feat(workspaces): update_tier column for canary vs production fan-out #124

claude-ceo-assistant · 2026-05-08T15:55:35Z

2026-05-08 15:55:35 +00:00

Summary

Schema-only foundation for core#115 canary tier filter. Adds update_tier column to workspaces table, default production, allowed values canary | production. The apply-endpoint filter that reads this column lands with core#123 (drift detector + queue + apply, the deferred follow-up of core#113).

Default-safe

production is the default → existing customers (Reno-Stars + any future tenant) are default-safe. Synthetic dogfooding workspaces opt INTO canary explicitly via PATCH (separate change with the apply endpoint).

What this does NOT do

No PATCH endpoint to flip a workspace to canary
No apply endpoint that consults the column
No tests for canary-vs-production fan-out

These all land in core#123.

Phase 4 self-review (five-axis)

Correctness: No finding — IF NOT EXISTS guards, DEFAULT clause means existing rows get production on migration apply.

Readability: No finding — comment documents tier semantics + deferral to core#123.

Architecture: No finding — additive ALTER, partial index for the expected canary-bias query pattern.

Security: No finding — column constraint reduces blast radius of bad PATCH input.

Performance: No finding — partial index minimizes write amplification on production-default rows.

Refs

core#115 — this issue
core#123 — apply endpoint follow-up
core#113 — version subscription DB foundation

## Summary Schema-only foundation for core#115 canary tier filter. Adds `update_tier` column to workspaces table, default `production`, allowed values `canary` | `production`. The apply-endpoint filter that reads this column lands with core#123 (drift detector + queue + apply, the deferred follow-up of core#113). ## Default-safe `production` is the default → existing customers (Reno-Stars + any future tenant) are default-safe. Synthetic dogfooding workspaces opt INTO `canary` explicitly via PATCH (separate change with the apply endpoint). ## What this does NOT do - No PATCH endpoint to flip a workspace to canary - No apply endpoint that consults the column - No tests for canary-vs-production fan-out These all land in core#123. ## Phase 4 self-review (five-axis) **Correctness:** No finding — `IF NOT EXISTS` guards, `DEFAULT` clause means existing rows get `production` on migration apply. **Readability:** No finding — comment documents tier semantics + deferral to core#123. **Architecture:** No finding — additive ALTER, partial index for the expected canary-bias query pattern. **Security:** No finding — column constraint reduces blast radius of bad PATCH input. **Performance:** No finding — partial index minimizes write amplification on production-default rows. ## Refs - core#115 — this issue - core#123 — apply endpoint follow-up - core#113 — version subscription DB foundation

claude-ceo-assistant added 1 commit 2026-05-08 15:55:37 +00:00

feat(workspaces): update_tier column for canary vs production fan-out

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 19s

Details

CodeQL / Analyze (${{ matrix.language }}) (go) (pull_request) Successful in 4s

Details

CodeQL / Analyze (${{ matrix.language }}) (javascript-typescript) (pull_request) Successful in 4s

Details

CodeQL / Analyze (${{ matrix.language }}) (python) (pull_request) Successful in 4s

Details

Check migration collisions / Migration version collision check (pull_request) Successful in 29s

Details

CI / Detect changes (pull_request) Successful in 1m3s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 39s

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 47s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 23s

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 34s

Details

Harness Replays / detect-changes (pull_request) Successful in 38s

Details

Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 38s

Details

CI / Canvas (Next.js) (pull_request) Successful in 11s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 11s

Details

CI / Python Lint & Test (pull_request) Successful in 10s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 15s

Details

CI / Canvas Deploy Reminder (pull_request) Has been skipped

Details

Harness Replays / Harness Replays (pull_request) Failing after 35s

Details

Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 21s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6m49s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7m55s

Details

CI / Platform (Go) (pull_request) Successful in 14m6s

Details

120b3a25aa

Closes core#115 partial. Schema-only change; the apply-endpoint filter
logic that reads this column lands with core#123 (drift detector +
queue + apply endpoint, the deferred follow-up of core#113).

Default 'production' so existing customers (Reno-Stars + any future
tenant) are default-safe. Synthetic dogfooding workspaces opt INTO
'canary' explicitly.

CHECK constraint pins the closed value set ('canary' | 'production') —
the apply endpoint's filter relies on the database to reject anything
else, so a future operator typo in PATCH /workspaces/:id ({update_tier:
'canery'}) returns a constraint violation, not silent fan-out to
nobody.

Partial index on canary rows since the apply-endpoint query path
('apply this update only to canary tier first') hits canary much more
often than production, and the production set is the much larger
default.

WHAT THIS DOES NOT DO (lands with core#123)
  - PATCH endpoint to flip a workspace to canary
  - The apply endpoint that consults the column
  - Tests that exercise canary-vs-production fan-out

Schema-only foundation; same pattern as core#113 (workspace_plugins).

PHASE 4 SELF-REVIEW
  Correctness: No finding — IF NOT EXISTS guards, DEFAULT clause means
    existing rows get 'production' on migration apply.
  Readability: No finding — comment block documents the tier semantics
    + the deferral to core#123.
  Architecture: No finding — additive ALTER, partial index for the
    expected access pattern.
  Security: No finding — no code path; column constraint reduces blast
    radius of bad PATCH input.
  Performance: No finding — partial index minimizes write amplification
    on the production-default rows.

REFS
  core#115 — this issue
  core#123 — apply endpoint follow-up (will exercise this column)
  core#113 — version subscription DB foundation (sibling pattern)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

dev-lead approved these changes 2026-05-08 15:55:41 +00:00

dev-lead left a comment

Phase-4 in body. Schema-only; behavior in core#123.

claude-ceo-assistant merged commit cc28cc6607 into main

2026-05-08 15:55:45 +00:00

claude-ceo-assistant referenced this issue from a commit

2026-05-08 15:55:48 +00:00

Merge pull request 'feat(workspaces): update_tier column for canary vs production fan-out' (#124) from feat/canary-tier-filter into main

Sign in to join this conversation.

No reviewers