[AZ-513] [AZ-196] [AZ-183] Add /classes CRUD, /devices, fleet OTA

AZ-513: POST/PATCH/DELETE /classes for detection-class CRUD; new DetectionClass entity, schema, DTOs, IDetectionClassService. Unblocks ui/AZ-512. AZ-196: POST /devices auto-assigns sequential azj-NNNN serial+email +password and inserts a CompanionPC user. Returns plaintext credentials for the provisioning script. AZ-183: Resources table + POST /get-update + POST /resources/publish for fleet OTA. Per-resource encryption_key column AES-256-CBC encrypted at rest with ResourcesConfig.EncryptionMasterKey; ICache wraps the per-(arch,stage) latest-versions lookup and is invalidated on publish. Adds IDbFactory.RunAdmin<T> overload for write-and-return. Backfills _docs/02_document/module-layout.md to satisfy the implement skill's File Ownership prerequisite (the _docs/ artifact set predates the Step 1.5 module-layout addition). Code review: PASS_WITH_WARNINGS — see _docs/03_implementation/reviews/batch_05_review.md. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-21 13:41:10 +00:00 · 2026-05-13 04:34:42 +03:00
parent f13c57b314
commit 5ca9ccab2c
29 changed files with 1319 additions and 21 deletions
@@ -0,0 +1,18 @@
+-- Detection classes table — write path owned by admin/, read path served by annotations/.
+-- Both services point at the same Postgres database, so this DDL is idempotent and safe to
+-- (re-)run from either side. AZ-513.
+
+create table if not exists detection_classes
+(
+    id          serial           primary key,
+    name        varchar(120)     not null,
+    short_name  varchar(20)      not null,
+    color       varchar(20)      not null,
+    max_size_m  double precision not null,
+    photo_mode  varchar(20)      null,
+    created_at  timestamp        not null default now()
+);
+
+grant select, insert, update, delete on public.detection_classes to azaion_admin;
+grant usage, select on sequence public.detection_classes_id_seq  to azaion_admin;
+grant select                                  on public.detection_classes  to azaion_reader;
@@ -0,0 +1,24 @@
+-- Resources table — stores per-artifact metadata for fleet OTA updates. Populated by CI/CD
+-- via POST /resources/publish; queried by devices via POST /get-update. AZ-183.
+
+create table if not exists resources
+(
+    id              uuid          primary key,
+    resource_name   varchar(120)  not null,
+    dev_stage       varchar(40)   not null,
+    architecture    varchar(40)   not null,
+    version         varchar(40)   not null,
+    cdn_url         varchar(500)  not null,
+    sha256          varchar(128)  not null,
+    encryption_key  text          not null, -- AES-encrypted at rest with ResourcesConfig.EncryptionMasterKey
+    size_bytes      bigint        not null,
+    created_at      timestamp     not null default now()
+);
+
+-- Latest-version-per-resource lookups filter by (architecture, dev_stage); index supports
+-- both the in-memory cache miss path and the per-(arch,stage) GROUP BY.
+create index if not exists resources_arch_stage_idx
+    on public.resources (architecture, dev_stage, resource_name, version);
+
+grant select, insert, update, delete on public.resources to azaion_admin;
+grant select                              on public.resources to azaion_reader;