You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
gittensory's wrangler.jsonc binds only AI, D1 DB, the RateLimiter DO, the multiplexed JOBS queue (+gittensory-jobs-dlq), cron */30, and now UNIFIED_REVIEW_COMMENT:"false". reviewbot's live wrangler.jsonc additionally binds: R2 AUDIT, KV REVIEW_CONFIG (per-slug private rubric), Vectorize VECTORIZE (reviewbot-rag), Browser BROWSER, and a LOCK Durable Object (SubmissionLock, per-PR mutex). The unified comment itself needs NO new binding (D1+AI+Queue suffice). Each missing binding is added ONLY as the feature that needs it lands — a binding gap is a SILENT runtime throw in the Worker (not caught at typecheck if Env is loose). createCloudflareAdapters (the pass-through adapter factory) should wrap these so the same core runs self-host later.
Deliverables
Add a LOCK Durable Object class (export SubmissionLock, per-PR mutex with TTL ~180s / renew ~60s) + binding + migration; only RateLimiter DO exists today.
Add the Vectorize binding (VECTORIZE, bge-m3 / 1024-dim cosine) — gated behind the RAG feature (#wire-rag); fail-safe to no-context when absent.
Add an R2 AUDIT binding OR decide to keep audit on D1 (gittensory audits to D1 today via recordAuditEvent); document the decision (large-blob/screenshot storage is the only reason to add R2).
Add the Browser binding (BROWSER) for visual capture — gated behind the visual feature (#visual-capture).
Decide a home for the private per-slug REVIEW_CONFIG: a new KV namespace (hosted) vs D1/.gittensory.yml (#private-config seam) — record the decision here, implement in the private-config issue.
Decide REVIEW_QUEUE vs reusing the multiplexed JOBS queue with a new review JobMessage type (+ the existing gittensory-jobs-dlq); prefer reuse unless isolation is required.
Wire createCloudflareAdapters so each new binding is consumed through the adapter seam, not dereferenced raw.
Acceptance criteria
Each binding is added incrementally with the feature that needs it, never dereferenced before it exists; every new path is fail-safe-guarded when its binding is absent.
A LOCK/SubmissionLock DO provides a per-PR concurrent-review mutex.
The queue and private-config decisions are recorded (reuse JOBS vs new REVIEW_QUEUE; KV vs D1 for REVIEW_CONFIG).
Binding-gap silent failures: any ported path dereferencing env.REVIEW_CONFIG / VECTORIZE / AUDIT / BROWSER / LOCK throws at RUNTIME (not typecheck if Env is loose). Add the binding + a fail-safe guard before wiring each capability.
Part of #983.
Context
gittensory's
wrangler.jsoncbinds only AI, D1DB, theRateLimiterDO, the multiplexedJOBSqueue (+gittensory-jobs-dlq), cron*/30, and nowUNIFIED_REVIEW_COMMENT:"false". reviewbot's livewrangler.jsoncadditionally binds: R2AUDIT, KVREVIEW_CONFIG(per-slug private rubric), VectorizeVECTORIZE(reviewbot-rag), BrowserBROWSER, and aLOCKDurable Object (SubmissionLock, per-PR mutex). The unified comment itself needs NO new binding (D1+AI+Queue suffice). Each missing binding is added ONLY as the feature that needs it lands — a binding gap is a SILENT runtime throw in the Worker (not caught at typecheck ifEnvis loose).createCloudflareAdapters(the pass-through adapter factory) should wrap these so the same core runs self-host later.Deliverables
LOCKDurable Object class (exportSubmissionLock, per-PR mutex with TTL ~180s / renew ~60s) + binding + migration; onlyRateLimiterDO exists today.VECTORIZE, bge-m3 / 1024-dim cosine) — gated behind the RAG feature (#wire-rag); fail-safe to no-context when absent.AUDITbinding OR decide to keep audit on D1 (gittensory audits to D1 today viarecordAuditEvent); document the decision (large-blob/screenshot storage is the only reason to add R2).BROWSER) for visual capture — gated behind the visual feature (#visual-capture).REVIEW_CONFIG: a new KV namespace (hosted) vs D1/.gittensory.yml (#private-config seam) — record the decision here, implement in the private-config issue.REVIEW_QUEUEvs reusing the multiplexedJOBSqueue with a new reviewJobMessagetype (+ the existinggittensory-jobs-dlq); prefer reuse unless isolation is required.createCloudflareAdaptersso each new binding is consumed through the adapter seam, not dereferenced raw.Acceptance criteria
LOCK/SubmissionLockDO provides a per-PR concurrent-review mutex.JOBSvs newREVIEW_QUEUE; KV vs D1 forREVIEW_CONFIG).Notes
env.REVIEW_CONFIG/VECTORIZE/AUDIT/BROWSER/LOCKthrows at RUNTIME (not typecheck ifEnvis loose). Add the binding + a fail-safe guard before wiring each capability.