fix(submit): harden trusted submission ingestion

[ShivamB25]

Summary

• harden the submit boundary before competitive data is written
• return explicit trust-state decisions for trusted, rejected, and review-required submissions
• fix legacy token writes and dated snapshot parsing at the submit layer

Changes

• reject malformed, empty, duplicate-date, unsupported-client, negative-counter, and future-dated payloads before persistence
• add submit trust decisioning with machine-readable reason codes
• defer legacy token upgrades until accepted writes
• parse separated snapshot model dates such as gpt-4o-2024-08-06

Testing

• frontend Vitest coverage for submit validation and trust decisioning
• frontend typecheck
• frontend build
• local runtime verification against the app and Postgres

Refs #441

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
tokscale	Ready	Preview, Comment	Apr 18, 2026 9:54pm

[cubic-dev-ai]

2 issues found across 14 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/frontend/src/lib/validation/submissionTrust.ts">

<violation number="1" location="packages/frontend/src/lib/validation/submissionTrust.ts:33">
P1: Unvalidated `timestampMs` conversion can throw `RangeError` and crash trust assessment instead of returning structured trust-state output.</violation>
</file>

<file name="packages/frontend/src/lib/db/migrations/0005_concerned_justin_hammer.sql">

<violation number="1" location="packages/frontend/src/lib/db/migrations/0005_concerned_justin_hammer.sql:5">
P2: `submission_reviews` lacks DB integrity constraints for trust state/domain and numeric/date invariants, allowing invalid records despite ingestion hardening.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}