reactiflux · vcarl · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026
diff --git a/.husky/post-checkout b/.husky/post-checkout
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+# Only run when switching branches (not checking out files)
+# $3 is 1 for branch checkout, 0 for file checkout
+if [ "$3" != "1" ]; then
+  exit 0
+fi
+
+# Check if package-lock.json changed between old and new HEAD
+if git diff --name-only "$1" "$2" | grep -q "^package-lock.json$"; then
+  echo "📦 Dependencies changed. Running npm install..."
+  npm install
+fi
diff --git a/.husky/post-merge b/.husky/post-merge
@@ -1,12 +1,7 @@
 #!/usr/bin/env bash
-# MIT © Sindre Sorhus - sindresorhus.com
-# https://gist.github.com/sindresorhus/7996717
 changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
 
-check_run() {
-	echo "$changed_files" | grep --quiet "$1" && eval "$2"
-}
-
-check_run package-lock.json 'echo "Deps have changed, run \`npm i\`"'
-check_run migrations/.* 'echo "Migrations have changed, run \`npm run start:migrate\`"'
-check_run seeds/.* 'echo "Seeds have changed, run \`npm run kysely:seed\`"'
+if echo "$changed_files" | grep -q "^package-lock.json$"; then
+  echo "📦 Dependencies changed. Running npm install..."
+  npm install
+fi
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -1,2 +1,8 @@
 #!/usr/bin/env sh
+branch="$(git rev-parse --abbrev-ref HEAD)"
+if [ "$branch" = "main" ]; then
+  echo "❌ Direct commits to main are not allowed. Please use a feature branch."
+  exit 1
+fi
+
 npx lint-staged
diff --git a/app/Database.ts b/app/Database.ts
@@ -1,12 +1,15 @@
-import { Context, Layer } from "effect";
+import { Context, Effect, Layer } from "effect";
 
+import { SqlClient } from "@effect/sql";
 import * as Sqlite from "@effect/sql-kysely/Sqlite";
 import { SqliteClient } from "@effect/sql-sqlite-node";
 import { ResultLengthMismatch, SqlError } from "@effect/sql/SqlError";
 
 import type { DB } from "./db";
+import { DatabaseCorruptionError } from "./effects/errors";
 import { databaseUrl } from "./helpers/env.server";
 import { log } from "./helpers/observability";
+import { scheduleTask } from "./helpers/schedule";
 
 // Re-export SQL errors for consumers
 export { SqlError, ResultLengthMismatch };
@@ -35,3 +38,77 @@ const KyselyLive = Layer.effect(DatabaseService, Sqlite.make<DB>()).pipe(
 export const DatabaseLayer = Layer.mergeAll(SqliteLive, KyselyLive);
 
 log("info", "Database", `Database configured at ${databaseUrl}`);
+
+// --- Integrity Check ---
+
+const TWELVE_HOURS = 12 * 60 * 60 * 1000;
+const DISCORD_WEBHOOK_URL =
+  "https://discord.com/api/webhooks/1465386069653590200/0J6l5c7IGHc6NjIrA20ysnGarhv2VHI3SnmgjopV-NV5WAgIGCc_gvI41GaZGVUV9NAH";
+
+const sendWebhookAlert = (message: string) =>
+  Effect.tryPromise({
+    try: () =>
+      fetch(DISCORD_WEBHOOK_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ content: message }),
+      }),
+    catch: (e) => e,
+  }).pipe(
+    Effect.tapError((e) =>
+      Effect.sync(() =>
+        log("error", "IntegrityCheck", "Failed to send webhook alert", {
+          error: String(e),
+        }),
+      ),
+    ),
+    Effect.ignore, // Don't fail the whole check if webhook fails
+  );
+
+/** Run SQLite integrity check using the existing database connection */
+export const runIntegrityCheck = Effect.gen(function* () {
+  log("info", "IntegrityCheck", "Running scheduled integrity check", {});
+
+  const sql = yield* SqlClient.SqlClient;
+  const result = yield* sql.unsafe<{ integrity_check: string }>(
+    "PRAGMA integrity_check",
+  );
+
+  if (result[0]?.integrity_check === "ok") {
+    log("info", "IntegrityCheck", "Database integrity check passed", {});
+    return "ok" as const;
+  }
+
+  const errors = result.map((r) => r.integrity_check).join("\n");
+  log("error", "IntegrityCheck", "Database corruption detected!", { errors });
+
+  yield* sendWebhookAlert(
+    `🚨 **Database Corruption Detected**\n\`\`\`\n${errors.slice(0, 1800)}\n\`\`\``,
+  );
+
+  return yield* new DatabaseCorruptionError({ errors });
+}).pipe(
+  Effect.catchTag("SqlError", (e) =>
+    Effect.gen(function* () {
+      log("error", "IntegrityCheck", "Integrity check failed to run", {
+        error: e.message,
+      });
+      yield* sendWebhookAlert(
+        `🚨 **Database Integrity Check Failed**\n\`\`\`\n${e.message}\n\`\`\``,
+      );
+      return yield* e;
+    }),
+  ),
+  Effect.withSpan("runIntegrityCheck"),
+);
+
+/** Start the twice-daily integrity check scheduler */
+export function startIntegrityCheck() {
+  return scheduleTask("IntegrityCheck", TWELVE_HOURS, () => {
+    Effect.runPromise(
+      runIntegrityCheck.pipe(Effect.provide(DatabaseLayer)),
+    ).catch(() => {
+      // Errors already logged and webhook sent
+    });
+  });
+}
diff --git a/app/commands/escalate/directActions.ts b/app/commands/escalate/directActions.ts
@@ -4,11 +4,12 @@ import {
 } from "discord.js";
 import { Effect } from "effect";
 
+import { fetchMember } from "#~/effects/discordSdk";
 import { DiscordApiError, NotAuthorizedError } from "#~/effects/errors";
 import { logEffect } from "#~/effects/observability";
 import { hasModRole } from "#~/helpers/discord";
 import { applyRestriction, ban, kick, timeout } from "#~/models/discord.server";
-import { fetchSettings, SETTINGS } from "#~/models/guilds.server";
+import { fetchSettingsEffect, SETTINGS } from "#~/models/guilds.server";
 import { deleteAllReportedForUserEffect } from "#~/models/reportedMessages";
 
 export interface DeleteMessagesResult {
@@ -29,11 +30,7 @@ export const deleteMessagesEffect = (
     const guildId = interaction.guildId!;
 
     // Check permissions
-    const member = yield* Effect.tryPromise({
-      try: () => interaction.guild!.members.fetch(interaction.user.id),
-      catch: (error) =>
-        new DiscordApiError({ operation: "fetchMember", discordError: error }),
-    });
+    const member = yield* fetchMember(interaction.guild!, interaction.user.id);
 
     if (!member.permissions.has(PermissionsBitField.Flags.ManageMessages)) {
       return yield* Effect.fail(
@@ -85,14 +82,9 @@ export const kickUserEffect = (interaction: MessageComponentInteraction) =>
     const guildId = interaction.guildId!;
 
     // Get settings and check permissions
-    const { moderator: modRoleId } = yield* Effect.tryPromise({
-      try: () => fetchSettings(guildId, [SETTINGS.moderator]),
-      catch: (error) =>
-        new DiscordApiError({
-          operation: "fetchSettings",
-          discordError: error,
-        }),
-    });
+    const { moderator: modRoleId } = yield* fetchSettingsEffect(guildId, [
+      SETTINGS.moderator,
+    ]);
 
     if (!hasModRole(interaction, modRoleId)) {
       return yield* Effect.fail(
@@ -105,20 +97,16 @@ export const kickUserEffect = (interaction: MessageComponentInteraction) =>
     }
 
     // Fetch the reported member
-    const reportedMember = yield* Effect.tryPromise({
-      try: () => interaction.guild!.members.fetch(reportedUserId),
-      catch: (error) =>
-        new DiscordApiError({
-          operation: "fetchReportedMember",
-          discordError: error,
-        }),
-    });
+    const reportedMember = yield* fetchMember(
+      interaction.guild!,
+      reportedUserId,
+    );
 
     // Execute kick
     yield* Effect.tryPromise({
       try: () => kick(reportedMember, "single moderator decision"),
       catch: (error) =>
-        new DiscordApiError({ operation: "kick", discordError: error }),
+        new DiscordApiError({ operation: "kick", cause: error }),
     });
 
     yield* logEffect("info", "DirectActions", "Kicked user", {
@@ -147,14 +135,9 @@ export const banUserEffect = (interaction: MessageComponentInteraction) =>
     const guildId = interaction.guildId!;
 
     // Get settings and check permissions
-    const { moderator: modRoleId } = yield* Effect.tryPromise({
-      try: () => fetchSettings(guildId, [SETTINGS.moderator]),
-      catch: (error) =>
-        new DiscordApiError({
-          operation: "fetchSettings",
-          discordError: error,
-        }),
-    });
+    const { moderator: modRoleId } = yield* fetchSettingsEffect(guildId, [
+      SETTINGS.moderator,
+    ]);
 
     if (!hasModRole(interaction, modRoleId)) {
       return yield* Effect.fail(
@@ -167,20 +150,15 @@ export const banUserEffect = (interaction: MessageComponentInteraction) =>
     }
 
     // Fetch the reported member
-    const reportedMember = yield* Effect.tryPromise({
-      try: () => interaction.guild!.members.fetch(reportedUserId),
-      catch: (error) =>
-        new DiscordApiError({
-          operation: "fetchReportedMember",
-          discordError: error,
-        }),
-    });
+    const reportedMember = yield* fetchMember(
+      interaction.guild!,
+      reportedUserId,
+    );
 
     // Execute ban
     yield* Effect.tryPromise({
       try: () => ban(reportedMember, "single moderator decision"),
-      catch: (error) =>
-        new DiscordApiError({ operation: "ban", discordError: error }),
+      catch: (error) => new DiscordApiError({ operation: "ban", cause: error }),
     });
 
     yield* logEffect("info", "DirectActions", "Banned user", {
@@ -209,14 +187,9 @@ export const restrictUserEffect = (interaction: MessageComponentInteraction) =>
     const guildId = interaction.guildId!;
 
     // Get settings and check permissions
-    const { moderator: modRoleId } = yield* Effect.tryPromise({
-      try: () => fetchSettings(guildId, [SETTINGS.moderator]),
-      catch: (error) =>
-        new DiscordApiError({
-          operation: "fetchSettings",
-          discordError: error,
-        }),
-    });
+    const { moderator: modRoleId } = yield* fetchSettingsEffect(guildId, [
+      SETTINGS.moderator,
+    ]);
 
     if (!hasModRole(interaction, modRoleId)) {
       return yield* Effect.fail(
@@ -229,22 +202,18 @@ export const restrictUserEffect = (interaction: MessageComponentInteraction) =>
     }
 
     // Fetch the reported member
-    const reportedMember = yield* Effect.tryPromise({
-      try: () => interaction.guild!.members.fetch(reportedUserId),
-      catch: (error) =>
-        new DiscordApiError({
-          operation: "fetchReportedMember",
-          discordError: error,
-        }),
-    });
+    const reportedMember = yield* fetchMember(
+      interaction.guild!,
+      reportedUserId,
+    );
 
     // Execute restriction
     yield* Effect.tryPromise({
       try: () => applyRestriction(reportedMember),
       catch: (error) =>
         new DiscordApiError({
           operation: "applyRestriction",
-          discordError: error,
+          cause: error,
         }),
     });
 
@@ -274,14 +243,9 @@ export const timeoutUserEffect = (interaction: MessageComponentInteraction) =>
     const guildId = interaction.guildId!;
 
     // Get settings and check permissions
-    const { moderator: modRoleId } = yield* Effect.tryPromise({
-      try: () => fetchSettings(guildId, [SETTINGS.moderator]),
-      catch: (error) =>
-        new DiscordApiError({
-          operation: "fetchSettings",
-          discordError: error,
-        }),
-    });
+    const { moderator: modRoleId } = yield* fetchSettingsEffect(guildId, [
+      SETTINGS.moderator,
+    ]);
 
     if (!hasModRole(interaction, modRoleId)) {
       return yield* Effect.fail(
@@ -294,20 +258,16 @@ export const timeoutUserEffect = (interaction: MessageComponentInteraction) =>
     }
 
     // Fetch the reported member
-    const reportedMember = yield* Effect.tryPromise({
-      try: () => interaction.guild!.members.fetch(reportedUserId),
-      catch: (error) =>
-        new DiscordApiError({
-          operation: "fetchReportedMember",
-          discordError: error,
-        }),
-    });
+    const reportedMember = yield* fetchMember(
+      interaction.guild!,
+      reportedUserId,
+    );
 
     // Execute timeout
     yield* Effect.tryPromise({
       try: () => timeout(reportedMember, "single moderator decision"),
       catch: (error) =>
-        new DiscordApiError({ operation: "timeout", discordError: error }),
+        new DiscordApiError({ operation: "timeout", cause: error }),
     });
 
     yield* logEffect("info", "DirectActions", "Timed out user", {