From 238e89db9a44c998a012ba27eb6a1731b3fa1dda Mon Sep 17 00:00:00 2001 From: Garry Tan Date: Mon, 16 Mar 2026 19:12:49 -0700 Subject: [PATCH] docs: cross-reference leaderboard duplication, service-role-key warning - Add cross-reference comments between dashboard-queries.ts computeLeaderboard() and dashboard/ui.ts renderLeaderboard() so maintainers know to update both - Add security note in setup-team-dashboard about service-role-key visibility in pg_cron job table Co-Authored-By: Claude Opus 4.6 (1M context) --- lib/dashboard-queries.ts | 3 +++ setup-team-dashboard/SKILL.md | 2 ++ supabase/functions/dashboard/ui.ts | 2 ++ 3 files changed, 7 insertions(+) diff --git a/lib/dashboard-queries.ts b/lib/dashboard-queries.ts index 4d554c0e..8a32f521 100644 --- a/lib/dashboard-queries.ts +++ b/lib/dashboard-queries.ts @@ -228,6 +228,9 @@ export function computeCostTrend(evalRuns: Record[]): CostTrend return { weekly, totalAllTime }; } +// NOTE: The dashboard UI (supabase/functions/dashboard/ui.ts renderLeaderboard()) +// has a parallel client-side implementation of this logic. If you change the +// aggregation or sorting here, update the dashboard JS too. /** * Compute team leaderboard for the current week. */ diff --git a/setup-team-dashboard/SKILL.md b/setup-team-dashboard/SKILL.md index a7089561..5022ab1b 100644 --- a/setup-team-dashboard/SKILL.md +++ b/setup-team-dashboard/SKILL.md @@ -83,6 +83,8 @@ select cron.schedule( Replace `` and `` with actual values. +**Security note:** The service-role-key is stored in the `cron.job` table and visible to anyone with SQL editor access to your Supabase project. This is the standard Supabase pattern for cron → edge function calls. If this concerns you, use Supabase Vault to store the key instead. + ### Step 7: Configure Slack webhook Ask the user for their Slack webhook URL (from https://api.slack.com/messaging/webhooks). diff --git a/supabase/functions/dashboard/ui.ts b/supabase/functions/dashboard/ui.ts index 1224595f..58aa6851 100644 --- a/supabase/functions/dashboard/ui.ts +++ b/supabase/functions/dashboard/ui.ts @@ -768,6 +768,8 @@ export function getDashboardHTML(supabaseUrl: string, anonKey: string): string { } // ---- Leaderboard ---- + // NOTE: This leaderboard aggregation mirrors lib/dashboard-queries.ts computeLeaderboard(). + // If you change the logic here, update the shared pure function too (used by CLI). function renderLeaderboard() { const ws = weekStart(); const hasAnyData = data.evalRuns || data.shipLogs || data.transcripts;