docs(wish): pgserve-singleton-no-proxy v2.3 — kill proxy + cosign + self-healing

[namastex888]

Major architectural cutover. Companion wishes paired with automagik-dev/genie and automagik/omni (byte-identical SHARED-DESIGN.md across all three).

Summary

Kill the bun bridge from the data plane: postgres backend listens directly on Unix socket (\$XDG_RUNTIME_DIR/pgserve/.s.PGSQL.5432) AND TCP 5432, no proxy. Replace always-on bun daemon with on-demand CLI verbs (provision, verify, gc, trust, doctor). Add cosign-keyless-OIDC publisher attestation as Tier 2 on top of host_signed (Tier 1) and path-based default (Tier 0). Hardcoded blocklist of known-bad versions. Self-healing pgserve update auto-migrates old layout, restarts pm2, runs doctor --fix tiered.

Version target: pgserve 2.3 (3.0 reserved for post-npm-departure cutover per distribution-exodus).

Scope

9 execution groups, 4 waves, ~3-4 weeks appetite. See WISH.md + SHARED-DESIGN.md.

Test plan

• genie wish lint pgserve-singleton-no-proxy clean
• SHARED-DESIGN.md byte-identical across paired wishes
• No code changes — doc-only PR

Companion PRs

• automagik-dev/genie#pgserve-singleton-no-proxy (consumer-side wiring)
• automagik/omni#pgserve-singleton-no-proxy (consumer-side wiring)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Added comprehensive design specifications for pgserve singleton v2.3 architecture, outlining removal of proxy components, implementation of self-healing updates, new CLI commands (provision, verify, gc, trust, doctor), enhanced security model with keyless attestation, and rollout strategy.

[coderabbitai]

Warning

Rate limit exceeded

@namastex888 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 48 seconds before requesting another review.

To continue reviewing without waiting, purchase usage credits in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5865c558-daf5-4abc-bdac-86b16460a5d2

📥 Commits

Reviewing files that changed from the base of the PR and between 21773a2 and dad6a3f.

📒 Files selected for processing (2)

• .genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md
• .genie/wishes/pgserve-singleton-no-proxy/WISH.md

📝 Walkthrough

Walkthrough

Two new design documents for pgserve v2.3: SHARED-DESIGN.md details the architectural shift from bun proxy to dual-transport (Unix socket and TCP), new CLI verbs, cosign-based verification, self-healing updates, and cross-CLI migration strategy. WISH.md frames the scope, execution waves, acceptance criteria, and rollout plan for the initiative.

Changes

pgserve Singleton No-Proxy Design

Layer / File(s)	Summary
Architectural Vision & Goals .genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md (lines 1–50)	Design shifts from bun proxy to direct dual-transport (Unix socket, TCP). Introduces data/control-plane separation with on-demand CLI control plane. Outlines identity and trust model (cosign, host_signed, self_signed) and on-disk update contract for self-healing.
CLI Surface & Verification .genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md (lines 44–79)	Five new CLI verbs (provision, verify, gc, trust, doctor). Cosign keyless-OIDC verification primitives with hardcoded blocklist and cache handling. Self-healing pgserve update pipeline with old-layout detection and migration.
Schema & Peer Authentication .genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md (lines 63–68)	Per-fingerprint role creation, cosign-tier RBAC, and socket-based peer auth mappings for cross-CLI identity.
Migration & Cutover Strategy .genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md (lines 69–79, 313–361)	One-shot idempotent cutover flow for existing hosts; archival of legacy state; atomic migration with rollback escape hatch; cross-wish dependency enforcement (pgserve, genie, omni).
Rollout Plan & Validation .genie/wishes/pgserve-singleton-no-proxy/WISH.md (lines 127–389); SHARED-DESIGN.md (lines 127–437)	Wave-based rollout (data-plane core, CLI surface, verification, self-healing wiring, validation). Success criteria and acceptance testables for fresh installs, upgrades, and consistency. QA coverage and risk matrix with mitigations.
Requirements & Scope .genie/wishes/pgserve-singleton-no-proxy/WISH.md (lines 1–91)	Wish document framing the initiative, scope boundaries, nine execution groups, cross-cut decisions, and out-of-scope items. Enumerates test/docs/CHANGELOG deliverables and file creation targets.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Host-signed identity (cross-repo tracking) #53: SHARED-DESIGN.md covers the identity and trust model, including host_signed verification (daemon accept-hook, schema fields, handshake flow) that this issue proposes.

Possibly related PRs

• namastexlabs/pgserve#55: Both initiatives consolidate pgserve as the canonical shared Postgres service and reshape CLI integration and deployment contracts across genie and omni via different supervision and transport choices targeting the same architectural outcome.

Poem

🐰 A wish takes flight with prose so clear,
No proxy brawl, just sockets near,
Self-healing paths through waves we roll,
One singleton serves the data goal.
Design and trust in harmony—
Genie, Omni, pgserve agree! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main architectural changes: removing the proxy layer, adding cosign authentication, and implementing self-healing updates. It is specific, clear, and directly related to the primary content (WISH.md and SHARED-DESIGN.md design documents).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch wish/pgserve-singleton-no-proxy

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces a new design and implementation plan for pgserve v2.3.0, transitioning to a singleton architecture that replaces the Bun-based proxy with native PostgreSQL transports and an on-demand CLI. The reviewer provided several technical corrections: the attestation cache should use content hashes instead of modification times for security, redundant database grants should be removed, function privileges must be corrected from USAGE to EXECUTE, and peer authentication mappings should use system usernames instead of numeric UIDs to function correctly.

I am having trouble creating individual review comments. Click here to see my feedback.

.genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md (72)

Using only the binary's mtime for cache invalidation is potentially unreliable as timestamps can be manipulated or preserved during file operations (e.g., cp -p). For a security-sensitive attestation cache, it is safer to include a content hash (e.g., SHA-256) of the binary in the verification logic. This ensures the cache is correctly invalidated if the binary is replaced, even if the mtime remains the same.

.genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md (186)

This GRANT is redundant. In PostgreSQL, the owner of a database (assigned in line 185) automatically possesses all privileges on that database. Explicitly granting all privileges to the owner does not change the effective permissions.

.genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md (187)

In PostgreSQL, the privilege required to run a function is EXECUTE, not USAGE. USAGE is typically used for schemas, sequences, types, and domains.

GRANT EXECUTE ON FUNCTION install_whitelisted_extension(text) TO app_<fp>;

.genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md (204)

PostgreSQL peer authentication identifies the connecting user by their operating system username. If <uid> refers to the numeric User ID, the mapping in pg_ident.conf will fail to match the system user name provided by the kernel during authentication. Ensure the mapping uses the system username as the map key.

.genie/wishes/pgserve-singleton-no-proxy/WISH.md (39)

Relying solely on mtime for cache invalidation is insecure. It is recommended to use a content hash (e.g., SHA-256) of the binary to ensure the cache is invalidated if the binary content changes, regardless of the timestamp.

.genie/wishes/pgserve-singleton-no-proxy/WISH.md (66)

PostgreSQL peer authentication uses the OS username, not the numeric UID. Ensure pg_ident.conf is populated with usernames to avoid authentication failures when connecting natively to the Postgres backend.

[chatgpt-codex-connector]

💡 Codex Review

https://github.com/namastexlabs/pgserve/blob/9b8200bb39399d472669e90194afc038a60c191f/.genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md#L131
Use per-CLI active-work check in shared update contract

Step 6 hardcodes genie ls --active inside the "locked across all three CLIs" update pipeline, which introduces a Genie dependency into pgserve update and omni update. On hosts that only have pgserve (or omni) installed, this can fail pre-update checks and block upgrades entirely; the shared contract should require a CLI-local probe (or a capability-based fallback) instead of a Genie-specific command.

---

https://github.com/namastexlabs/pgserve/blob/9b8200bb39399d472669e90194afc038a60c191f/.genie/wishes/pgserve-singleton-no-proxy/SHARED-DESIGN.md#L203-L205
Redesign peer mapping to preserve per-app DB isolation

The proposed pg_ident.conf model maps a Unix identity directly to app_<resolved_fp>, but peer auth identifies only the OS user, and most local apps run under the same user. That means either later provisions overwrite earlier mappings (breaking existing apps) or multiple mappings allow a process to request another app role, defeating the document’s per-project isolation guarantees for unsigned apps.

---

https://github.com/namastexlabs/pgserve/blob/9b8200bb39399d472669e90194afc038a60c191f/.genie/wishes/pgserve-singleton-no-proxy/WISH.md#L345-L347
Align migration rollback behavior with shared update contract

This execution group requires automatic rollback from snapshot on migration failure, but the shared design’s update contract defines rollback as manual and explicitly forward-only after failure. Keeping both statements creates conflicting implementation targets for parallel agents and can produce inconsistent update behavior across repos; one contract should be removed so all implementations converge on the same failure semantics.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".