feat: add organization_id to overall_reviews

[devin-ai-integration]

Add organization_id to overall_reviews

This PR adds the organization_id column to the overall_reviews table and implements Row Level Security (RLS) policies.

Changes

• Add organization_id column to overall_reviews table
• Set up foreign key constraint
• Create trigger to automatically set organization_id
• Enable RLS and create policies for authenticated users and service_role
• Create type override for overall_reviews

Notes

• This is part of the effort to apply RLS to all tables with organization-based policies

Link to Devin run: https://app.devin.ai/sessions/aab9933e760449628978632355e14cd2

[changeset-bot]

⚠️ No Changeset found

Latest commit: 284b074

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
liam-app	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 30, 2025 11:32am
liam-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 30, 2025 11:32am
liam-erd-sample	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 30, 2025 11:32am

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[supabase]

Updates to Preview Branch (devin/1745584099-add-organization-id-overall-reviews) ↗︎

Deployments	Status	Updated
Database	✅	Wed, 30 Apr 2025 11:28:40 UTC
Services	✅	Wed, 30 Apr 2025 11:28:40 UTC
APIs	✅	Wed, 30 Apr 2025 11:28:40 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks	Status	Updated
Configurations	✅	Wed, 30 Apr 2025 11:28:41 UTC
Migrations	⚠️	Wed, 30 Apr 2025 11:28:41 UTC
Seeding	✅	Wed, 30 Apr 2025 11:28:41 UTC
Edge Functions	✅	Wed, 30 Apr 2025 11:28:41 UTC

---

⚠️ Warning — Applied out-of-order migrations: [frontend/packages/db/supabase/migrations/20250424000000_add_organization_id_to_review_feedback_knowledge_suggestion_mappings.sql frontend/packages/db/supabase/migrations/20250424113811_add_organization_id_to_github_pull_requests.sql frontend/packages/db/supabase/migrations/20250424113905_add_organization_id_to_schema_file_paths.sql frontend/packages/db/supabase/migrations/20250424123000_add_organization_id_to_migration_pull_request_mappings.sql frontend/packages/db/supabase/migrations/20250424124724_add_organization_id_to_github_pull_request_comments.sql frontend/packages/db/supabase/migrations/20250425122500_add_organization_id_to_knowledge_suggestion_doc_mappings.sql frontend/packages/db/supabase/migrations/20250425122820_add_organization_id_to_doc_file_paths.sql]

---

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

[qodo-merge-for-open-source]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: frontend-ci

Failed stage: Run pnpm --filter @liam-hq/db supabase:start [❌]

Failure summary: The action failed due to a SQL syntax error in the migration script 20250425122828_add_organization_id_to_overall_reviews.sql. The error occurred at line 587 where there is an invalid SQL statement with incorrect syntax near the "or" keyword: UPDATE "public"."overall_reviews" or This caused the database migration to fail with error "syntax error at or near 'or' (SQLSTATE 42601)" when running the pnpm supabase:start command.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 157: �[36;1mpnpm install --frozen-lockfile --prefer-offline�[0m 158: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 159: env: 160: PNPM_HOME: /home/runner/setup-pnpm/node_modules/.bin 161: ##[endgroup] 162: Scope: all 17 workspace projects 163: Lockfile is up to date, resolution step is skipped 164: Progress: resolved 1, reused 0, downloaded 0, added 0 165: Packages: +1566 166: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 167: Progress: resolved 1566, reused 1277, downloaded 0, added 0 168: Progress: resolved 1566, reused 1561, downloaded 0, added 457 169: Progress: resolved 1566, reused 1561, downloaded 0, added 944 170: Progress: resolved 1566, reused 1561, downloaded 0, added 1471 171: Progress: resolved 1566, reused 1561, downloaded 0, added 1566, done 172: WARN  Failed to create bin at /home/runner/work/liam/liam/frontend/apps/erd-sample/node_modules/.bin/liam. ENOENT: no such file or directory, open '/home/runner/work/liam/liam/frontend/packages/cli/dist-cli/bin/cli.js' 173: devDependencies: ... 186: │ │ 187: │ Ignored build scripts: @biomejs/biome, @bundled-es-modules/glob, │ 188: │ @depot/cli, @prisma/client, @prisma/engines, @sentry/cli, core-js-pure, │ 189: │ esbuild, protobufjs, sharp, style-dictionary. │ 190: │ Run "pnpm approve-builds" to pick which dependencies should be allowed │ 191: │ to run scripts. │ 192: │ │ 193: ╰──────────────────────────────────────────────────────────────────────────────╯ 194: frontend/apps/docs postinstall$ fumadocs-mdx 195: frontend/packages/jobs postinstall$ cp ../db-structure/node_modules/@ruby/prism/src/prism.wasm prism.wasm 196: frontend/packages/jobs postinstall: Done 197: frontend/apps/docs postinstall: [MDX] types generated 198: frontend/apps/docs postinstall: Done 199: frontend/apps/app postinstall$ cp ../../packages/db-structure/node_modules/@ruby/prism/src/prism.wasm prism.wasm 200: frontend/apps/app postinstall: Done 201: WARN  Failed to create bin at /home/runner/work/liam/liam/frontend/apps/erd-sample/node_modules/.bin/liam. ENOENT: no such file or directory, open '/home/runner/work/liam/liam/frontend/apps/erd-sample/node_modules/@liam-hq/cli/dist-cli/bin/cli.js' 202: Done in 6.8s using pnpm v10.8.1 ... 570: Applying migration 20250423123350_refine_invite_organization_member.sql... 571: Applying migration 20250423124731_rename_github_doc_file_paths.sql... 572: Applying migration 20250424102300_add_organization_id_to_overall_review_knowledge_suggestion_mappings.sql... 573: NOTICE (42622): identifier "overall_review_knowledge_suggestion_mappings_organization_id_fkey" will be truncated to "overall_review_knowledge_suggestion_mappings_organization_id_fk" 574: NOTICE (42622): identifier "set_overall_review_knowledge_suggestion_mappings_organization_id" will be truncated to "set_overall_review_knowledge_suggestion_mappings_organization_i" 575: NOTICE (42622): identifier "set_overall_review_knowledge_suggestion_mappings_organization_id_trigger" will be truncated to "set_overall_review_knowledge_suggestion_mappings_organization_i" 576: NOTICE (42622): identifier "set_overall_review_knowledge_suggestion_mappings_organization_id" will be truncated to "set_overall_review_knowledge_suggestion_mappings_organization_i" 577: NOTICE (42622): identifier "authenticated_users_can_select_org_overall_review_knowledge_suggestion_mappings" will be truncated to "authenticated_users_can_select_org_overall_review_knowledge_sug" 578: NOTICE (42622): identifier "authenticated_users_can_select_org_overall_review_knowledge_suggestion_mappings" will be truncated to "authenticated_users_can_select_org_overall_review_knowledge_sug" 579: NOTICE (42622): identifier "service_role_can_insert_all_overall_review_knowledge_suggestion_mappings" will be truncated to "service_role_can_insert_all_overall_review_knowledge_suggestion" 580: Applying migration 20250424122906_update_overall_reviews_table.sql... 581: Applying migration 20250424163100_get_invitation_data.sql... 582: Applying migration 20250424163200_accept_invitation.sql... 583: Applying migration 20250425122828_add_organization_id_to_overall_reviews.sql... 584: Stopping containers... 585: ERROR: syntax error at or near "or" (SQLSTATE 42601) 586: At statement 2: 587: UPDATE "public"."overall_reviews" or 588: ^ 589: Try rerunning the command with --debug to troubleshoot the error. 590: /home/runner/work/liam/liam/frontend/packages/db: 591: ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL  @liam-hq/db@0.0.0 supabase:start: `pnpm supabase start` 592: Exit status 1 593: ##[error]Process completed with exit code 1. 594: Post job cleanup.

[NoritakaIkeda]

• Authenticated users can only view overall reviews that belong to organizations they are members of.
• Service role can read and insert overall reviews without restriction.
  If you're curious where this table is used, try grepping for .from('overall_reviews') in the codebase.

[liam-migration-preview]

This migration adds the organization_id column to overall_reviews along with a new trigger function and associated RLS policies. A critical issue is that the update statement does not safeguard against missing join results and the TypeScript type override is inconsistent with the NOT NULL constraint, which could lead to data integrity and runtime errors. Overall, the migration is wrapped in a transaction with clear naming and security practices, but addressing the update and type issues is essential for maintaining data consistency and robust security.

Migration URL: https://liam-app-git-staging-route-06-core.vercel.app/app/projects/9d777f64-400a-42f3-a60e-98a59fc97279/ref/devin%2F1745584099-add-organization-id-overall-reviews/migrations/7f084f17-1a9b-4f3c-a3ac-56c1bb9c322e

ER Diagram:

• View ERD for frontend/packages/db/schema/schema.sql: https://liam-app-git-staging-route-06-core.vercel.app/app/projects/9d777f64-400a-42f3-a60e-98a59fc97279/ref/devin%2F1745584099-add-organization-id-overall-reviews/schema/frontend/packages/db/schema/schema.sql

[qodo-merge-for-open-source]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Type Inconsistency The organization_id is defined as optional in the type override but required in the database schema. This could lead to runtime errors when inserting records without an organization_id. organization_id?: string | null } Migration Error Handling The migration updates existing records but doesn't handle the case where the join might not find a matching organization_id, which could leave records with NULL values despite the NOT NULL constraint. UPDATE "public"."overall_reviews" ovr SET "organization_id" = ( SELECT p."organization_id" FROM "public"."migrations" m JOIN "public"."projects" p ON m."project_id" = p."id" WHERE m."id" = ovr."migration_id" LIMIT 1 );

[MH4GF]

👍🏻

[qodo-merge-for-open-source]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Handle missing data safely The query might fail if any migration_id doesn't have a corresponding entry in the projects table. Add a NULL handling mechanism to prevent potential migration failures. frontend/packages/db/supabase/migrations/20250425122828_add_organization_id_to_overall_reviews.sql [5-12] UPDATE "public"."overall_reviews" ovr SET "organization_id" = ( SELECT p."organization_id" FROM "public"."migrations" m JOIN "public"."projects" p ON m."project_id" = p."id" WHERE m."id" = ovr."migration_id" LIMIT 1 +) +WHERE EXISTS ( + SELECT 1 FROM "public"."migrations" m + JOIN "public"."projects" p ON m."project_id" = p."id" + WHERE m."id" = ovr."migration_id" ); Apply this suggestion Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that the UPDATE statement might result in NULL values if the join doesn't find a corresponding organization_id. This would cause the subsequent ALTER COLUMN ... SET NOT NULL (line 15) to fail. While the improved_code using WHERE EXISTS doesn't fully solve the problem (the ALTER would still fail for non-updated rows), it highlights a critical potential failure point in the database migration script.	Medium
Update