SQL Server support: portability fixes + cross-database test coverage#2235
SQL Server support: portability fixes + cross-database test coverage#2235AnuGayan wants to merge 14 commits into
Conversation
Squashes the main-sqlserver branch into a single commit: SQL Server (MSSQL) storage backend for the gateway-controller and platform-api, alongside the related gateway changes carried on the branch. Storage layer threads a lifecycle context through sql_store and centralizes the SQL Server encrypt default; the platform-api SQL Server PR-check workflow is fixed (valid env refs, secret-based SA password, readiness gated by an explicit wait step). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The SQL Server driver (go-mssqldb) was added without running 'go mod tidy', so go.sum lacked its entry and the transitive golang-sql/civil, golang-sql/sqlexp and shopspring/decimal deps. Local builds passed because go.work.sum covered them, but the Docker/CI build (module mode) failed with 'missing go.sum entry for go-mssqldb'. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
SQL Server has no LIMIT keyword and rejects boolean literals. Add DB.PaginationClause / DB.FetchFirstClause (emit OFFSET/FETCH on SQL Server, LIMIT elsewhere) and convert the ~22 LIMIT/OFFSET and LIMIT-1 repository queries to use them; single-row lookups with no natural order get 'ORDER BY (SELECT NULL)'. Replace devportal 'is_default = TRUE/FALSE' literals with bound Go bools (the driver converts per dialect). DB.Rebind only rewrites placeholders, so these were silently broken on SQL Server. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
schema.sqlserver.sql could not be created on SQL Server. Resolve the multiple-cascade-paths restriction (error 1785) by setting redundant FK edges to NO ACTION while keeping the load-bearing cascade (cleanup behaviour is preserved); change the self-referencing deployments.base_deployment_id from SET NULL to NO ACTION (self-ref cascades are illegal); add the eventhub gateway_states/events tables that were missing vs schema.postgres.sql; and remove apostrophes/semicolons from -- comments that the statement splitter mis-parses. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The gateway_states 'insert if absent' used INSERT ... ON CONFLICT DO NOTHING, which SQL Server rejects ('Incorrect syntax near ON'), breaking gateway event publishing on the deploy/undeploy path. Add ensureGatewayInsertSQL: a guarded IF NOT EXISTS with a key-range lock on SQL Server, ON CONFLICT elsewhere (mirrors the existing limitClause helper).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
New build-tagged (integration) suite under src/internal/integration runs the real schema and repository layer against SQLite, PostgreSQL and SQL Server (selected by IT_DB), covering pagination, repository lookups and delete-cascade behaviour. Compose files in platform-api/it and make targets it-sqlite/it-postgres/it-sqlserver/it-all-dbs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Real platform-api control plane + real gateway data plane on a shared database engine. run-e2e.sh drives the full scenario via the platform-api REST API (project, API, gateway, token, deploy) and asserts traffic through the gateway ingress, plus undeploy/redeploy, negative routing and (on postgres) multi-gateway fan-out and per-gateway isolation. Passes on sqlite, postgres and sqlserver. make e2e / e2e-all-dbs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
platform-api-pr-check now runs the integration harness on SQLite, PostgreSQL and a real SQL Server (the sqlserver job previously started SQL Server but still ran the SQLite-backed unit tests). New platform-api-gateway-e2e workflow builds the images and runs the combined e2e across all three databases (manual + when the e2e changes, since it builds the Envoy runtime). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
AnuGayan
requested review from
Arshardh,
CrowleyRajapakse,
HeshanSudarshana,
HiranyaKavishani,
Krishanx92,
RakhithaRR,
Tharsanan1,
VirajSalaka,
ashera96,
chamilaadhi,
dushaniw,
hisanhunais,
malinthaprasan,
pubudu538,
renuka-fernando,
senthuran16,
tgtshanika,
tharikaGitHub and
tharindu1st
as code owners
Dependency Validation ResultsDependency name: golang.org/x/crypto Dependency name: github.com/microsoft/go-mssqldb Dependency name: github.com/microsoft/go-mssqldb Dependency name: golang.org/x/crypto Dependency name: github.com/microsoft/go-mssqldb |
|
Warning Review limit reached
More reviews will be available in 50 minutes and 1 second. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
📝 WalkthroughWalkthroughThis pull request adds Microsoft SQL Server as a supported storage backend across the entire platform. The gateway-controller gains a new Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 14
🧹 Nitpick comments (1)
.github/workflows/gateway-integration-test-sqlserver.yml (1)
21-24: ⚡ Quick winAvoid a hardcoded SQL Server password in workflow env.
Line 23 currently uses a fixed value. Prefer generating this value at runtime and exporting it through
GITHUB_ENV(masked), which keeps CI config safer and reduces credential-scanner noise.Suggested update
jobs: integration-test: runs-on: ubuntu-24.04 - env: - # Used for both Compose interpolation and the runner-side sqlcmd checks below. - MSSQL_SA_PASSWORD: Gateway_Strong!Pass123 steps: + - name: Generate SQL Server password + run: | + set -euo pipefail + SA_PASSWORD="Aa1$(openssl rand -hex 16)" + echo "::add-mask::$SA_PASSWORD" + echo "MSSQL_SA_PASSWORD=$SA_PASSWORD" >> "$GITHUB_ENV" + - name: Checkout code uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/gateway-integration-test-sqlserver.yml around lines 21 - 24, The MSSQL_SA_PASSWORD in the env section is hardcoded as a fixed value which is a security concern. Remove the hardcoded MSSQL_SA_PASSWORD from the env block, then add a new step before the existing steps that generates a random/strong password at runtime and exports it to GITHUB_ENV using the ::add-mask:: and ::set-env:: syntax (or the modern echo "MSSQL_SA_PASSWORD=value" >> $GITHUB_ENV approach with masking) to ensure the password is both masked in logs and available to downstream steps.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/platform-api-gateway-e2e.yml:
- Around line 9-22: The GitHub Actions workflow is missing explicit token
permission declarations, relying on default scopes instead. Add a top-level
permissions block to the workflow file (after the on section and before or after
the concurrency section) that explicitly declares required permissions such as
contents: read. This ensures the workflow uses only the minimum necessary
permissions for its operations.
- Around line 30-40: Replace the floating action version tags with their
full-length commit SHAs for the three actions: actions/checkout@v4,
actions/setup-go@v5, and docker/setup-buildx-action@v3. Additionally, add the
persist-credentials: false parameter to the checkout action step to prevent
storing credentials in the workflow environment, reducing the attack surface if
the action repository is compromised.
In @.github/workflows/platform-api-pr-check.yml:
- Around line 41-122: The pr-check-postgres and pr-check-sqlserver jobs are
currently missing explicit permissions declarations, which causes them to
inherit default token scopes. Add a permissions block to each job (at the same
level as runs-on or env) specifying the minimal required permissions needed. For
these jobs, they need to checkout code so add permissions with contents: read at
minimum. This ensures the workflow follows the least-privilege principle by
explicitly declaring what access each job requires rather than relying on
default token scopes.
- Around line 63-70: Replace all floating action version tags with pinned commit
SHAs across all three jobs (pr-check, pr-check-postgres, and
pr-check-sqlserver). For the actions/checkout step, add persist-credentials:
false to disable token retention. For actions/setup-go, pin the floating `@v5` tag
to a specific commit SHA. Apply the same SHA pinning approach to any other
actions used in these jobs. This eliminates the use of mutable references and
reduces the attack surface by ensuring only explicitly approved action versions
can execute in the workflow.
In `@common/eventhub/sqlserver_publish_test.go`:
- Around line 123-127: The test assertion for PublishEvent with unregistered
gateway B expects an error, but the current implementation (sqlbackend.go, lines
327-332) now ensures gateway_states exists before insert, so this error will not
occur. Update the assertion to either expect successful publish for gwB since
the gateway will be automatically registered, or remove this test case and
create a separate test that validates duplicate handling by forcing a
deterministic insert failure through a different mechanism unrelated to gateway
registration.
In `@gateway/gateway-controller/pkg/storage/sql_store.go`:
- Around line 180-190: The current logic in the insert handling block (where
isUniqueViolation is checked on line 183) attempts to retry with an UPDATE
statement on line 188, but this fails for PostgreSQL and SQL Server because a
unique violation puts the transaction into an ABORTED state, causing the retry
to fail. To fix this, add a savepoint before the INSERT attempt (in the section
around line 180 where the insert sprintf is created) and then rollback to that
savepoint if a unique violation occurs, allowing the UPDATE to execute cleanly.
Apply this savepoint pattern to the three transactional call sites:
UpsertConfig, upsertResourceConfigTx, and ReplaceApplicationAPIKeyMappings, or
alternatively use dialect-specific atomic upsert syntax (like PostgreSQL's ON
CONFLICT or SQL Server's MERGE) to handle the insert-or-update operation
atomically without needing retry logic.
In `@gateway/gateway-controller/pkg/storage/sqlserver.go`:
- Around line 134-179: The initSchema() method in SQLServerStorage uses
context.Background() which has no timeout, allowing the schema initialization to
hang indefinitely if SQL Server stalls. Replace the line ctx :=
context.Background() with a context that includes an appropriate timeout
duration (use context.WithTimeout) to ensure the schema initialization,
including connection acquisition, app-lock operations, and DDL execution,
completes within a bounded time window.
- Around line 245-256: The sanitizeSQLServerDSN function currently only handles
URL-format DSNs by parsing with url.Parse, but SQL Server also supports ADO
format (server=host;user id=user;password=pass) and ODBC format
(odbc:server=host;...). Extend the sanitizeSQLServerDSN function to detect and
handle these semicolon-separated formats in addition to the existing URL
parsing. For ADO and ODBC formats, use string manipulation to find the password
field and replace its value with redacted text, ensuring passwords in all three
DSN formats are properly masked before being logged at the call site around line
126.
In `@gateway/gateway-controller/README.md`:
- Around line 161-171: The SQL Server configuration environment variables in the
README use an incorrect prefix. Replace all instances of the prefix
`APIP_GW_GATEWAY__CONTROLLER_` with `APIP_GW_CONTROLLER_` in the SQL Server
storage configuration section (the export statements for STORAGE_TYPE,
STORAGE_DATABASE_DRIVER, STORAGE_DATABASE_HOST, STORAGE_DATABASE_PORT,
STORAGE_DATABASE_DATABASE, STORAGE_DATABASE_USER, STORAGE_DATABASE_PASSWORD, and
all OPTIONS variables). This applies to all 11 environment variable exports in
that configuration block to match the controller loader's expected environment
variable contract.
In `@gateway/it/db_helpers.go`:
- Around line 205-207: The executeQuery function in the password environment
variable check hard-fails when MSSQL_SA_PASSWORD is unset, but the SQL Server
compose configuration can successfully boot with a default password, causing
inconsistency. Modify the password resolution logic to either use the same
default password value that the compose file uses (instead of returning an error
when the environment variable is empty), or ensure the password is explicitly
propagated from the compose configuration to this helper function so both use
the same value.
In `@kubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yaml`:
- Around line 81-82: The SQL Server connection configuration defaults in the
gateway-config.yaml template are currently set to insecure values: encrypt
defaults to "disable" and trust_server_certificate defaults to "true". To make
the configuration more secure by default, change the encrypt parameter default
from "disable" to a stricter value (such as "required") and change the
trust_server_certificate default from true to false. This ensures that secure
transport settings are enforced unless explicitly disabled by the user through
the coalesce function chain that checks user-provided options first.
In `@platform-api/src/internal/integration/harness_test.go`:
- Line 127: The database name in the SQL statement at line 127 is being directly
interpolated into the SQL text without escaping. This can cause SQL syntax
errors if the name contains special characters like single quotes or brackets.
Escape the name variable before using it in the fmt.Sprintf call by replacing
single quotes with doubled single quotes for the string literal part (N'%s') and
replacing brackets with doubled brackets for the identifier part ([%s]), or use
parameterized queries if SQL Server supports it for database creation
statements.
In `@tests/integration-e2e/README.md`:
- Around line 43-53: The test flow documentation in the Phase 1, Phase 2, and
Assert sections does not match the actual implementation in the run-e2e.sh
script. Review the run-e2e.sh script to identify the correct endpoint paths and
sequence, then update the documentation to replace the generic endpoint examples
(such as POST /organizations and POST /projects) with the actual endpoints used
by the script (using /api/v1/rest-apis/... paths), remove any steps that the
script doesn't execute, and correct the ingress validation endpoint to reflect
the actual host-mapped port configuration that the script uses instead of the
generic localhost:8080 reference.
In `@tests/integration-e2e/run-e2e.sh`:
- Line 14: The cd command in the script at the beginning does not have explicit
error handling, which means if the directory change fails, the script will
continue executing in the wrong working directory, causing subsequent commands
to fail unpredictably. Add error handling after the cd "$(dirname "$0")" command
to exit the script immediately if the directory change fails. This can be done
by appending an exit condition that terminates the script when cd encounters an
error.
---
Nitpick comments:
In @.github/workflows/gateway-integration-test-sqlserver.yml:
- Around line 21-24: The MSSQL_SA_PASSWORD in the env section is hardcoded as a
fixed value which is a security concern. Remove the hardcoded MSSQL_SA_PASSWORD
from the env block, then add a new step before the existing steps that generates
a random/strong password at runtime and exports it to GITHUB_ENV using the
::add-mask:: and ::set-env:: syntax (or the modern echo
"MSSQL_SA_PASSWORD=value" >> $GITHUB_ENV approach with masking) to ensure the
password is both masked in logs and available to downstream steps.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 1a5d39e6-c687-479f-9e94-e16981d093b6
⛔ Files ignored due to path filters (5)
common/go.sumis excluded by!**/*.sumgateway/gateway-controller/go.sumis excluded by!**/*.sumgo.work.sumis excluded by!**/*.sumplatform-api/src/go.sumis excluded by!**/*.sumtests/mock-servers/mock-platform-api/go.sumis excluded by!**/*.sum
📒 Files selected for processing (63)
.github/workflows/gateway-integration-test-sqlserver.yml.github/workflows/operator-integration-test.yml.github/workflows/platform-api-gateway-e2e.yml.github/workflows/platform-api-pr-check.ymlcommon/eventhub/sqlbackend.gocommon/eventhub/sqlserver_publish_test.gocommon/go.modgateway/Makefilegateway/README.mdgateway/configs/config-template.tomlgateway/docker-compose.sqlserver.yamlgateway/gateway-controller/README.mdgateway/gateway-controller/cmd/controller/main.gogateway/gateway-controller/go.modgateway/gateway-controller/pkg/config/config.gogateway/gateway-controller/pkg/config/config_test.gogateway/gateway-controller/pkg/storage/factory.gogateway/gateway-controller/pkg/storage/factory_test.gogateway/gateway-controller/pkg/storage/gateway-controller-db.sqlserver.sqlgateway/gateway-controller/pkg/storage/sql_store.gogateway/gateway-controller/pkg/storage/sqlserver.gogateway/gateway-controller/pkg/storage/sqlserver_test.gogateway/it/Makefilegateway/it/db_helpers.gogateway/it/docker-compose.test.sqlserver.yamlkubernetes/helm/gateway-helm-chart/templates/gateway/controller/deployment.yamlkubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yamlkubernetes/helm/gateway-helm-chart/values.yamlplatform-api/Dockerfileplatform-api/Makefileplatform-api/README.mdplatform-api/it/README.mdplatform-api/it/docker-compose.postgres.yamlplatform-api/it/docker-compose.sqlserver.yamlplatform-api/src/config/config.goplatform-api/src/go.modplatform-api/src/internal/database/connection.goplatform-api/src/internal/database/schema.sqlserver.sqlplatform-api/src/internal/integration/cascade_test.goplatform-api/src/internal/integration/harness_test.goplatform-api/src/internal/integration/lifecycle_test.goplatform-api/src/internal/repository/api.goplatform-api/src/internal/repository/application.goplatform-api/src/internal/repository/custom_policy.goplatform-api/src/internal/repository/deployment.goplatform-api/src/internal/repository/devportal.goplatform-api/src/internal/repository/gateway.goplatform-api/src/internal/repository/llm.goplatform-api/src/internal/repository/organization.goplatform-api/src/internal/repository/project.goplatform-api/src/internal/repository/subscription_plan_repository.goplatform-api/src/internal/repository/subscription_repository.goplatform-api/src/internal/repository/webbroker_api.goplatform-api/src/internal/repository/websub_api.gotests/integration-e2e/README.mdtests/integration-e2e/docker-compose.sqlite.yamltests/integration-e2e/docker-compose.sqlserver.yamltests/integration-e2e/docker-compose.yamltests/integration-e2e/init-db.sqltests/integration-e2e/platform-api-config.tomltests/integration-e2e/run-e2e.shtests/mock-servers/mock-platform-api/go.modtests/mock-servers/mock-platform-api/main.go
| encrypt = {{ coalesce (index $db.options "encrypt") $ss.encrypt "disable" | quote }} | ||
| trust_server_certificate = {{ (coalesce (index $db.options "trust_server_certificate") (toString (default true $ss.trust_server_certificate))) | quote }} |
There was a problem hiding this comment.
Use safer SQL Server option defaults in generated config.
Line 81 and Line 82 currently default to encrypt="disable" and trust_server_certificate="true". That makes relaxed transport settings the chart default. Please switch these defaults to stricter values and require explicit opt-out.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yaml`
around lines 81 - 82, The SQL Server connection configuration defaults in the
gateway-config.yaml template are currently set to insecure values: encrypt
defaults to "disable" and trust_server_certificate defaults to "true". To make
the configuration more secure by default, change the encrypt parameter default
from "disable" to a stricter value (such as "required") and change the
trust_server_certificate default from true to false. This ensures that secure
transport settings are enforced unless explicitly disabled by the user through
the coalesce function chain that checks user-provided options first.
Address CodeRabbit review on the new workflows: add a top-level 'permissions: contents: read' block, pin actions/checkout, actions/setup-go and docker/setup-buildx-action to full commit SHAs, and set persist-credentials: false on checkout steps. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- common/eventhub: TestSQLServerPublish_DuplicateCheckIsGatewayScoped asserted an error for an unregistered gateway, but PublishEvent ensures the gateway_states row before insert, so the publish succeeds. Verified against a real SQL Server (the test failed, then passed after the fix). Rewrite it to assert the same event_id persists independently per gateway — the actual gateway-scoping guarantee. - integration harness: validate IT_DB_NAME before interpolating it into CREATE DATABASE. - run-e2e.sh: fail fast if the initial cd fails. - e2e README: align the bootstrap steps with the actual script flow. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Dependency Validation ResultsDependency name: golang.org/x/crypto Dependency name: github.com/microsoft/go-mssqldb Dependency name: github.com/microsoft/go-mssqldb Dependency name: golang.org/x/crypto Dependency name: github.com/microsoft/go-mssqldb |
…, docs Address remaining CodeRabbit findings on the gateway SQL Server work: - sqlserver storage: bound initSchema with a 2m context so a stalled server cannot hang startup (was context.Background()). - sanitizeSQLServerDSN: also redact passwords in ADO/ODBC (semicolon) DSNs and in URL query params (password/pwd), not just URL userinfo; add a unit test covering all formats. - gateway/it db_helpers: default MSSQL_SA_PASSWORD to the compose default instead of hard-failing, so local SQL Server IT runs work without exporting it. - gateway-controller README: fix env var examples (APIP_GW_GATEWAY__CONTROLLER_* -> APIP_GW_CONTROLLER_*) to match the loader's prefix. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Dependency Validation ResultsDependency name: golang.org/x/crypto Dependency name: github.com/microsoft/go-mssqldb Dependency name: github.com/microsoft/go-mssqldb Dependency name: golang.org/x/crypto Dependency name: github.com/microsoft/go-mssqldb |
1 participant
Summary
Hardens the SQL Server storage support for platform-api and the gateway, and adds cross-database test coverage that proves it. SQL Server support existed but did not actually work end to end — this branch fixes six concrete bugs and backs them with two new test frameworks that run on SQLite, PostgreSQL and SQL Server.
Bugs fixed (all verified on a real SQL Server)
LIMITis invalid on SQL Server — repository pagination/lookup queries usedLIMIT/LIMIT ? OFFSET ?/LIMIT 1.DB.Rebindonly rewrites placeholders, so these failed at runtime. AddedDB.PaginationClause/DB.FetchFirstClause(OFFSET/FETCH on SQL Server) and converted ~22 queries.SET NULLFK. Resolved with minimalNO ACTIONedges (cleanup behaviour preserved) + comment-splitter fixes.go.sumwas missinggo-mssqldb(nogo mod tidyafter adding the driver); masked locally bygo.work.sum.INSERT … ON CONFLICT— invalid on SQL Server, broke gateway event publishing. Made dialect-aware.gateway_states/eventswere absent from the SQL Server schema, breaking live deploy/undeploy notifications.is_default = TRUE/FALSE(invalid on SQL Server) → bound Go bools.Tests added
platform-api/src/internal/integration, build tagintegration): real schema + repository layer on SQLite/PostgreSQL/SQL Server — pagination, lookups, delete cascades.make it-all-dbs.tests/integration-e2e): real control plane deploys an API to the real gateway data plane; asserts traffic through the ingress, undeploy/redeploy, negative routing, and multi-gateway fan-out + per-gateway isolation.make e2e-all-dbs.Both pass on all three databases. Several of the bugs above were found by these tests.
CI
platform-api-pr-checknow runs the harness on SQLite, PostgreSQL and a real SQL Server (the SQL Server job previously started SQL Server but still ran the SQLite-backed unit tests).platform-api-gateway-e2eworkflow builds the images and runs the combined e2e across all three databases.Verification
🤖 Generated with Claude Code