Enhance database schema DDL execution control: default to false for non-SQLite drivers

[Thushani-Jayasekera]

#2281

Problem: ExecuteSchemaDDL defaulted to true for all drivers. When a user configured PostgreSQL (or SQL Server) by setting database.host, the API still auto-ran CREATE TABLE IF NOT EXISTS DDL at startup — requiring DDL privileges on the external DB and silently mutating a schema the operator may not want touched.

Fix:

execute_schema_ddl controls whether the server automatically creates or migrates the database schema at startup.

Default behaviour:

• SQLite� defaults to true. The server manages the schema automatically, which is safe since SQLite is a local file with no shared access.
• All other drivers (e.g. PostgreSQL)� defaults to false. The schema must be provisioned externally before the server starts, since running DDL against a shared database at startup requires elevated privileges and can be destructive.

Opt-in for non-SQLite: Set execute_schema_ddl = true only if you want the server to own schema management for your non-SQLite database. Make sure the database user has the necessary DDL privileges.

[coderabbitai]

📝 Walkthrough

Walkthrough

LoadConfig now defaults cfg.Database.ExecuteSchemaDDL to false when the setting is unset and the database driver is not sqlite3. StartPlatformAPIServer now runs schema initialization only when both cfg.Database.ExecuteSchemaDDL and demoMode() are true, and logs an info message when initialization is skipped.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description states the problem and fix, but it omits most required template sections like goals, approach, tests, security checks, and environment.	Fill in the template sections with goals, approach, user stories, documentation, test results, security checks, related PRs, and test environment details.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly matches the main change: restricting schema DDL execution by default for non-SQLite databases.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@platform-api/src/config/config.go`:
- Around line 281-287: The comment in config initialization overstates what
explicit opt-in does; update the wording around the database.execute_schema_ddl
defaulting logic in config.go to reflect that setting the key only preserves the
config value, while actual DDL execution is still gated later by
StartPlatformAPIServer via executeDDL and demoMode(). Keep the existing
key-existence and driver-based default behavior, but make the comment clear that
non-SQLite auto-provisioning remains disabled unless both the config and
demo-mode gate allow it.

In `@platform-api/src/internal/server/server.go`:
- Around line 84-91: The skip-schema log in server startup is misleading because
executeDDL uses an AND between cfg.Database.ExecuteSchemaDDL and demoMode(), so
the message in server.go should state that both APIP_DEMO_MODE=true and
DATABASE_EXECUTE_SCHEMA_DDL=true are required to enable DDL. Update the
slogger.Info text in the schema initialization branch of server startup to
reflect the actual condition, keeping the driver context unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 629de76e-2018-47bc-b834-1974a97a3abd

📥 Commits

Reviewing files that changed from the base of the PR and between d9aeb76 and baa626f.

📒 Files selected for processing (2)

• platform-api/src/config/config.go
• platform-api/src/internal/server/server.go