The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		May 16, 2026 1:49am

PR Summary

Medium Risk
Moderate risk because it changes shared authorization helpers and trims fields returned by the copilot chat list API/contract, which could break any undiscovered consumers despite being a performance-focused refactor.

Overview
Reduces database load on common copilot chat paths by splitting chat access into getAccessibleCopilotChatAuth (lean, auth-only projection) vs getAccessibleCopilotChat (full row), with shared authorization logic.

Updates multiple mutation/authorization routes (chat delete, rename, update-messages, checkpoints create/list/revert, and mothership chat DELETE) to use the new lean helper so they no longer read heavy TOAST columns just to verify access.

Slims the /api/copilot/chat list response to only return chat metadata (drops messages/planArtifact/config) and updates the corresponding Zod contract schema and server-side list transformation accordingly.

^{Reviewed by Cursor Bugbot for commit 59d25fe. Configure here.}

Greptile Summary

This PR splits getAccessibleCopilotChat into a lean getAccessibleCopilotChatAuth (selecting only id, userId, workflowId, workspaceId, type) and preserves the full-select variant for paths that actually consume heavy TOAST columns. Authorization logic is deduplicated into a shared authorizeCopilotChatRow<T> generic.

• lifecycle.ts: New getAccessibleCopilotChatAuth + shared authorizeCopilotChatRow<T extends CopilotChatAuthRow> generic; type is included in the auth projection so chat.type !== 'mothership' guards remain valid.
• queries.ts + copilot.ts: List SELECT drops messages, planArtifact, and config; copilotChatGetListItemSchema updated to match; single-chat GET path is untouched and continues to use the full row.
• Route migrations: rename, delete, update-messages, checkpoints, checkpoints-revert, and mothership-delete all migrated to the lean helper; tests updated with correct per-mock aliases.

Confidence Score: 5/5

Safe to merge — auth logic is shared through a well-typed generic, all migrated routes only needed ownership verification, and the full-select path is preserved for callers that consume message content.

The refactoring is narrow and mechanical: the authorization logic is unchanged, the type column is retained in the lean projection so chat.type guards remain valid, and the previously-flagged test gap in the idempotent-delete path was correctly fixed in this PR.

No files require special attention.

Important Files Changed

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Mutation Route
rename / delete / update-messages
checkpoints / mothership-delete] -->|chatId, userId| B[getAccessibleCopilotChatAuth]
    C[Read Route
chat GET by chatId
resolveOrCreateChat] -->|chatId, userId| D[getAccessibleCopilotChat]
    B --> E[db.select id, userId,
workflowId, workspaceId, type]
    D --> F[db.select *]
    E --> G[authorizeCopilotChatRow T]
    F --> G
    G --> H{chat exists?}
    H -- No --> I[return null]
    H -- Yes --> J{workflowId?}
    J -- Yes --> K[authorizeWorkflowByWorkspacePermission]
    J -- No --> L{workspaceId?}
    L -- Yes --> M[checkWorkspaceAccess]
    L -- No --> N[return chat]
    K --> O{allowed?}
    O -- No --> I
    O -- Yes --> N
    M --> P{hasAccess?}
    P -- No --> I
    P -- Yes --> N

_{Reviews (2): Last reviewed commit: "fix(copilot): exercise idempotent-delete..." | Re-trigger Greptile}

Fixed in 59d25fe — the idempotent-delete test now overrides mockGetAccessibleCopilotChatAuth (matching the route's actual call) so the if (!chat) return { success: true } early-return guard is genuinely exercised. Confirmed the test still passes.

@greptile

@cursor review