feat(THU-448): App version management: track device versions and enforce minimum version (BACKEND)#985
Open
arienemaiara wants to merge 2 commits into
Open
feat(THU-448): App version management: track device versions and enforce minimum version (BACKEND)#985arienemaiara wants to merge 2 commits into
arienemaiara wants to merge 2 commits into
Conversation
- Add app_version column to devices and persist X-App-Version on token issue - Cap header at 32 chars; leave column untouched when header is absent - Surface minAppVersion via GET /config (omitted when unset) for client-side enforcement
arienemaiara
changed the title
Semgrep Security ScanNo security issues found. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 19b1bd2. Configure here.
PR Metrics
Updated Mon, 15 Jun 2026 19:21:43 GMT · run #1889 |
|
Preview environment deployed 🚀
Stack: Auto-destroys on PR close/merge. Login via the bundled Keycloak realm — |
- Server manages devices.app_version via X-App-Version header on requests - Add app_version to PowerSync upload deny list so clients can't override it - Test confirms PATCH strips app_version while letting other fields through
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Low Risk
Additive nullable column and config flag with server-side validation; enforcement remains on the client unless paired with frontend changes.
Overview
Adds device app version tracking and optional minimum version configuration for clients.
A migration adds nullable
app_versiononpowersync.devices. On PowerSync token requests, the server readsX-App-Version(trimmed, max 32 chars), persists it via device upsert, and ignores oversized values. Omitting the header leaves any existing version unchanged.app_versionis treated as server-managed: PowerSync upload PATCH cannot set it.MIN_APP_VERSIONis wired through settings and exposed on unauthenticatedGET /configasminAppVersion, omitted when unset so clients can treat missing values as no enforcement. Tests cover config wiring, token persistence, header validation, and upload stripping.Reviewed by Cursor Bugbot for commit 22112bd. Bugbot is set up for automated code reviews on this repo. Configure here.