barrettruth/delta
1
0
Fork 0
Code Issues 6 Pull requests 1 Releases 3 Packages Activity Actions

refactor: add sync-source state and read-only import guard #444

New issue
Closed
opened 2026-05-13 18:42:17 +00:00 by barrettruth · 0 comments
barrettruth commented 2026-05-13 18:42:17 +00:00
Owner
Copy link

Parent: #123
Related: #290, #291, #442

Problem

Google Tasks and Google Calendar should share one multi-sync model instead of growing separate metadata blobs and one-off read-only checks.

The product direction is now: Google-imported rows are normal Delta task rows, but they are read-only to the user. Only the provider sync engine may mutate fields imported from Google. This needs to be enforced below the frontend so API routes, server actions, keyboard shortcuts, drag/resize, recurrence edits, and CLI paths cannot mutate imported rows by accident.

Decisions

  • Use a durable per-source sync-state table rather than only integration_configs.metadata.
  • Keep account-level Google profile/token metadata in the existing Google integration config.
  • Model provider collections as sync sources, so Google Task lists, Google calendars, and future CalDAV/Apple-style calendars can share the same shape.
  • Read-only protection must be provider-agnostic and driven by source/external-link state.
  • Sync engines may update imported fields and external-link/source metadata; normal user mutation paths must be blocked.
  • Attempted edits should produce a warning/yellow operator-visible message through UI surfaces, but the core guard is authoritative.

Suggested storage shape

Exact names can change during implementation, but the durable source row should represent:

  • user id
  • provider id, e.g. google
  • source kind, e.g. google_tasks_list, google_calendar
  • source id from the provider
  • display title
  • enabled flag
  • default category/category mapping
  • sync cursor/token
  • last sync timestamp
  • last result summary
  • last error
  • provider source metadata JSON, such as access role, hidden/selected flags, colors, time zone, watch-channel fields later

Acceptance criteria

  • A migration and schema helpers add the per-source sync-state storage.
  • Existing Google account OAuth/token storage remains in integration_configs.
  • A provider-agnostic helper can identify read-only imported tasks from external-link/source state.
  • Core task mutation paths can reject user mutations to read-only imported tasks.
  • Sync-engine code has an explicit path to update imported rows without going through user mutation checks.
  • External-link metadata updates remain allowed for sync bookkeeping.
  • Tests cover user mutation blocked, sync mutation allowed, and source state CRUD.

Non-goals

  • Do not add Google Calendar pull here.
  • Do not finalize every source-indicator icon or dense UI treatment here.
  • Do not add scheduled/background sync here.
Parent: #123 Related: #290, #291, #442 ## Problem Google Tasks and Google Calendar should share one multi-sync model instead of growing separate metadata blobs and one-off read-only checks. The product direction is now: Google-imported rows are normal Delta task rows, but they are read-only to the user. Only the provider sync engine may mutate fields imported from Google. This needs to be enforced below the frontend so API routes, server actions, keyboard shortcuts, drag/resize, recurrence edits, and CLI paths cannot mutate imported rows by accident. ## Decisions - Use a durable per-source sync-state table rather than only `integration_configs.metadata`. - Keep account-level Google profile/token metadata in the existing Google integration config. - Model provider collections as sync sources, so Google Task lists, Google calendars, and future CalDAV/Apple-style calendars can share the same shape. - Read-only protection must be provider-agnostic and driven by source/external-link state. - Sync engines may update imported fields and external-link/source metadata; normal user mutation paths must be blocked. - Attempted edits should produce a warning/yellow operator-visible message through UI surfaces, but the core guard is authoritative. ## Suggested storage shape Exact names can change during implementation, but the durable source row should represent: - user id - provider id, e.g. `google` - source kind, e.g. `google_tasks_list`, `google_calendar` - source id from the provider - display title - enabled flag - default category/category mapping - sync cursor/token - last sync timestamp - last result summary - last error - provider source metadata JSON, such as access role, hidden/selected flags, colors, time zone, watch-channel fields later ## Acceptance criteria - A migration and schema helpers add the per-source sync-state storage. - Existing Google account OAuth/token storage remains in `integration_configs`. - A provider-agnostic helper can identify read-only imported tasks from external-link/source state. - Core task mutation paths can reject user mutations to read-only imported tasks. - Sync-engine code has an explicit path to update imported rows without going through user mutation checks. - External-link metadata updates remain allowed for sync bookkeeping. - Tests cover user mutation blocked, sync mutation allowed, and source state CRUD. ## Non-goals - Do not add Google Calendar pull here. - Do not finalize every source-indicator icon or dense UI treatment here. - Do not add scheduled/background sync here.
barrettruth added this to the v0.1.0 milestone 2026-05-13 18:42:17 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/software-sync
ship/delta-codex-skill
fix/cli-filter-args
fix-calendar-g-leader-shortcuts
harden-keyboard-capture
fix-queue-gc-hard-refresh
fix/task-panel-scroll-restoration
fix/calendar-quick-add-preview-stability
fix/467-local-first-shortcuts
docs/nixos-self-hosting-first-pass
calendar-elapsed-events
calendar-active-day-blue
calendar-outline-no-fill
calendar-neutral-day-state
fix-calendar-drag-visual-position
issue-364-task-api-route-adapters
issue-362-manpage-drift
issue-315-geocoding-config
release/cli-0.0.5
release/cli-0.0.4
fix/task-panel-save-atomicity
settings-modal
feat/add-task-external-links
feat/reminder-transport-settings
feat/reminder-foundation
build/oidc-release-pipeline
fix/settings-cleanup
fix/remove-oauth-config-ui
cli-v0.0.6
cli-v0.0.5
cli-v0.0.4
nightly-20260426
cli-v0.0.2
Labels
Clear labels   
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
status:blocked
Blocked on a decision, credential, or external dependency

  
track:api
API layer track

  
track:auto
Automation track

  
track:core
Core engine track

  
track:deploy
Deployment track

  
track:infra
Infrastructure track

  
track:ui
Web UI track

  
type:cleanup
Small cleanup, polish, or consolidation work

  
type:docs
Documentation and operator guidance

  
type:epic
Umbrella issue that coordinates related work

  
type:release
Release, packaging, and versioning work

  
type:research
Decision or investigation work before implementation

  
wontfix
This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
status:blocked
track:api
track:auto
track:core
track:deploy
track:infra
track:ui
type:cleanup
type:docs
type:epic
type:release
type:research
wontfix
Milestone
Clear milestone
No items
No milestone
v0.1.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
barrettruth/delta#444
No description provided.