netlify.toml
toml
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd
feat(calendar): enforce agent context tiers in retrieval AP…
Human
minor
⚠ breaking
1 day ago
| 1 | # Bridge Netlify site: set **Package directory** to `deploy/bridge` in the Netlify UI; |
| 2 | # leave **Base directory** empty so it defaults to the repo root. Per Netlify monorepo |
| 3 | # docs, `functions` and `publish` below are relative to the base directory (repo root), |
| 4 | # not to this folder — do not use `../..` here (that escapes the repo and fails deploy). |
| 5 | [build] |
| 6 | command = "npm install && node scripts/netlify-redirects.mjs && cd hub/gateway && npm ci && cd ../bridge && npm ci" |
| 7 | functions = "netlify/functions" |
| 8 | publish = "public" |
| 9 | |
| 10 | [build.environment] |
| 11 | # Netlify’s build tooling can error on Node 22 (e.g. @netlify/build internal TypeError). |
| 12 | # Gateway site uses root netlify.toml with NODE_VERSION=20; bridge must pin the same. |
| 13 | NODE_VERSION = "20" |
| 14 | USE_BRIDGE_FUNCTION = "true" |
| 15 | |
| 16 | # Bridge index/search loads sqlite-vec + better-sqlite3 native code; must not be esbuild-bundled |
| 17 | # (sqlite-vec getLoadablePath uses import.meta.url — bundling yields Invalid URL input '.'). |
| 18 | [functions] |
| 19 | node_bundler = "esbuild" |
| 20 | external_node_modules = [ |
| 21 | "better-sqlite3", |
| 22 | "sqlite-vec", |
| 23 | "sqlite-vec-linux-x64", |
| 24 | "sqlite-vec-linux-arm64", |
| 25 | "sqlite-vec-darwin-x64", |
| 26 | "sqlite-vec-darwin-arm64", |
| 27 | "sqlite-vec-windows-x64" |
| 28 | ] |
| 29 | |
| 30 | # Back up now (/api/v1/vault/sync) can exceed the default ~10s limit (export + N proposal GETs + GitHub API). |
| 31 | # Align with gateway proxy budget (root netlify.toml [functions."gateway"] timeout = 60). |
| 32 | # Raised 26 → 60 (Netlify sync-function platform max per docs.netlify.com/build/functions/overview) |
| 33 | # so POST /api/v1/index has headroom under DeepInfra embedding latency. See |
| 34 | # `hub/bridge/index-timing.mjs` for per-step instrumentation that lets us identify |
| 35 | # which sub-step dominates before choosing parallelize/async as the next step. |
| 36 | # exceljs: see root netlify.toml [functions."bridge"] (large bundle; keep external for the bridge function). |
| 37 | [functions."bridge"] |
| 38 | timeout = 60 |
| 39 | external_node_modules = ["exceljs"] |
| 40 | |
| 41 | # Background function: receives kickoff from the sync `bridge` function when the |
| 42 | # auto-routing preflight in `hub/bridge/server.mjs POST /api/v1/index` decides a |
| 43 | # re-index won't fit in 60 s (large vault, dim migration, first-time index, etc.). |
| 44 | # The `-background` filename suffix is what makes Netlify treat this as a |
| 45 | # background function (15-min platform max, returns 202 to caller within ~50 ms). |
| 46 | # See `netlify/functions/bridge-index-background.mjs` and |
| 47 | # `lib/bridge-index-preflight-estimate.mjs` for the routing math. |
| 48 | # external_node_modules: same as the sync bridge function (sqlite-vec native code, |
| 49 | # exceljs is large) — both functions import the same Express app and need the |
| 50 | # same modules left external. |
| 51 | [functions."bridge-index-background"] |
| 52 | external_node_modules = ["exceljs"] |
| 53 | |
| 54 | # Send all requests to the bridge function with path preserved (/:splat). |
| 55 | # |
| 56 | # Why no explicit passthrough for /.netlify/functions/*: Netlify's redirect |
| 57 | # engine REJECTS user-defined rules whose `from` starts with `/.netlify/...` |
| 58 | # (validated at deploy time with "Invalid /.netlify path in redirect source"). |
| 59 | # This rejection is intentional — per |
| 60 | # https://docs.netlify.com/routing/redirects/redirect-options/#shadowing the |
| 61 | # `/.netlify/...` namespace is automatically excluded from user redirects, |
| 62 | # INCLUDING catch-all rules with `force = true`. Direct calls to |
| 63 | # `/.netlify/functions/<name>` always reach their respective function |
| 64 | # regardless of what this catch-all says. |
| 65 | # |
| 66 | # The May 2026 PR #205 hotfix initially attempted to add an explicit |
| 67 | # passthrough here; it was rejected by Netlify validation and removed. The |
| 68 | # defense-in-depth guard now lives in `lib/bridge-index-kickoff-response.mjs` |
| 69 | # instead — that helper asserts the kickoff fetch actually got HTTP 202 (the |
| 70 | # only valid response from a Netlify background fn) so a future routing |
| 71 | # misconfiguration fails loudly instead of silently returning false success |
| 72 | # to the browser. |
| 73 | [[redirects]] |
| 74 | from = "/*" |
| 75 | to = "/.netlify/functions/bridge/:splat" |
| 76 | status = 200 |
| 77 | force = true |
File History
2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd
feat(calendar): enforce agent context tiers in retrieval AP…
Human
minor
⚠
1 day ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6
docs: accept Calendar Events v0 spec with Phase 0 security …
Human
1 day ago