Feat scaffold infra hasura folder structure and hasura config

[BigJohn-dev]

Closes #75

Optimizing tool selection...## PR Documentation

Summary

Scaffolded the Hasura infrastructure project under hasura and added the root Hasura configuration files required for future metadata and migration work.

Files Added

• config.yaml
• .env.example
• .gitkeep
• .gitkeep
• .gitkeep
• .gitkeep

Changes

• Created the full Hasura scaffold structure:
  • safetrust
  • base
  • safetrust
  • safetrust
• Added root Hasura CLI config with:
  • version: 3
  • endpoint: http://localhost:8080
  • admin_secret: myadminsecretkey
  • metadata_directory: metadata
  • synchronous actions handler base URL
• Added .env.example documenting Hasura, Postgres, and JWT settings.

Docker Compose Update

• Updated docker-compose.yml to include a hasura service with correct mounts:
  • ./infra/hasura/migrations:/hasura-migrations
  • ./infra/hasura/metadata:/hasura-metadata
• Added Hasura environment variables for migration and metadata directories.

Validation

• Verified scaffold directories exist.
• Verified docker-compose.yml contains the required Hasura volume mounts and service definition.

Notes

• No database migrations or metadata content were added in this PR; only the initial Hasura infra scaffold and config.
• This enables subsequent Hasura migration and metadata issues to be populated cleanly.

Summary by CodeRabbit

• Chores
  • Added Hasura GraphQL engine infrastructure setup with Docker Compose configuration for local development environments.
  • Configured database schema to support user account management with email tracking and activity timestamps.
  • Added environment variable templates for deployment setup.

[drips-wave]

@BigJohn-dev Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds Hasura GraphQL engine infrastructure configuration including Docker Compose service setup, environment variables template, Hasura CLI configuration, and an initial database migration to create a users table.

Changes

Cohort / File(s)	Summary
Docker & Infrastructure Configuration docker-compose.yml, infra/hasura/config.yaml, infra/hasura/.env.example	Added Docker Compose service for Hasura v2.24.0 with volume mounts to migrations and metadata directories, Hasura CLI configuration with version 3, GraphQL endpoint, admin secret, and action handler webhook base URL, plus environment variable templates for local Hasura setup including database connection and JWT configuration.
Database Migration – Users Table infra/hasura/migrations/safetrust/1731908676359_create_users/up.sql, infra/hasura/migrations/safetrust/1731908676359_create_users/down.sql	Created users table with id (TEXT primary key), email (TEXT NOT NULL with unique constraint), and last_seen (TIMESTAMP default NOW()); down migration reverses table creation and related constraints/indexes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

• Issue #77: Both this PR and issue #77 add the identical Hasura migration files (1731908676359_create_users up and down SQL scripts), indicating they should be coordinated or linked to avoid duplication.

Poem

🐰✨ A hasura garden takes its root,
With migrations sprouting, users in pursuit,
Docker spins the engine, config files align,
The database seeds are planted just fine! 🌱

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The PR includes user creation migration scripts (up.sql and down.sql for a users table) which are not part of the #75 scaffold objectives that explicitly state 'No migrations are added in this issue — only the scaffold and Hasura project config.'	Remove the migration files from infra/hasura/migrations/safetrust/1731908676359_create_users/ or address them in a separate PR aligned with a dedicated migration issue, as they exceed the scope of the initial infrastructure scaffold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change—scaffolding the infra/hasura folder structure and adding Hasura config files—which aligns with the primary objectives.
Linked Issues check	✅ Passed	The PR successfully implements all coding requirements from #75: adds config.yaml with correct Hasura settings, adds .env.example with required environment variables, adds docker-compose.yml Hasura service with proper mounts and environment configuration, and creates the migration and metadata directory structures with .gitkeep files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

infra/hasura/migrations/safetrust/1731908676359_create_users/down.sql (1)

2-8: Optional: simplify rollback to a single table drop.

DROP TABLE ... CASCADE already removes users_email_unique and idx_users_email, so Lines 2-3 and Line 8 are redundant. Keeping only the table drop makes the migration easier to maintain.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@infra/hasura/migrations/safetrust/1731908676359_create_users/down.sql` around
lines 2 - 8, The down migration redundantly drops users_email_unique and
idx_users_email before dropping the users table; simplify by removing the
explicit ALTER TABLE ... DROP CONSTRAINT IF EXISTS users_email_unique and DROP
INDEX IF EXISTS idx_users_email lines and keep a single DROP TABLE IF EXISTS
users CASCADE (which will remove the constraint and index automatically). Ensure
the statement uses the existing DROP TABLE IF EXISTS users CASCADE line and
delete the other two lines referencing users_email_unique and idx_users_email.

infra/hasura/.env.example (1)

3-3: Use an explicit non-production secret placeholder.

Line 3 uses a realistic fixed secret (myadminsecretkey). Prefer a clear placeholder like CHANGE_ME_LOCAL_ONLY to reduce accidental reuse in deployed environments.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@infra/hasura/.env.example` at line 3, Replace the realistic fixed admin
secret in the example env with a clear non-production placeholder: change the
value for HASURA_GRAPHQL_ADMIN_SECRET from "myadminsecretkey" to something
explicit like "CHANGE_ME_LOCAL_ONLY" (or similar) so the .env.example uses a
clearly non-production secret and discourages accidental reuse in deployments.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-compose.yml`:
- Around line 10-15: Replace inline sensitive values in docker-compose.yml with
environment variable references and add an env_file so compose loads them
deterministically; specifically remove the hardcoded HASURA_GRAPHQL_ADMIN_SECRET
and HASURA_GRAPHQL_JWT_SECRET values and replace them with variables (e.g.
${HASURA_GRAPHQL_ADMIN_SECRET} and ${HASURA_GRAPHQL_JWT_SECRET}), ensure
HASURA_GRAPHQL_DATABASE_URL stays as ${PG_DATABASE_URL}, and add an env_file
directive pointing to ./infra/hasura/.env; then create ./infra/hasura/.env from
.env.example containing PG_DATABASE_URL, HASURA_GRAPHQL_ADMIN_SECRET and
HASURA_GRAPHQL_JWT_SECRET (and any other required HASURA_* vars).

In `@infra/hasura/config.yaml`:
- Line 3: The config currently hardcodes admin_secret which must be removed;
replace the concrete value with a runtime-provided secret (e.g., reference an
environment variable or leave the field out of committed config and inject
HASURA_GRAPHQL_ADMIN_SECRET at deploy/startup), and update any
deployment/docker/compose manifests or CI secrets to set that env var so Hasura
reads the admin secret at runtime instead of from the repo; look for the
admin_secret entry to change.

In `@infra/hasura/migrations/safetrust/1731908676359_create_users/up.sql`:
- Around line 8-12: Duplicate index exists: the UNIQUE constraint
users_email_unique on table users already creates a b-tree index on email, so
remove the redundant CREATE INDEX idx_users_email ON users(email) statement (or
replace it with a DROP INDEX idx_users_email if the index was created earlier)
to avoid duplicate indexes and extra storage/write overhead; update the
migration SQL so only the UNIQUE constraint (users_email_unique) remains for the
email column.

---

Nitpick comments:
In `@infra/hasura/.env.example`:
- Line 3: Replace the realistic fixed admin secret in the example env with a
clear non-production placeholder: change the value for
HASURA_GRAPHQL_ADMIN_SECRET from "myadminsecretkey" to something explicit like
"CHANGE_ME_LOCAL_ONLY" (or similar) so the .env.example uses a clearly
non-production secret and discourages accidental reuse in deployments.

In `@infra/hasura/migrations/safetrust/1731908676359_create_users/down.sql`:
- Around line 2-8: The down migration redundantly drops users_email_unique and
idx_users_email before dropping the users table; simplify by removing the
explicit ALTER TABLE ... DROP CONSTRAINT IF EXISTS users_email_unique and DROP
INDEX IF EXISTS idx_users_email lines and keep a single DROP TABLE IF EXISTS
users CASCADE (which will remove the constraint and index automatically). Ensure
the statement uses the existing DROP TABLE IF EXISTS users CASCADE line and
delete the other two lines referencing users_email_unique and idx_users_email.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7880c8ea-652e-436a-8927-63b8e0a6b80a

📥 Commits

Reviewing files that changed from the base of the PR and between decc85f and a46e4a0.

📒 Files selected for processing (9)

• docker-compose.yml
• infra/hasura/.env.example
• infra/hasura/config.yaml
• infra/hasura/metadata/base/.gitkeep
• infra/hasura/metadata/tenants/safetrust/.gitkeep
• infra/hasura/migrations/safetrust/.gitkeep
• infra/hasura/migrations/safetrust/1731908676359_create_users/down.sql
• infra/hasura/migrations/safetrust/1731908676359_create_users/up.sql
• infra/hasura/seeds/safetrust/.gitkeep

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Check compose interpolation inputs and env wiring"
echo "1) compose references:"
rg -n 'PG_DATABASE_URL|HASURA_GRAPHQL_ADMIN_SECRET|HASURA_GRAPHQL_JWT_SECRET' docker-compose.yml

echo
echo "2) root-level env templates (if any):"
fd -HI '^\.(env|env\.example)$' .

echo
echo "3) verify whether root .env.example documents PG_DATABASE_URL:"
if [ -f .env.example ]; then
  rg -n '^PG_DATABASE_URL=' .env.example || true
else
  echo "No root .env.example found"
fi

echo
echo "4) hasura-local env template values:"
rg -n '^(PG_DATABASE_URL|HASURA_GRAPHQL_ADMIN_SECRET|HASURA_GRAPHQL_JWT_SECRET)=' infra/hasura/.env.example

Repository: safetrustcr/dApp-SafeTrust

Length of output: 1043

---

🏁 Script executed:

cat -n docker-compose.yml | head -25

Repository: safetrustcr/dApp-SafeTrust

Length of output: 868

---

🏁 Script executed:

ls -la infra/hasura/

Repository: safetrustcr/dApp-SafeTrust

Length of output: 469

---

🏁 Script executed:

cat .gitignore | grep -i env

Repository: safetrustcr/dApp-SafeTrust

Length of output: 112

---

🏁 Script executed:

ls -la | grep env

Repository: safetrustcr/dApp-SafeTrust

Length of output: 132

---

🏁 Script executed:

cat .env.example | head -20

Repository: safetrustcr/dApp-SafeTrust

Length of output: 52

---

Externalize secrets and add deterministic env file reference to docker-compose.yml.

Lines 13 and 15 embed sensitive values directly in the compose file. Line 14 references ${PG_DATABASE_URL} without a defined env source at the compose level, which can fail at runtime. Add an env_file directive and replace hardcoded values with variable references:

Proposed compose hardening

 services:
   hasura:
     image: hasura/graphql-engine:v2.24.0
+    env_file:
+      - ./infra/hasura/.env
     ports:
       - "8080:8080"
     environment:
       HASURA_GRAPHQL_MIGRATIONS_DIR: /hasura-migrations
       HASURA_GRAPHQL_METADATA_DIR: /hasura-metadata
-      HASURA_GRAPHQL_ADMIN_SECRET: myadminsecretkey
+      HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
       HASURA_GRAPHQL_DATABASE_URL: ${PG_DATABASE_URL}
-      HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256","jwk_url":"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com","audience":"safetrust-890d0","issuer":"https://securetoken.google.com/safetrust-890d0"}'
+      HASURA_GRAPHQL_JWT_SECRET: ${HASURA_GRAPHQL_JWT_SECRET}

Then create ./infra/hasura/.env from the .env.example template with actual values.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	environment:
	HASURA_GRAPHQL_MIGRATIONS_DIR: /hasura-migrations
	HASURA_GRAPHQL_METADATA_DIR: /hasura-metadata
	HASURA_GRAPHQL_ADMIN_SECRET: myadminsecretkey
	HASURA_GRAPHQL_DATABASE_URL: ${PG_DATABASE_URL}
	HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256","jwk_url":"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com","audience":"safetrust-890d0","issuer":"https://securetoken.google.com/safetrust-890d0"}'
	services:
	hasura:
	image: hasura/graphql-engine:v2.24.0
	env_file:
	- ./infra/hasura/.env
	ports:
	- "8080:8080"
	environment:
	HASURA_GRAPHQL_MIGRATIONS_DIR: /hasura-migrations
	HASURA_GRAPHQL_METADATA_DIR: /hasura-metadata
	HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
	HASURA_GRAPHQL_DATABASE_URL: ${PG_DATABASE_URL}
	HASURA_GRAPHQL_JWT_SECRET: ${HASURA_GRAPHQL_JWT_SECRET}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml` around lines 10 - 15, Replace inline sensitive values in
docker-compose.yml with environment variable references and add an env_file so
compose loads them deterministically; specifically remove the hardcoded
HASURA_GRAPHQL_ADMIN_SECRET and HASURA_GRAPHQL_JWT_SECRET values and replace
them with variables (e.g. ${HASURA_GRAPHQL_ADMIN_SECRET} and
${HASURA_GRAPHQL_JWT_SECRET}), ensure HASURA_GRAPHQL_DATABASE_URL stays as
${PG_DATABASE_URL}, and add an env_file directive pointing to
./infra/hasura/.env; then create ./infra/hasura/.env from .env.example
containing PG_DATABASE_URL, HASURA_GRAPHQL_ADMIN_SECRET and
HASURA_GRAPHQL_JWT_SECRET (and any other required HASURA_* vars).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid committing concrete admin secrets in repo config.

Line 3 hardcodes admin_secret. Even for scaffolding, this commonly leaks into shared environments. Prefer a placeholder-free config plus environment-provided secret at runtime.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@infra/hasura/config.yaml` at line 3, The config currently hardcodes
admin_secret which must be removed; replace the concrete value with a
runtime-provided secret (e.g., reference an environment variable or leave the
field out of committed config and inject HASURA_GRAPHQL_ADMIN_SECRET at
deploy/startup), and update any deployment/docker/compose manifests or CI
secrets to set that env var so Hasura reads the admin secret at runtime instead
of from the repo; look for the admin_secret entry to change.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In PostgreSQL, does ALTER TABLE ... ADD CONSTRAINT ... UNIQUE automatically create an index on the constrained column(s)?

💡 Result:

Yes, in PostgreSQL, ALTER TABLE ... ADD CONSTRAINT ... UNIQUE automatically creates a unique B-tree index on the constrained column(s).

Citations:

• 1: https://www.postgresql.org/docs/current/indexes-unique.html
• 2: https://www.postgresql.org/docs/current/ddl-constraints.html

---

Remove duplicate index on users.email.

The UNIQUE constraint on line 9 automatically creates a unique B-tree index on the email column. The explicit CREATE INDEX on line 12 creates a second, redundant index on the same column, causing unnecessary storage and write overhead.

Proposed migration cleanup

 -- Add UNIQUE constraint to email
 ALTER TABLE users
     ADD CONSTRAINT users_email_unique UNIQUE (email);
-
--- Add indices for common queries
-CREATE INDEX idx_users_email ON users(email);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@infra/hasura/migrations/safetrust/1731908676359_create_users/up.sql` around
lines 8 - 12, Duplicate index exists: the UNIQUE constraint users_email_unique
on table users already creates a b-tree index on email, so remove the redundant
CREATE INDEX idx_users_email ON users(email) statement (or replace it with a
DROP INDEX idx_users_email if the index was created earlier) to avoid duplicate
indexes and extra storage/write overhead; update the migration SQL so only the
UNIQUE constraint (users_email_unique) remains for the email column.

[sotoJ24]

Dear @BigJohn-dev, could you make the changes request by coderabbit? everything else, well done

[sotoJ24]

Dear @BigJohn-dev, could you please fix the PR?