* main: (116 commits)
Ensure avatar thumbnails are square
Update useragent to recognize twitterbot/facebot
Add defensive styles for non-square avatar images
Update test for copy changes
Missed commit
AI: standardize on https://agents.md
Make it clear this is just notifications, not comprehensive activity
AI: configure MCP servers for Chrome, Grafana, and Sentry (#1727)
Allow requests from Google Image Proxy
Update to basecamp's useragent fork
Clean up a little bit the CSRF reporting code
Claude: production observability guidance (#1725)
Prevent autoscroll to the root columns container to prevent jump on page load
Include full name string so you can type your name to filter
Prioritize current user and assigned users in assignment dropdown
Check and report on Sec-Fetch-Site header for forgery protection
bundle update
Bump bootsnap from 1.18.6 to 1.19.0
Bump rails from `077c3ad` to `17f6e00`
Fix cards getting stuck in edit mode
...
This adds an initial configuration for staging. Note that we are doing
this ahead of having the full infrastructure in all 3 DCs. So this
this will result in some cross-DC writes for now (e.g. we have a single cache in
IAD). We'll correct this as the infrastructure becomes available.
We'll also run jobs on every app server, until we split them out to
separate instances.
- New untenanted Identity and Membership models
- New `identity_token` cookie with path "/" holds state across tenants
We're not sure whether the untenanted database will be sqlite or
MySQL, and so I've been careful to minimize
- database reads, placing them behind etags and caching
- database writes, only writing when a new Session is created (login)
Note that we track two things in the identity_token cookie: a signed
id, and the updated_at for the underlying Identity object. This allows
us to effectively cache on the Identity without having to hit the
database, by using an Identity::Mock object that is compatible with
etag and cache methods.
The new integration test shows the desired user-facing behavior, which
is to make it easy to login without a tenanted URL and to jump between
tenants.
- the untenanted "login_help" page shows all linked memberships
- the jump menu shows all linked memberships (except the current)
Also introduced a utility script to populate existing employee
Identities, grouping accounts by email address.
We only need to load the extension once, which we're doing in an
initializer. So no need to load it again on the tenanted connections
(and doing so is problematic when it occurs after a fork).
The setup here is a bit rough while we settle some of the details, but
the gist of it is:
- Define accessories to run the primary/replica processes
- Add a web-replica role, which is similar to web but has the
replication-side accessory
- Load the beamer extension on the app's primary tenanted database
Note that we aren't sending any traffic into the replica yet, but it
would be functional to do so. This stage is mainly about testing the
database replication.
ref: https://3.basecamp.com/2914079/buckets/37331921/messages/8422006338
The script takes advantage of the fact that we can bind to the
existing untenanted database by adding it explicitly (and temporarily)
as a readonly shard to the database.yml, and so in the script
with_original_db is connected to the original database.
storage/tenants/%{tenant}/ is now the root directory for all
state stored for a particular tenant, including active storage and the
database.
We leave the existing files and production database in place after the
migration, in case we need to roll back (by reverting the code and
config).
We also don't do a granular active storage blob copy, since the
attachments are mostly on Account (and not on Bubble). Instead we
hardlink the blobs on disk (so we don't take up additional space with
duplicates).
Finally, we're manually adding the kamal-proxy hosts to the deploy
file, so that we can generate letsencrypt certs for the
subdomains. This is only intended to be a short-term solution, we'll
want something like a wildcard cert before we go live.