digital-identity-platform-docs
digital-identity-platform-docs / supabase/functions/nightly-kv-drift-check
supabase/functions/nightly-kv-drift-check
Fileoverview
Nightly KV Drift Check Edge Function
Automated nightly job that detects configuration drift between Supabase (source of truth) and Cloudflare KV (runtime mirror), logs findings to the audit trail, and automatically repairs any mismatches.
Cloudflare Architecture Context
| Attribute | Value |
|---|---|
| Classification | 🔵 BACKEND-ONLY (Cron) |
| Position | Parallel to Cloudflare (validates KV consistency) |
| Receives Public Traffic | No (pg_cron only) |
| Latency Sensitive | No |
| Safe to Retry | Yes (idempotent repair operations) |
| Failure Behavior | Logs errors, continues with other containers |
Schedule: Runs daily at 00:20 UTC via pg_cron
- After billing-usage-check (00:10)
- After enforce-plan-compliance (00:15)
Endpoint
POST /nightly-kv-drift-check - Run drift detection and auto-fix
Auth
x-cron-secret header (same as other cron jobs)
Remarks
- Compares config_version between Supabase and EDGE_CONFIG KV
- Auto-fixes drift by calling sync-edge-config logic
- Logs all actions to admin_actions table