Skip to content

fix(env): scope branch-override lookup by branchId#109

Merged
kristof-siket merged 1 commit into
mainfrom
fix/env-branch-scope-lookup
Jul 2, 2026
Merged

fix(env): scope branch-override lookup by branchId#109
kristof-siket merged 1 commit into
mainfrom
fix/env-branch-scope-lookup

Conversation

@kristof-siket

Copy link
Copy Markdown
Contributor

Problem

project env update --branch and project env add --branch fail contradictorily on any branch that already has an override for a key:

  • add --branch → server 409 "already exists in this scope"
  • update --branch → CLI ENV_VARIABLE_NOT_FOUND "not found in branch:…"

One says the variable exists, the other says it doesn't. Neither path can touch an existing branch override, so re-running a workflow that sets a per-branch override hard-fails.

Root cause

findVariableByNaturalKey listed environment variables by (projectId, class, key) and filtered by branch client-side, inspecting only the first page. GET /v1/environment-variables is paginated (default limit=100, ordered createdAt asc). Once a project accumulates more than a page of preview overrides for a given key, the newest branch's row sorts onto a later page and the lookup returns null even though the row exists on the server.

Downstream:

  • update's pre-lookup returns null → throws ENV_VARIABLE_NOT_FOUND before it ever PATCHes.
  • add's existence pre-check also returns null → it POSTs → the server (which enforces uniqueness on projectId, branchId, class, key) rejects with 409.

The endpoint already supports a branchId filter — the lookup just wasn't using it.

Why this surfaced now

This is a latent bug (the branch-override lookup has never passed branchId), triggered by data volume rather than a code change. In one affected project, the count of preview-class rows for BUILD_RUNNER_BASE_URL had just crossed the page limit (104 rows, 104 distinct branches, 4 past the first page) — so the freshly-created branch override was the row that fell off page 1. First deploy of a branch (which takes the add/create path) still worked; every re-deploy (the lookup path) failed. That first-run-vs-rerun signature is exactly what the pagination boundary produces.

Fix

Pass branchId to the list query for branch-scoped lookups so the server returns the single exact row regardless of how many branches exist. Role-scoped lookups (branchId === null) are unchanged.

Testing

  • pnpm --filter @prisma/cli exec tsc --noEmit — clean
  • pnpm --filter @prisma/cli test — 563 passed
  • Added a regression test asserting the branch-override lookup sends branchId; verified it fails without the source change and passes with it.

Known residual (out of scope)

Role-scoped (template) lookups still fetch a single page and filter branchId === null client-side — the same pagination class of bug in theory — but the list query type only accepts branchId?: string, so there's no way to express "branchId IS NULL" as a server filter today, and template rows are singular per key and created early (page 1). Worth a follow-up if the API grows a null-branch filter. Separately, the projects hitting this also have a data-hygiene problem: preview-branch overrides (and their branches/databases) are never cleaned up, which is what let the row count climb past the page limit in the first place.

🤖 Generated with Claude Code

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 2 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: f0033f98-465c-4e9a-a755-acbba04c9214

📥 Commits

Reviewing files that changed from the base of the PR and between cfe80a4 and 3eec258.

📒 Files selected for processing (2)
  • packages/cli/src/controllers/app-env-api.ts
  • packages/cli/tests/app-env.test.ts

Warning

Walkthrough skipped

File diffs could not be summarized.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/env-branch-scope-lookup
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch fix/env-branch-scope-lookup

Comment @coderabbitai help to get the list of available commands.

coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 2, 2026
`findVariableByNaturalKey` listed environment variables by
`(projectId, class, key)` only and filtered by branch client-side, but
the list endpoint is paginated (default 100 rows, ordered createdAt
asc). Once a project accumulates more than a page of preview overrides
for a key, the newest branch's row falls off the first page, so the
lookup returns null even though the row exists.

`project env update --branch` then reports the variable as not found,
and `project env add --branch`'s pre-check also misses it and POSTs,
which the server rejects with a 409. The two paths contradict each
other and neither can touch an existing branch override.

Pass `branchId` to the list query for branch-scoped lookups (the
endpoint already supports the filter) so the server returns the single
exact row regardless of how many branches exist. Role-scoped lookups
are unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kristof-siket

Copy link
Copy Markdown
Contributor Author

@CodeRabbit review

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@kristof-siket

Copy link
Copy Markdown
Contributor Author

@CodeRabbit approve

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
✅ Action performed

Comments resolved and changes approved.

@kristof-siket kristof-siket merged commit c6f2e21 into main Jul 2, 2026
10 checks passed
@kristof-siket kristof-siket deleted the fix/env-branch-scope-lookup branch July 2, 2026 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant