Add architecture blueprint, DB schema, API design, and codebase structure for scan.run#2
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f0b7dd58b7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| CREATE TABLE users ( | ||
| id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), | ||
| email CITEXT UNIQUE NOT NULL, |
There was a problem hiding this comment.
The schema defines users.email as CITEXT, but this file only enables uuid-ossp; on a clean PostgreSQL instance this will fail at table creation with a type "citext" does not exist error. Because this script is presented as a full reference schema, missing CREATE EXTENSION IF NOT EXISTS citext; makes initial provisioning and migrations fail unless operators add undocumented manual setup steps.
Useful? React with 👍 / 👎.
| project_id UUID NOT NULL REFERENCES projects(id) ON DELETE CASCADE, | ||
| domain_id UUID NOT NULL REFERENCES domains(id) ON DELETE CASCADE, |
There was a problem hiding this comment.
scan_jobs includes tenant_id, but project_id and domain_id each reference only the global id, so the database can accept a row where the scan's tenant differs from the referenced project/domain tenant. That breaks tenant isolation guarantees and can mix data across accounts (e.g., reporting or billing against another tenant's assets). Enforce composite tenant-scoped keys (e.g., (tenant_id, id)) and matching composite foreign keys to prevent cross-tenant linkage.
Useful? React with 👍 / 👎.
1 participant
Motivation
scan.runcovering architecture, security, and operational constraints to guide development from MVP to enterprise scale.Description
README.mddescribing product goals, pricing, and links to implementation docs.docs/architecture.mdwith service boundaries, queue/worker model, technology stack, deployment and security controls for isolated scanning.docs/database_schema.sqlcontaining a reference PostgreSQL schema for tenants, users, projects, domains and verification, subscriptions, credit ledger, scan jobs/executions, findings, report snapshots/exports, API keys, audit logs, and rate-limit counters.docs/api.mddescribing public and internal API endpoints (auth, tenants, projects/domains, scans, reports, billing, webhooks) anddocs/codebase-structure.mdoutlining an opinionated monorepo layout and extensibility patterns.Testing
Codex Task