome.commitSha,
@@ -193,14 +194,13 @@ export async function runQualityBenchmarkCli(productId, options) {
                 completed_at: outcome.completedAt,
                 duration_seconds: outcome.durationSeconds,
                 replace_existing: options.force === true,
-            }));
-            const row = JSON.parse(saved.content?.[0]?.text ?? '{}');
-            if (row.id) {
-                logSuccess(`Saved to quality_reports.id = ${row.id}`);
+            });
+            if (saved.id) {
+                logSuccess(`Saved to quality_reports.id = ${saved.id}`);
             }
         }
         catch (err) {
-            logWarning(`Failed to persist report via MCP (will keep local file): ${err instanceof Error ? err.message : String(err)}`);
+            logWarning(`Failed to persist report (will keep local file): ${err instanceof Error ? err.message : String(err)}`);
         }
     }
     logInfo(`Overall: grade ${outcome.report.overall_grade ?? '?'} (${outcome.report.overall_score ?? '?'})`);

package/dist/services/quality-reports.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Quality reports service — persists `edsger quality-benchmark` results.
+ *
+ * Writes go through the supabase SDK directly when the desktop-synced
+ * session is available (RLS gates access: product owner / active team
+ * member, or repo team access via `user_has_repository_access` for
+ * repo-only reports). Falls back to the MCP edge function
+ * (`quality_reports/save`) when no usable session is synced — e.g.
+ * standalone CLI runs authorized by an MCP token.
+ */
+export interface SaveQualityReportParams {
+    /** Product scope; null for repo-only reports. */
+    product_id: string | null;
+    /** Repository scope; required when product_id is null. */
+    repository_id: string | null;
+    commit_sha: string;
+    rubric_version: string;
+    branch?: string | null;
+    repo_root?: string | null;
+    detected_context?: unknown;
+    tool_versions?: Record<string, string>;
+    unavailable_tools?: unknown[];
+    applied_checks?: unknown;
+    tool_outputs?: Record<string, unknown>;
+    external_signals?: unknown;
+    dropped_findings?: number;
+    dimension_scores?: unknown;
+    overall_score?: number | null;
+    overall_grade?: string | null;
+    executive_summary?: string | null;
+    low_confidence?: boolean;
+    status?: string;
+    started_at?: string | null;
+    completed_at?: string | null;
+    duration_seconds?: number | null;
+    /** Delete any existing row for this (scope, commit, rubric) before insert. */
+    replace_existing?: boolean;
+}
+/**
+ * Insert a completed quality report row. Returns the new row id, or null
+ * if the saved row could not be parsed (MCP path only).
+ */
+export declare function saveQualityReport(params: SaveQualityReportParams): Promise<{
+    id: string | null;
+}>;

package/dist/services/quality-reports.js

@@ -0,0 +1,93 @@
+/**
+ * Quality reports service — persists `edsger quality-benchmark` results.
+ *
+ * Writes go through the supabase SDK directly when the desktop-synced
+ * session is available (RLS gates access: product owner / active team
+ * member, or repo team access via `user_has_repository_access` for
+ * repo-only reports). Falls back to the MCP edge function
+ * (`quality_reports/save`) when no usable session is synced — e.g.
+ * standalone CLI runs authorized by an MCP token.
+ */
+import { callMcpEndpoint } from '../api/mcp-client.js';
+import { ensureSupabaseSession, getSupabase } from '../supabase/client.js';
+/**
+ * Insert a completed quality report row. Returns the new row id, or null
+ * if the saved row could not be parsed (MCP path only).
+ */
+export async function saveQualityReport(params) {
+    const { product_id, repository_id, commit_sha, rubric_version } = params;
+    if (!product_id && !repository_id) {
+        throw new Error('Either product_id or repository_id is required');
+    }
+    if (await ensureSupabaseSession()) {
+        const supabase = getSupabase();
+        if (params.replace_existing) {
+            // Clear the existing row on the natural cache key for this report's
+            // scope. Product-scoped: UNIQUE(product_id, commit_sha, rubric_version).
+            // Repo-only: UNIQUE(repository_id, commit_sha, rubric_version) WHERE
+            // product_id IS NULL — the repo-only delete MUST also require
+            // product_id IS NULL so it never clobbers a product report of the same
+            // linked repo at this commit.
+            let del = supabase
+                .from('quality_reports')
+                .delete()
+                .eq('commit_sha', commit_sha)
+                .eq('rubric_version', rubric_version);
+            del = product_id
+                ? del.eq('product_id', product_id)
+                : del.eq('repository_id', repository_id).is('product_id', null);
+            const { error: delErr } = await del;
+            if (delErr) {
+                throw new Error(`Failed to clear existing report: ${delErr.message}`);
+            }
+        }
+        const { data: { user }, } = await supabase.auth.getUser();
+        const { data, error } = await supabase
+            .from('quality_reports')
+            .insert({
+            product_id: product_id ?? null,
+            repository_id: repository_id ?? null,
+            commit_sha,
+            rubric_version,
+            branch: params.branch ?? null,
+            repo_root: params.repo_root ?? null,
+            detected_context: params.detected_context ?? {},
+            tool_versions: params.tool_versions ?? {},
+            unavailable_tools: params.unavailable_tools ?? [],
+            applied_checks: params.applied_checks ?? {},
+            tool_outputs: params.tool_outputs ?? {},
+            external_signals: params.external_signals ?? {},
+            dropped_findings: params.dropped_findings ?? 0,
+            dimension_scores: params.dimension_scores ?? {},
+            overall_score: params.overall_score ?? null,
+            overall_grade: params.overall_grade ?? null,
+            executive_summary: params.executive_summary ?? null,
+            low_confidence: params.low_confidence ?? false,
+            status: params.status ?? 'completed',
+            started_at: params.started_at ?? null,
+            completed_at: params.completed_at ?? new Date().toISOString(),
+            duration_seconds: params.duration_seconds ?? null,
+            created_by: user?.id ?? null,
+        })
+            .select('id')
+            .single();
+        if (error) {
+            if (error.code === '23505') {
+                throw new Error(`quality report already exists for ` +
+                    `(${product_id ? 'product' : 'repository'}, commit, rubric); ` +
+                    `pass --force to overwrite`);
+            }
+            throw new Error(`Failed to save quality report: ${error.message}`);
+        }
+        return { id: data?.id ?? null };
+    }
+    // No synced session — fall back to the MCP edge function (MCP-token auth).
+    const saved = (await callMcpEndpoint('quality_reports/save', params));
+    try {
+        const row = JSON.parse(saved.content?.[0]?.text ?? '{}');
+        return { id: row.id ?? null };
+    }
+    catch {
+        return { id: null };
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "edsger",
-  "version": "0.72.3",
+  "version": "0.72.4",
   "type": "module",
   "bin": {
     "edsger": "dist/index.js"
@@ -54,8 +54,8 @@
     "commander": "^12.0.0",
     "cosmiconfig": "^9.0.0",
     "dotenv": "^16.4.5",
-    "edsger-contract": "0.9.1",
-    "edsger-tools": "0.9.1",
+    "edsger-contract": "0.9.2",
+    "edsger-tools": "0.9.2",
     "gray-matter": "^4.0.3",
     "zod": "^4.0.0"
   },