fix: OR rule sections incorrectly evaluated as AND due to operator coercion

[stormshaker]

Problem

Each rule section combines with the previous via the operator on the section's first rule. When that operator is left unset it is stored as null, and the comparator misread null as AND:

// rule.comparator.service.ts — choosing the section combine
sectionActionAnd = +parsedRule.operator === 0;

RuleOperators.AND === 0, and in JS +null === 0 is true, so an unset section operator was treated as AND. Items that matched only one section of such a rule were then dropped by the AND intersection.

Explicitly choosing AND or OR always worked (+'1' === 0 is false); only the unset default was affected. Two related gaps made that state reachable and sticky:

• the rule editor allowed saving a section without choosing an operator, and
• YAML export dropped a numeric AND (0) operator via a truthy check (rule.operator ? ...), losing it on round-trip.

Fix

Null-guard the coercion so an unset operator falls through to OR, consistent with how null is already treated within a section:

sectionActionAnd =
  parsedRule.operator != null &&
  +parsedRule.operator === RuleOperators.AND;

Operators are persisted as strings (e.g. "0"/"1"), so the + coercion is kept — a strict parsedRule.operator === RuleOperators.AND would never match the stored "0".

Also included

• Rule editor — require an explicit operator on every non-first rule (the docs state it is required from the second rule/section onward).
• Migration — backfill existing rules with an unset operator to the value they already evaluate as today, so no existing rule changes behaviour:

  // section boundary defaulted to AND, within-section defaulted to OR
  parsed.operator = isFirstRuleOfSection ? '0' : '1';

• YAML export — use a null check instead of a truthy check so a numeric AND (0) operator is preserved:

  ...(rule.operator != null ? { operator: RuleOperators[+rule.operator] } : {}),

[enoch85]

Hey thanks for the PR.

Can you describe the reasoning behind this? Please also describe how you prompted and if you ever corrrected the AI.

Would also like to know if you run this yourself in your prod?

[enoch85]

@stormshaker Looking at this now. The bug is real. Though this PR is incomplete.

I will fix it for you. Will commit soon. Once I've committed, please test this. Even if I tested it you are the one with the issue, so we need to confirm this for real instead of assuming anything - this is a behavioral change, and quite critical.

[enoch85]

@stormshaker This is ready for testing on your end now. Please checkout the branch and run against a working server.

I asked AI to do some tests, and also write down some test sceneraios. What's left to test needs a real server, and manual testing. Here they are:

The latest commit (b5aacc5d, the regression fixes) adds YAML-decode backfill of omitted non-first operators and a server-side operator guard.

🔧 = rows added or changed in a follow-up verification pass (the last-commit re-tests and the mock-Jellyfin round-trip/evaluation). Unmarked rows are from the original write-up.

Tests performed

Test	What was performed	Result	Passed
Comparator — unset operator	Unit test: two sections, section-1 operator null, item matches only one section.	Item is kept (OR union); section reported as OR.	Yes
Comparator — explicit AND (string)	Unit test: section operator stored as the string "0" (AND), item matches only one section.	Item is excluded (AND intersection); proves the + coercion is retained so "0" is not misread as OR.	Yes
Comparator — overlapping OR dedup	Unit test: one item satisfies two overlapping sections.	Item appears exactly once (no duplicate).	Yes
Migration — backfill values	In-memory SQLite: null operators across two groups/sections.	First rule of a group stays null; section boundary -> "0" (AND); within-section -> "1" (OR); explicit operators untouched.	Yes
Migration — field preservation	In-memory SQLite: rewrite a null-operator rule.	Only operator changes; other ruleJson fields unchanged.	Yes
Migration — at real app boot	Seeded a rule with a null section operator, started the app, inspected the DB.	Migration ran at startup, normalised the null operator, recorded in the migrations table; no schema drift.	Yes
YAML export (service)	Unit test: encode a rule whose AND operator is the numeric 0.	operator: AND is emitted (not dropped); survives encode -> decode round-trip.	Yes
🔧 YAML decode — omitted non-first operator (b5aacc5d)	Live API POST /api/rules/yaml/decode on the running app: legacy YAML with the non-first operators deleted (two sections, three rules).	All three rules decode (none truncated); operators backfilled to null, OR, AND by the same positional heuristic as the migration.	Yes
🔧 Server guard — null non-first operator (b5aacc5d)	Live API PUT /api/rules: a non-first rule with operator: null, then the same payload with an explicit OR.	Null is rejected with "Operator is required for every rule after the first" before any DB lookup; the explicit-OR payload clears the guard (fails later only because the throwaway id does not exist).	Yes
UI guard (component)	Unit test: non-first rule with first value + action but blank operator.	Reported incomplete (not committed); commits once an operator is chosen.	Yes
End-to-end (HTTP)	rules-test-matrix.e2e.ts via /api/rules/test, media server mocked as live: null section operator, item matches only section 0.	Returns true (OR union); the AND counterpart returns false (intersection).	Yes
Manual 1 — within-section operator	Browser: added a second rule in the same section, filled first value + action, left the within-section "Operator" blank.	Rule stayed incomplete; selecting the operator completed it. Guard applies to all non-first rules.	Yes
Manual 3 — reorder follows position	Browser: dragged rule 2 above rule 1.	New first rule lost its operator field; new second rule gained a required (blank) operator and re-flagged incomplete.	Yes
Manual 4 — YAML export in UI	Browser: built a two-rule section with AND, opened Export.	YAML contained operator: AND.	Yes
🔧 Manual 5 — YAML import, omitted operators (b5aacc5d)	Browser: edited a seeded group, Import -> Upload YAML of a legacy two-section/three-rule document with the non-first operators removed.	All 2 sections / 3 rules render (none dropped); operator dropdowns pre-filled OR (within-section) and AND (section boundary); no "incomplete rules" warning. This is the HIGH regression — confirmed fixed.	Yes
🔧 Manual 2 — edit/save round-trip	Browser, with a local mock Jellyfin stub answering the adapter's calls (connection, /Users, /Library/MediaFolders, item metadata): imported the omitted-operator YAML, clicked Save, reopened the rule.	Saved and persisted; reopened with 2 sections / 3 rules, operators pre-selected OR + AND, no "incomplete" warning. DB rows store operator as null, "1", "0". Earlier "blocked by environment" note is now resolved via the stub.	Yes
🔧 Live OR evaluation — legacy null operator	With the mock stub: planted a group whose section-1 operator is null (the state the new save guard rejects) directly in the DB, then POST /api/rules/test for three movies whose mock rating drives the rule.	Operator resolves to OR; rating 9 -> kept (both), rating 6 -> kept (matches only section 0), rating 2 -> dropped (neither). Confirms the fix over the real comparator+getter via HTTP, not just the mocked unit harness.	Yes
🔧 Live AND evaluation — explicit AND	With the mock stub: section-0 rating>5 AND section-1 rating>8, via /api/rules/test.	rating 9 -> kept (both), rating 6 -> dropped (matches only section 0), rating 2 -> dropped. The exact mirror of the OR case — proves explicit AND still intersects and is not misread as OR.	Yes
🔧 3-section chain, unset operator mid-chain	With the mock stub: s0(>8) [AND] s1(>5) [operator omitted -> OR] s2(>5), via /api/rules/test.	rating 6: (false AND true) OR true -> kept; the unset mid-chain operator resolves to OR and rescues the item the bug would have dropped. rating 2 -> dropped.	Yes
🔧 Numeric-operator round-trip	Encode rules with operators stored as the numbers 0/1, inspect the YAML, decode it back (live encode/decode API).	YAML emits operator: AND and operator: OR (numeric 0 not dropped — the export fix); decode returns [null, 1, 0] unchanged.	Yes
🔧 Migration — 600-row on-disk simulation	Real migration class run against a real on-disk SQLite file seeded with 600 adversarial legacy rows across 80 groups (344 null, 48 operator-key-omitted, 104 string, 104 numeric; non-contiguous sections; rows inserted interleaved so id order != group order). Checked every row against an independent oracle, then re-ran and called down().	All 600 backfilled to their current effective behaviour (first-of-group stays null, section boundary -> AND, within-section -> OR); explicit string/number operators untouched; all other ruleJson fields preserved; no rows lost; second run is a no-op; down() changes nothing.	Yes
🔧 Migration — partial/interrupted state	Real migration class run against an on-disk DB where half the rows were already normalized (simulating a backfill that died mid-loop), then re-run.	Re-run reaches the exact same state as a clean run; already-normalized rows are left untouched; no rows lost or double-applied.	Yes
🔧 Full executor run (collection mutation)	With the mock stub: set group to rating>5, triggered POST /api/rules/{id}/execute (the real Run Rules executor, not single-item test), polled to completion, inspected collection_media.	Executor pulled the library, evaluated each item via the real comparator+getter, and reconciled the collection: rating 9 & 6 -> includedByRule=1, rating 2 -> includedByRule=0. Against the mock, not a real server; *arr side-effects not exercised.	Yes
🔧 Post-migration editor load	Browser: reopened a saved rule whose section operators are the backfilled '0'/'1' (the migration's output).	Editor shows the section boundary as AND and within-section as OR, pre-selected, with no "incomplete rules" warning — a backfilled rule loads cleanly and re-saves without a false incomplete flag.	Yes
🔧 Media-server switch — cross-server rule migration	POST /api/settings/media-server/switch Jellyfin↔Emby round-trip (migrateRules=true), plus the Plex preview.	Jellyfin→Emby migrated all 662 rules (390 media-server props app 6→7), 0 skipped; Emby→Jellyfin round-trips losslessly (back to 390 on app 6); *arr/Seerr/Tautulli rules left untouched; Jellyfin→Plex preview drops 16 Jellyfin-only props (favoritedBy) with reasons. Operators are carried through unchanged, so the fix's data survives a server switch.	Yes
🔧 Reorder persistence (rules + sections)	Browser: reordered rules within a section and whole sections; plus a chaos pass — 3 sections × 3 rules (9 distinct values) shuffled with 7 interleaved rule/section moves. Saved, reopened, inspected the DB.	Order, section grouping and operators persist exactly (editor == DB == reload); no rules lost; sections re-index contiguously. The null operator is always forced onto the top rule on save; dragging the existing top rule down correctly flags it incomplete until an operator is chosen, so there is never a non-top null.	Yes
🔧 Full unit suites	@maintainerr/server and @maintainerr/ui test runs (re-run this session).	Server 1363/1363, UI 213/213. (1363, up from 1358 — the last commit added specs.)	Yes
🔧 Static checks	check-types, lint, format:check (re-run this session).	All clean.	Yes

What is left to test

Critical gaps, mostly things that require a reachable media server or a real
upgraded database — neither of which exists in this dev instance.

Area	What to test	Why it matters / risk	Priority
🔧 Real rule execution on a real server	Repeat the OR/AND/3-section and executor checks against a live Jellyfin/Plex/Emby with real library data (incl. real *arr side-effects).	OR + AND + 3-section + the collection-mutating executor are all now verified against a local mock stub, but never against real library data or real *arr actions.	High
🔧 Migration on your real upgrade DB	Run the upgrade against your actual production DB.	A 600-row adversarial on-disk simulation (mixed string/number/omitted operators, non-contiguous sections, interleaved ids) passed against an independent oracle, so the logic is covered; only your literal production data remains unconfirmed.	Medium
*arr side-effects in Run Rules	A real Radarr/Sonarr so the executor's delete/unmonitor/exclusion actions actually fire.	The executor's collection add/remove was verified against the mock, but the *arr actions were only accepted by the stub, not really performed.	Medium
🔧 Live OR/AND evaluation on real Plex/Emby	Run the actual OR/AND rule evaluation against a live Plex and Emby (not only Jellyfin).	Cross-server rule migration (incl. operators) is now verified via the switch test above; the comparator is server-agnostic. What remains is confirming each server's getter resolves values correctly — needs a real Plex/Emby.	Low

[enoch85]

The last push was regression fixes.

[enoch85]

Did a few more tests. Updated the comment above. 👍

[enoch85]

@stormshaker Testing rules now. :)

[enoch85]

@stormshaker I've been on this for 10 hours straight now. I've tested what I can in my dev environment (codespace) but not yet on "a real" server.

Merging this to development for easier testing. Please test this thoroughly yourself. Write to me in this PR. Thanks! 🙏

[stormshaker]

WIll do... you've been busy! I'm in Australia, so we're offset on time zones. But I'm off to work now, will take a look tonight. Thanks!

[stormshaker]

I'm still testing this, but @enoch85, I thought I'd give you an update. Migration looks good, but I think we need to target OR for the existing rule migration to replicate how they worked before the bugfix, rather than AND. The first run after the migration (using AND) resulted in a 14-item collection -> 0. Changing the section operator to OR resulted in the same 14 items as before migration. That was on a Movies rule, I'll continue with TV Series.

[enoch85]

Thanks for the update. Please test on latest development build. Pushed some more fixes.

[enoch85]

Here's something for your AI after some investigation;

[enoch85]

@stormshaker Please also ask your AI to read the latest release review documents. They explain how to test.

Note; you always need a clean untouched DB on 3.12.1 before you upgrade to the development container. Else you won't get true/real results.

[stormshaker]

Thanks for investigating the 14→0 case. Here's the raw pre-migration ruleJson as requested — extracted from a CA Backup taken 2026-05-23 04:48 UTC, before any upgrade.

Rule 11 (Movies Leaving Soon) — raw rows:

id	section	operator (raw)	description
439	0	null	viewCount EQUALS 0 — first rule of group
440	0	0 (numeric)	addDate BEFORE 60d
441	1	null	viewCount BIGGER 0 — section boundary
442	1	0 (numeric)	lastViewedAt BEFORE 180d
443	1	0 (numeric)	imdb SMALLER 7.5
444	1	0 (numeric)	rating_user SMALLER 8

Rule 12 (TV Leaving Soon) — raw rows:

id	section	operator (raw)	description
453	0	null	sw_amountOfViews EQUALS 0 — first rule of group
454	0	"0" (string)	addDate BEFORE 45d
455	0	"0" (string)	Sonarr.monitored EQUALS false
456	1	null	sw_amountOfViews BIGGER 0 — section boundary
457	1	"0" (string)	sw_lastWatched BEFORE 3y
458	1	"0" (string)	imdb SMALLER 6.8
459	1	"0" (string)	rating_user SMALLER 8
460	1	"0" (string)	Sonarr.monitored EQUALS false

This confirms your analysis exactly: rows 441 and 456 have operator: null at the section boundary. Under 3.12.1's +null === 0 → AND evaluation, both rules were ANDing mutually exclusive sections (viewCount=0 AND viewCount>0), so they were producing 0 new matches on 3.12.1. The 14 collection items were residual from an earlier rule configuration.

Also worth noting: Rule 12 mixes storage formats — some operators are stored as string "0", others as numeric 0. The + coercion handles both identically.

I'm now running a clean test using the May 23 backup DB (pre-migration) against the latest development image. Will report back.

[enoch85]

Great!

[enoch85]

Suggested release note:

Rule section operators: an unset section operator now defaults to OR (previously AND). Existing rules are automatically migrated to preserve their current behavior — your collections won't change semantics. The first rule run after upgrading will reconcile collections (removing items that no longer match). This migration is not reversible.

[stormshaker]

Clean DB test results

Tested against a pristine pre-migration DB (CA Backup from 2026-05-23 04:48 UTC, before any upgrade), running the latest development image.

Migration verification

Migration NormalizeRuleSectionOperators1779622081794 ran at startup. Confirmed in the migrations table. The two section-boundary rows backfilled correctly:

Rule	Row id	Pre-migration operator	Post-migration operator
11 (Movies Leaving Soon)	441	null	"0" (AND)
12 (TV Leaving Soon)	456	null	"0" (AND)

All other fields in ruleJson unchanged. Migration is correct and lossless.

Rule 11 execution (Movies Leaving Soon)

• Active items after run: 0
• Cumulative mediaCount: 0
• Duration: ~66 minutes (full library scan)

Result: 0 matches, as expected. With section-boundary operator now explicitly AND, the mutually exclusive sections (section 0: viewCount = 0, section 1: viewCount > 0) can never both be satisfied simultaneously. This is consistent with 3.12.1 behaviour — the rule was already producing 0 new matches before the upgrade. The 14 items we reported earlier were stale residuals from a prior rule configuration, not actively matched items.

Conclusion

The migration correctly preserves 3.12.1's effective behaviour. The 14→0 observation from our earlier testing was not caused by the migration — it simply made explicit what was already true: these rules had broken section logic that was always AND under 3.12.1.

To get the rules working as intended (OR between sections), users need to manually set the section operator to OR in the rule editor — which the new UI now makes possible.

---

Test environment: Plex + Radarr + Sonarr on real production library data. DB restored from CA Backup taken the morning of 2026-05-23, before any upstream-dev container was run.

[stormshaker]

Thanks for writing that up — the structure is clear and the migration explanation is accurate. One small suggestion before it ships:

The final sentence "The first rule run after upgrading will reconcile collections (removing items that no longer match)" may cause unnecessary alarm — since the migration preserves 3.12.1 semantics exactly, the first run should produce identical results to before the upgrade. Our clean-DB test confirmed this: 0 new items were added or removed on the first run post-migration. It might be worth removing that sentence, or it could be read as implying the migration changes behaviour when it doesn't.

Also two things that might be worth adding, since they're user-facing:

• The rule editor now requires an explicit operator on every non-first condition — users editing existing rules will notice new required fields
• Users who had multi-section rules that weren't matching as expected (silently ANDed) can now open the rule editor and correct the section operator to OR

Here's a suggested rewrite incorporating those points, feel free to adjust the tone:

Rule section operators

Fixed a bug where an unset section operator was incorrectly treated as AND. Sections now correctly default to OR when no operator is set, consistent with their intended purpose.

Existing rules are automatically migrated to preserve their current behaviour — section-boundary operators are made explicit rather than inferred, so your rules will evaluate identically after upgrading.

If you have multi-section rules that weren't matching as expected, this is likely why. You can now open the rule editor and set the section operator explicitly to OR — the field is now visible between sections where it was previously hidden.

New rules now require an explicit operator on every non-first condition. The rule editor enforces this before saving.

This migration is not reversible.

Happy to leave it entirely with you if you'd prefer to word it differently — just flagging the contradiction before it goes out.

[enoch85]

Thanks! So testing proves everything is OK?

Did you run the PR-tagged container to see the exact logs?

[enoch85]

@stormshaker Also, what is your opinion on this? Does it work as you would expect?

[stormshaker]

I would like to test it some more. Without starting from a blank database... I'd like to take an existing database with null values in the rules, with collections that have mediaCount > 0, and upgrade the container just as a user would. Then, I'd like to see the rules run, and my mediaCount remain the same. No impact of the upgrade - have it all seamless. The only change from a user's perspective should be that the section operator dropdowns now show the operator, rather than being empty.

So in my opinion, I'd like more testing. For a few more days, it's worth it for more assurance.

[enoch85]

Good call! I'll be waiting for your results. The logging PR I made will only log now for testing sake. Then I'll remove it or keep the regression tests.

But, you can use it for testing to get logged results. That's easier for you. 👍🏼

[enoch85]

I also tested this once more, based on clean DB and the community rules. Here are the result:

Method: clean 3.12.1 DB (verified: migration not in migrations table) → import all community rules with their original null operators → run every rule → upgrade to development (migration backfills operators at boot) → run every rule again → diff outputs.

Test slice	Count	Before (3.12.1)	After (dev + migration)	Same?
Community rule groups imported	167 (890 rules)	—	—	—
Comparisons (groups × 3 mock items)	501	501 outputs	501 outputs	✅ 0 diffs
Multi-section groups (operator applies)	118	identical	identical	✅
AND/OR-sensitive groups (sections disagree)	47	identical	identical	✅
Per-section results	501	identical	identical	✅
Comparisons that matched (kept = true)	—	43	43	✅
Non-first rules still null after migration	—	n/a	0	✅

Conclusion: every output is identical before vs after — including the 47 rules where AND-vs-OR is outcome-determining. The migration makes section operators explicit (null → "0"/"1"); it does not change how any rule evaluates.

[stormshaker]

OK, that's a solid test. I'm still setting mine up, but I have only a few rules in my prod - nothing like the community rules. I'll let you know when I'm done but those results above are very promising :)

[stormshaker]

Hi @enoch85, I've completed a full pass pre to post upgrade and verified that the counts look good. One small discrepancy when I captured the pre-upgrade 3.12.1 Rule 11 number. Overall, I'd call that a pass on my large library.

---

Test environment: Claude Code (AI assistant) ran the API calls and monitoring; results reviewed and verified by me throughout.

Setup

Tested Rules 11 (Movies Leaving Soon) and 12 (TV Leaving Soon) — both multi-section rules, each with a section 0 and a section 1. The null section-boundary operators were left as-is (not manually patched) to let the migration do its work naturally.

3.12.1 baseline (pre-upgrade)

Rule	DB collection_media	Plex collection childCount
11 — Movies Leaving Soon	439	448
12 — TV Leaving Soon	157	—

The 9-item gap between Rule 11's DB count and Plex collection count is write-lag: the Plex collection sync had finished at 448 but the DB batch write was still in progress when we captured the snapshot.

Dev image (post-upgrade)

Rule	DB collection_media	Plex collection childCount
11 — Movies Leaving Soon	448	448
12 — TV Leaving Soon	157	—

Rule 11 DB and Plex collection are now in sync at 448. Rule 12 unchanged at 157. ✅

NormalizeRuleSectionOperators migration

On first startup the migration ran and converted the null operators at section boundaries to explicit 0 for both rules. This is the correct backward-compat behaviour: existing rules keep their current AND semantics; new rules created after the upgrade will have null at section boundaries and be correctly OR'd by the fixed comparator.

Unrelated finding during testing

Rule 12 logs show repeated PlexGetterService - Action failed … Cannot read properties of undefined (reading 'viewedAt') errors for TV shows. This is not related to this PR — it's caused by missing Plex watch-history data on my server (the Plex database was recently restored from a snapshot). Flagging it in case it's useful context, but it didn't affect the collection counts.

Verdict: Pass on a large library (~2,800 movies, ~1,000 TV shows). Migration runs cleanly, counts are consistent pre/post upgrade.

[enoch85]

Perfect!

This goes into main. 🎉

[maintainerr-automation]

🎉 This PR is included in version 3.13.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀