Import apply — three modes, transactional, both engines, user_id re-scoping #318
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol#318
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Child of #286 (import apply — third slice).
Apply a previewed import archive in a single transaction, all-or-nothing.
Scope
POST /api/import(multipart: file +mode+ confirm) → applies in one transaction, returns a result summary. Re-sends the same file (no server-side staging to expire).user_id— every imported row is re-scoped to the authenticated importer (prevents cross-user injection).db.transaction()through the DB abstraction; must pass on SQLite and Postgres. Per the ADR (ticket 5), the both-engine test for this path runs against a temp file-backed SQLite DB (notsqlite::memory:), superseding the libsql in-memory transaction caveat atapps/api/db/repositories/skill-sections.ts.media/*blobs to the importer's storage paths.Depends on the parser/validator from ticket 2.