Back to corpus
architecturetechnical paper candidatescore 62

DEP — Pipeline Protocol Architecture Audit

The Pipeline Protocol is a 3-table Supabase schema (`pipeline_definitions`, `pipeline_runs`, `pipeline_step_logs`) with 2 VIEWs, 1 trigger, and a shared TypeScript module consumed by 3 edge functions. It bridges to Nexus observability via a Prometheus exporter, Grafana dashboard, Prefect watcher, and a Next.js portal page.

Open full HTMLDownload HTMLCorpus JSONPaper schema

Full HTML reader

Read the full artifact

Open in new tab

Extracted abstract or opening context

# DEP — Pipeline Protocol Architecture Audit **Date:** 2026-02-23 **Scope:** Full architecture review — security, schema, code quality, dependencies, observability bridge **Systems:** Supabase Edge Functions, Pipeline Protocol DB, Nexus Portal, Nexus Exporter, Prefect Watcher, Grafana, Alert Rules The Pipeline Protocol is a 3-table Supabase schema (`pipeline_definitions`, `pipeline_runs`, `pipeline_step_logs`) with 2 VIEWs, 1 trigger, and a shared TypeScript module consumed by 3 edge functions. It bridges to Nexus observability via a Prometheus exporter, Grafana dashboard, Prefect watcher, and a Next.js portal page. The system works end-to-end (verified: run created, step logged, run completed, metrics collected). However, the audit uncovered **3 critical**, **10 high**, **7 medium**, and **6 low** severity findings across security, schema integrity, code quality, and dependency management. The most urgent issues are: 1. Hardcoded Supabase keys in committed source (nexus-portal) 2. `db-migrate-temp` edge function still deployed (arbitrary DDL execution) 3. Pipeline core tables have no migration files (schema drift) 4. `ensureRun` race condition under concurrent dispatch 5. Column name drift between migrations and edge functions (`sweep_id` vs `campaign_id`, `base_quantity` vs `boxes_per_delivery`) | # | Finding | Location | Risk | |---|---------|----------|------| | S1 | **Hardcoded Supabase anon JWT + project ref** in client-side source. 9-year expiry token committed to git. | `nexus-portal/src/lib/api.ts:87-89` | Key extraction from browser bundle grants read access to all pipeline data | | S2 | **`toggle_pipeline_run_pause` RPC has no auth guard.** SECURITY DEFINER function callable by anon role — anyone with the leaked key can pause/unpause any pipeline run. | RPC function (applied via temp edge fn) | State manipulation by unauthenticated callers | | S3 | **Pipeline tables may lack RLS policies.** Tables created via Management API, not tracked in migrations. Comment says "SELECT RLS for anon" but no migration confirms this. If RLS is not enabled, anon key grants full table access. | `pipeline_runs`, `pipeline_step_logs`, `pipeline_definitions` | Full data exposure via REST API |

Promotion decision

What has to happen next

Promote into a technical note or architecture paper with implementation anchors.

Why this is not always a full paper yet

Corpus pages are public-safe readers for discovered workspace artifacts. They are not automatically final papers. A corpus item becomes a polished paper only after the editable source, evidence checkpoints, references, figures, render path, and release status are attached through the paper schema.