Skip to content

Backend migration: immerSIR (new-frontend) backend → production#43

Merged
immerSIR merged 1 commit into
223MapAction:mainfrom
immerSIR:prod-migration
Jul 1, 2026
Merged

Backend migration: immerSIR (new-frontend) backend → production#43
immerSIR merged 1 commit into
223MapAction:mainfrom
immerSIR:prod-migration

Conversation

@immerSIR

@immerSIR immerSIR commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Backend migration: immerSIR (new-frontend) version → production

Replaces the app code with the immerSIR backend that the new frontend was built and validated against, keeping 223MapAction's deploy infra untouched (.github/workflows, Dockerfile, services/, entrypoint.sh, _cd_pipeline.yml, docker-compose.local.yml).

What's included

  • Full RBAC (super_admin / org_admin / bureau_agent / field_agent) with org-scoped visibility.
  • Impact dashboard (/impact, /impact/incidents) powered by the AI predictions, role-scoped.
  • Field-agent flow: phone+PIN login, incident assignments, field reports.
  • Collaboration overhaul + real-time WebSockets (channels + redis==5.0.8 pin) for discussion/tasks/notifications/activity-feed.
  • AI prediction + chat wiring; notifications with structured type/title/link.
  • Security: /user/<id>/ auth + role-gated (was fully public); assorted permission fixes.
  • UUID primary keys + tables in the public schema (search_path=public).
  • SMS OTP via Twilio — integrates this repo's orange → twilio change.

Database (already migrated — do this is done, not part of the merge)

The production Supabase project now has a public schema holding the merged dataset (existing prod data ∪ the dev/test data), rekeyed to UUID, with our migration state loaded. The old extensions schema is left intact as a live fallback. RLS is enabled on all public tables (app connects as postgres/owner → bypasses; blocks the public anon API).

Deploy is safe

  • migrate on deploy is a no-op (migration state already applied in the merged DB).
  • App connects as postgres (verified sole login role, owns the tables, BYPASSRLS).
  • Redis/Celery/Channels default to redis://redis-server:6379/0 (matches the compose service).

Post-deploy checklist

  • Verify the app boots and serves /MapApi/ against public.
  • Confirm AWS secrets MODEL_DEPLOY_ANALYZE_URL=…/analyze/upload and MODEL_DEPLOY_CHAT_URL=…/chat (NOT /api1/…) — same bug fixed elsewhere; predictions/chat fail silently otherwise.
  • Confirm TWILIO_* and EMAIL_* secrets are set (SMS OTP + emails).
  • Once verified, drop the old extensions schema.

Note: a few dev test incidents reference the dev project's storage bucket, so those specific test photos 404 in prod — prod incidents are unaffected.

Replaces the app code (Mapapi/, backend/, template/, requirements.txt) with the
immerSIR dev version validated against the new frontend, keeping 223MapAction's
deploy infra (.github/workflows, Dockerfiles, entrypoint.sh, _cd_pipeline.yml,
services/, docker-compose.local.yml) untouched.

Includes: full RBAC (super_admin/org_admin/bureau/field roles), impact dashboard
(/impact, /impact/incidents), field-agent flow (PIN login, assignments, field
reports), collaboration overhaul + real-time WebSockets (channels + redis pin),
notifications/activity feed, AI prediction + chat wiring, org-scoped incident
visibility, security fixes (/user/<id> auth-gated), UUID primary keys + public
schema, and SMS OTP via Twilio (upstream orange->twilio integrated).

DB note: requires the matching UUID/public-schema database (migrated separately);
the deploy's auto-migrate is a no-op against that DB.
@immerSIR immerSIR merged commit 8916485 into 223MapAction:main Jul 1, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant