Fix org-owned repositories in search

Status	File	+	-
M	`docs/internal/search.md`	5	0
A	`internal/migrationsfs/migrations/0041_search_repo_owner_terms.sql`	146	0
M	`internal/search/code.go`	4	8
M	`internal/search/issues.go`	4	9
A	`internal/search/repo_owner_sql.go`	28	0
M	`internal/search/repos.go`	4	9
M	`internal/search/search_test.go`	117	2

docs/internal/search.mdmodified

    trigram index on the raw content for camelCase / snake_case
    substring matches the FTS tokenizer mangles. `repos.last_indexed_oid`
    added so the reconciler can detect drift.
++* **0041 — repo owner terms**: repo search documents include the
++  owning user/org handle plus display name, and result queries
++  resolve owners through either `users` or `orgs`. This keeps public
++  org repositories searchable by both `owner/repo` and owner-only
++  text queries.
  ## Visibility predicate

internal/migrationsfs/migrations/0041_search_repo_owner_terms.sqladded

++-- SPDX-License-Identifier: AGPL-3.0-or-later
++--
++-- Include the owning user/org handle in repo search documents and
++-- keep those documents fresh when owner display fields change.
++
++-- +goose Up
++
++-- +goose StatementBegin
++CREATE OR REPLACE FUNCTION repos_search_tsv(
++    repo_name citext,
++    repo_description text,
++    repo_owner_user_id bigint,
++    repo_owner_org_id bigint
++) RETURNS tsvector
++    LANGUAGE plpgsql AS $$
++DECLARE
++    owner_login text := '';
++    owner_display text := '';
++BEGIN
++    IF repo_owner_user_id IS NOT NULL THEN
++        SELECT username::text, display_name
++          INTO owner_login, owner_display
++          FROM users
++         WHERE id = repo_owner_user_id;
++    ELSIF repo_owner_org_id IS NOT NULL THEN
++        SELECT slug::text, display_name
++          INTO owner_login, owner_display
++          FROM orgs
++         WHERE id = repo_owner_org_id;
++    END IF;
++
++    RETURN
++        setweight(to_tsvector('shithub_search', coalesce(repo_name::text, '')), 'A') ||
++        setweight(to_tsvector('shithub_search', coalesce(owner_login, '')), 'A') ||
++        setweight(to_tsvector('shithub_search', coalesce(repo_description, '')), 'B') ||
++        setweight(to_tsvector('shithub_search', coalesce(owner_display, '')), 'C');
++END;
++$$;
++-- +goose StatementEnd
++
++-- +goose StatementBegin
++CREATE OR REPLACE FUNCTION tg_repos_search_upsert() RETURNS trigger
++    LANGUAGE plpgsql AS $$
++BEGIN
++    INSERT INTO repos_search (repo_id, tsv) VALUES (
++        NEW.id,
++        repos_search_tsv(NEW.name, NEW.description, NEW.owner_user_id, NEW.owner_org_id)
++    )
++    ON CONFLICT (repo_id) DO UPDATE
++        SET tsv = EXCLUDED.tsv;
++    RETURN NEW;
++END;
++$$;
++-- +goose StatementEnd
++
++DROP TRIGGER IF EXISTS repos_search_upsert ON repos;
++CREATE TRIGGER repos_search_upsert
++    AFTER INSERT OR UPDATE OF name, description, owner_user_id, owner_org_id ON repos
++    FOR EACH ROW EXECUTE FUNCTION tg_repos_search_upsert();
++
++-- +goose StatementBegin
++CREATE OR REPLACE FUNCTION tg_repos_search_user_owner_update() RETURNS trigger
++    LANGUAGE plpgsql AS $$
++BEGIN
++    INSERT INTO repos_search (repo_id, tsv)
++    SELECT r.id, repos_search_tsv(r.name, r.description, r.owner_user_id, r.owner_org_id)
++      FROM repos r
++     WHERE r.owner_user_id = NEW.id
++    ON CONFLICT (repo_id) DO UPDATE
++        SET tsv = EXCLUDED.tsv;
++    RETURN NEW;
++END;
++$$;
++-- +goose StatementEnd
++
++CREATE TRIGGER repos_search_user_owner_update
++    AFTER UPDATE OF username, display_name ON users
++    FOR EACH ROW
++    WHEN (OLD.username IS DISTINCT FROM NEW.username OR OLD.display_name IS DISTINCT FROM NEW.display_name)
++    EXECUTE FUNCTION tg_repos_search_user_owner_update();
++
++-- +goose StatementBegin
++CREATE OR REPLACE FUNCTION tg_repos_search_org_owner_update() RETURNS trigger
++    LANGUAGE plpgsql AS $$
++BEGIN
++    INSERT INTO repos_search (repo_id, tsv)
++    SELECT r.id, repos_search_tsv(r.name, r.description, r.owner_user_id, r.owner_org_id)
++      FROM repos r
++     WHERE r.owner_org_id = NEW.id
++    ON CONFLICT (repo_id) DO UPDATE
++        SET tsv = EXCLUDED.tsv;
++    RETURN NEW;
++END;
++$$;
++-- +goose StatementEnd
++
++CREATE TRIGGER repos_search_org_owner_update
++    AFTER UPDATE OF slug, display_name ON orgs
++    FOR EACH ROW
++    WHEN (OLD.slug IS DISTINCT FROM NEW.slug OR OLD.display_name IS DISTINCT FROM NEW.display_name)
++    EXECUTE FUNCTION tg_repos_search_org_owner_update();
++
++INSERT INTO repos_search (repo_id, tsv)
++SELECT r.id, repos_search_tsv(r.name, r.description, r.owner_user_id, r.owner_org_id)
++  FROM repos r
++ON CONFLICT (repo_id) DO UPDATE
++    SET tsv = EXCLUDED.tsv;
++
++-- +goose Down
++
++DROP TRIGGER IF EXISTS repos_search_org_owner_update ON orgs;
++DROP FUNCTION IF EXISTS tg_repos_search_org_owner_update();
++DROP TRIGGER IF EXISTS repos_search_user_owner_update ON users;
++DROP FUNCTION IF EXISTS tg_repos_search_user_owner_update();
++
++DROP TRIGGER IF EXISTS repos_search_upsert ON repos;
++DROP FUNCTION IF EXISTS tg_repos_search_upsert();
++DROP FUNCTION IF EXISTS repos_search_tsv(citext, text, bigint, bigint);
++
++-- +goose StatementBegin
++CREATE OR REPLACE FUNCTION tg_repos_search_upsert() RETURNS trigger
++    LANGUAGE plpgsql AS $$
++BEGIN
++    INSERT INTO repos_search (repo_id, tsv) VALUES (
++        NEW.id,
++        setweight(to_tsvector('shithub_search', coalesce(NEW.name::text, '')), 'A') ||
++        setweight(to_tsvector('shithub_search', coalesce(NEW.description, '')), 'B')
++    )
++    ON CONFLICT (repo_id) DO UPDATE
++        SET tsv = EXCLUDED.tsv;
++    RETURN NEW;
++END;
++$$;
++-- +goose StatementEnd
++
++CREATE TRIGGER repos_search_upsert
++    AFTER INSERT OR UPDATE OF name, description ON repos
++    FOR EACH ROW EXECUTE FUNCTION tg_repos_search_upsert();
++
++INSERT INTO repos_search (repo_id, tsv)
++SELECT id,
++       setweight(to_tsvector('shithub_search', coalesce(name::text, '')), 'A') ||
++       setweight(to_tsvector('shithub_search', coalesce(description, '')), 'B')
++  FROM repos
++ON CONFLICT (repo_id) DO UPDATE
++    SET tsv = EXCLUDED.tsv;

internal/search/code.gomodified

  		ownerPos := len(args) + 1
  		namePos := len(args) + 2
  		args = append(args, q.RepoFilter.Owner, q.RepoFilter.Name)
--		repoFilter = fmt.Sprintf(
++		repoFilter = repoFilterByOwnerName("r", ownerPos, namePos)
--			" AND r.id = (SELECT r2.id FROM repos r2 JOIN users u2 ON u2.id = r2.owner_user_id "+
--				"WHERE u2.username = $%d AND r2.name = $%d AND r2.deleted_at IS NULL)",
--			ownerPos, namePos,
--		)
+ 	}
  	limPos := len(args) + 1
  		    UNION ALL
  		    SELECT * FROM content_hits
+ 		)
--		SELECT h.repo_id, u.username, r.name, h.ref_name, h.path, h.preview, h.rank
++		SELECT h.repo_id, %[6]s, r.name, h.ref_name, h.path, h.preview, h.rank
  		FROM all_hits h
  		JOIN repos r ON r.id = h.repo_id
--		JOIN users u ON u.id = r.owner_user_id
++		%[7]s
  		ORDER BY h.rank DESC, h.path
  		LIMIT $%[4]d OFFSET $%[5]d
--	`, tsCtor, visClause, repoFilter, limPos, offPos)
++	`, tsCtor, visClause, repoFilter, limPos, offPos, repoOwnerNameExpr("u", "o"), repoOwnerJoin("r", "u", "o"))
  	rows, err := deps.Pool.Query(ctx, queryStr, args...)
  	if err != nil {

internal/search/issues.gomodified

  		ownerPos := len(args) + 1
  		namePos := len(args) + 2
  		args = append(args, q.RepoFilter.Owner, q.RepoFilter.Name)
--		whereExtras += fmt.Sprintf(
++		whereExtras += repoFilterByOwnerName("r", ownerPos, namePos)
--			" AND r.id = (SELECT r2.id FROM repos r2 JOIN users u2 ON u2.id = r2.owner_user_id "+
--				"WHERE u2.username = $%d AND r2.name = $%d AND r2.deleted_at IS NULL)",
--			ownerPos, namePos,
--		)
  	}
  	if q.StateFilter != "" {
  		statePos := len(args) + 1
  	args = append(args, limit, offset)
  	queryStr := fmt.Sprintf(`
--		SELECT i.id, r.id, u.username, r.name, i.number, i.title,
++		SELECT i.id, r.id, %[7]s, r.name, i.number, i.title,
  		       i.state::text, i.kind::text,
  		       coalesce(au.username, '') AS author_name,
  		       i.updated_at,
  		FROM issues_search s
  		JOIN issues i  ON i.id = s.issue_id
  		JOIN repos r   ON r.id = s.repo_id
--		JOIN users u   ON u.id = r.owner_user_id
++		%[8]s
  		LEFT JOIN users au ON au.id = s.author_user_id
  		WHERE %[2]s
  		  AND %[3]s
  		  %[4]s
  		ORDER BY rank DESC, i.updated_at DESC
  		LIMIT $%[5]d OFFSET $%[6]d
--	`, rankExpr, whereFTS, visClause, whereExtras, limPos, offPos)
++	`, rankExpr, whereFTS, visClause, whereExtras, limPos, offPos, repoOwnerNameExpr("u", "o"), repoOwnerJoin("r", "u", "o"))
  	rows, err := deps.Pool.Query(ctx, queryStr, args...)
  	if err != nil {
  		FROM issues_search s
  		JOIN issues i  ON i.id = s.issue_id
  		JOIN repos r   ON r.id = s.repo_id
--		JOIN users u   ON u.id = r.owner_user_id
  		WHERE %[1]s AND %[2]s %[3]s
  	`, whereFTS, visClause, whereExtras)
  	var total int64

internal/search/repo_owner_sql.goadded

++// SPDX-License-Identifier: AGPL-3.0-or-later
++
++package search
++
++import "fmt"
++
++func repoOwnerJoin(repoAlias, userAlias, orgAlias string) string {
++	return fmt.Sprintf(
++		"LEFT JOIN users %s ON %s.id = %s.owner_user_id LEFT JOIN orgs %s ON %s.id = %s.owner_org_id",
++		userAlias, userAlias, repoAlias, orgAlias, orgAlias, repoAlias,
++	)
++}
++
++func repoOwnerNameExpr(userAlias, orgAlias string) string {
++	return fmt.Sprintf("coalesce(%s.username, %s.slug)", userAlias, orgAlias)
++}
++
++func repoFilterByOwnerName(repoAlias string, ownerPos, namePos int) string {
++	return fmt.Sprintf(
++		" AND %s.id = (SELECT r2.id FROM repos r2 %s "+
++			"WHERE %s = $%d AND r2.name = $%d AND r2.deleted_at IS NULL)",
++		repoAlias,
++		repoOwnerJoin("r2", "u2", "o2"),
++		repoOwnerNameExpr("u2", "o2"),
++		ownerPos,
++		namePos,
++	)
++}

internal/search/repos.gomodified

  		ownerPos := len(args) + 1
  		namePos := len(args) + 2
  		args = append(args, q.RepoFilter.Owner, q.RepoFilter.Name)
--		repoFilter = fmt.Sprintf(
++		repoFilter = repoFilterByOwnerName("r", ownerPos, namePos)
--			" AND r.id = (SELECT r2.id FROM repos r2 JOIN users u2 ON u2.id = r2.owner_user_id "+
--				"WHERE u2.username = $%d AND r2.name = $%d AND r2.deleted_at IS NULL)",
--			ownerPos, namePos,
--		)
  	}
  	whereFTS := "TRUE"
  	args = append(args, limit, offset)
  	queryStr := fmt.Sprintf(`
--		SELECT r.id, u.username, r.name, r.description, r.visibility::text,
++		SELECT r.id, %[7]s, r.name, r.description, r.visibility::text,
  		       r.star_count, r.updated_at,
  		       %[1]s
  		           * (1.0 + ln(1.0 + r.star_count))
  		       AS rank
  		FROM repos_search rs
  		JOIN repos r  ON r.id = rs.repo_id
--		JOIN users u  ON u.id = r.owner_user_id
++		%[8]s
  		WHERE %[2]s
  		  AND %[3]s
  		  %[4]s
  		ORDER BY rank DESC, r.updated_at DESC
  		LIMIT $%[5]d OFFSET $%[6]d
--	`, rankExpr, whereFTS, visClause, repoFilter, limPos, offPos)
++	`, rankExpr, whereFTS, visClause, repoFilter, limPos, offPos, repoOwnerNameExpr("u", "o"), repoOwnerJoin("r", "u", "o"))
  	rows, err := deps.Pool.Query(ctx, queryStr, args...)
  	if err != nil {
  		SELECT count(*)
  		FROM repos_search rs
  		JOIN repos r  ON r.id = rs.repo_id
--		JOIN users u  ON u.id = r.owner_user_id
  		WHERE %[1]s AND %[2]s %[3]s
  	`, whereFTS, visClause, repoFilter)
  	var total int64

internal/search/search_test.gomodified

  	policydb "github.com/tenseleyFlow/shithub/internal/auth/policy/sqlc"
  	"github.com/tenseleyFlow/shithub/internal/issues"
  	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"
++	"github.com/tenseleyFlow/shithub/internal/orgs"
  	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"
  	"github.com/tenseleyFlow/shithub/internal/search"
  	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"
  	bob     usersdb.User
  	pubRepo reposdb.Repo
  	prvRepo reposdb.Repo
++	orgRepo reposdb.Repo
+ }
  func setup(t *testing.T) fxs {
  		t.Fatalf("CreateUser bob: %v", err)
+ 	}
++	org, err := orgs.Create(ctx,
++		orgs.Deps{Pool: pool, Logger: slog.New(slog.NewTextHandler(io.Discard, nil))},
++		orgs.CreateParams{
++			Slug:            "tenseleyflow",
++			DisplayName:     "tenseleyFlow",
++			Description:     "workflow things",
++			BillingEmail:    "org@example.test",
++			CreatedByUserID: alice.ID,
++		},
++	)
++	if err != nil {
++		t.Fatalf("CreateOrg tenseleyflow: %v", err)
++	}
++
  	rq := reposdb.New()
  	pubRepo, err := rq.CreateRepo(ctx, pool, reposdb.CreateRepoParams{
  		OwnerUserID:   pgtype.Int8{Int64: alice.ID, Valid: true},
  	if err != nil {
  		t.Fatalf("CreateRepo private: %v", err)
+ 	}
++	orgRepo, err := rq.CreateRepo(ctx, pool, reposdb.CreateRepoParams{
++		OwnerOrgID:    pgtype.Int8{Int64: org.ID, Valid: true},
++		Name:          "shithub",
++		Description:   "A 1:1 reverse-engineering of GitHub. AGPLv3. Without Copilot.",
++		DefaultBranch: "trunk",
++		Visibility:    reposdb.RepoVisibilityPublic,
++	})
++	if err != nil {
++		t.Fatalf("CreateRepo org public: %v", err)
++	}
  	iq := issuesdb.New()
--	for _, r := range []reposdb.Repo{pubRepo, prvRepo} {
++	for _, r := range []reposdb.Repo{pubRepo, prvRepo, orgRepo} {
  		if err := iq.EnsureRepoIssueCounter(ctx, pool, r.ID); err != nil {
  			t.Fatalf("EnsureRepoIssueCounter: %v", err)
+ 		}
  	}); err != nil {
  		t.Fatalf("Create issue prv: %v", err)
+ 	}
++	if _, err := issues.Create(ctx, idep, issues.CreateParams{
++		RepoID: orgRepo.ID, AuthorUserID: alice.ID,
++		Title: "org public bug report", Body: "shithub project issue",
++	}); err != nil {
++		t.Fatalf("Create issue org: %v", err)
++	}
++	if _, err := pool.Exec(ctx, `
++		INSERT INTO code_search_paths (repo_id, ref_name, path, tsv)
++		VALUES ($1, 'trunk', 'README.md', to_tsvector('shithub_search', 'README shithub'))
++	`, orgRepo.ID); err != nil {
++		t.Fatalf("seed org code path: %v", err)
++	}
  	return fxs{
  		deps: search.Deps{
  			Pool:   pool,
  			Logger: slog.New(slog.NewTextHandler(io.Discard, nil)),
  		},
--		alice: alice, bob: bob, pubRepo: pubRepo, prvRepo: prvRepo,
++		alice: alice, bob: bob, pubRepo: pubRepo, prvRepo: prvRepo, orgRepo: orgRepo,
+ 	}
+ }
+ 	}
+ }
++func TestSearchRepos_AnonymousFindsPublicOrgRepoByName(t *testing.T) {
++	f := setup(t)
++	got, total, err := search.SearchRepos(context.Background(), f.deps,
++		policy.AnonymousActor(),
++		search.ParseQuery("shithub"),
++		20, 0)
++	if err != nil {
++		t.Fatalf("SearchRepos: %v", err)
++	}
++	if total == 0 {
++		t.Fatalf("SearchRepos total = 0, want org-owned shithub")
++	}
++	found := false
++	for _, r := range got {
++		if r.ID == f.orgRepo.ID && r.OwnerUsername == "tenseleyflow" && r.Name == "shithub" {
++			found = true
++		}
++	}
++	if !found {
++		t.Fatalf("org-owned tenseleyflow/shithub missing from %d repo results", len(got))
++	}
++}
++
++func TestSearchRepos_AnonymousFindsPublicOrgRepoByOwner(t *testing.T) {
++	f := setup(t)
++	got, _, err := search.SearchRepos(context.Background(), f.deps,
++		policy.AnonymousActor(),
++		search.ParseQuery("tenseleyFlow"),
++		20, 0)
++	if err != nil {
++		t.Fatalf("SearchRepos: %v", err)
++	}
++	for _, r := range got {
++		if r.ID == f.orgRepo.ID && r.OwnerUsername == "tenseleyflow" && r.Name == "shithub" {
++			return
++		}
++	}
++	t.Fatalf("owner query did not return org-owned tenseleyflow/shithub; got %d rows", len(got))
++}
++
  // TestSearchIssues_AnonymousSeesOnlyPublic mirrors the repo test
  // for the issue surface — issues inherit visibility from their repo.
  func TestSearchIssues_AnonymousSeesOnlyPublic(t *testing.T) {
+ 	}
+ }
++func TestSearchIssues_RepoFilterMatchesOrgOwner(t *testing.T) {
++	f := setup(t)
++	got, _, err := search.SearchIssues(context.Background(), f.deps,
++		policy.AnonymousActor(),
++		search.ParseQuery("repo:tenseleyFlow/shithub bug"), "", 20, 0)
++	if err != nil {
++		t.Fatalf("SearchIssues: %v", err)
++	}
++	if len(got) == 0 {
++		t.Fatalf("expected org repo issue results")
++	}
++	for _, h := range got {
++		if h.OwnerUsername != "tenseleyflow" || h.RepoName != "shithub" {
++			t.Errorf("repo: filter let through %s/%s", h.OwnerUsername, h.RepoName)
++		}
++	}
++}
++
++func TestSearchCode_RepoFilterMatchesOrgOwner(t *testing.T) {
++	f := setup(t)
++	got, total, err := search.SearchCode(context.Background(), f.deps,
++		policy.AnonymousActor(),
++		search.ParseQuery("repo:tenseleyFlow/shithub README"), 20, 0)
++	if err != nil {
++		t.Fatalf("SearchCode: %v", err)
++	}
++	if total == 0 {
++		t.Fatalf("SearchCode total = 0, want org-owned path hit")
++	}
++	for _, h := range got {
++		if h.RepoID == f.orgRepo.ID && h.OwnerUsername == "tenseleyflow" && h.RepoName == "shithub" {
++			return
++		}
++	}
++	t.Fatalf("org-owned code hit missing from %d results", len(got))
++}
++
  func TestSearchUsers_ExcludesSuspended(t *testing.T) {
  	f := setup(t)
  	ctx := context.Background()

tenseleyflow/shithub / `7f720ee`

7 changed files