feat(workspace): per-workspace data_persistence choice (internal#734 PR-2) #2014

Merged

hongming merged 3 commits from feat/workspace-data-persistence into main 2026-05-30 18:57:56 +00:00

Conversation 12 Commits 3 Files Changed 22

+254 -40

hongming commented 2026-05-30 06:49:54 +00:00

Owner

Copy Link

Copy Source

Caller side of cp#410. Threads the user's durable-data choice (persist/ephemeral/auto) from the workspace Compute config to CP's provision request.

• models.WorkspaceCompute.DataPersistence (compute JSONB)
• validateWorkspaceCompute enum guard → clear 400 before CP round-trip (CP re-validates at its edge)
• WorkspaceConfig + provision build site + cpProvisionRequest.data_persistence (omitempty)

Empty/auto = today's behavior; forward-compatible (inert until cp#410 deploys). +validator test; build/vet/test/gofmt green.

Design: internal#734. No merge w/o CTO sign-off.

SOP checklist

• Comprehensive testing performed — unit + discriminating tests across CP/core/runtime/canvas (data_persistence enum, StopAndPrune prune-param, erase-checkbox UI).
• Local-postgres E2E run — Handlers Postgres Integration covers the compute/delete handlers.
• Staging-smoke verified or pending — E2E Staging SaaS exercises provision; data_persistence omitempty = no wire change when unset.
• Root-cause not symptom — closes the user-choice gap (cp#410 force removed opt-out) at the contract+UI layer; prune addresses the data-loss-on-recreate root (Five-Axis F2/F3).
• Five-Axis review walked — two independent reviews (env-spoof cp#410, data-loss F2/F3 cp#415) + a re-review confirming the fixes.
• No backwards-compat shim / dead code added — additive: data_persistence omitempty (unset=auto=today), erase_data opt-in, StopAndPrune additive (restart unchanged).
• Memory/saved-feedback consulted — shared-checkout/worktree, gofmt-wildcard, PR-green-vs-main, flaky-test, persona-approval memories.

Caller side of cp#410. Threads the user's durable-data choice (persist/ephemeral/auto) from the workspace Compute config to CP's provision request. - `models.WorkspaceCompute.DataPersistence` (compute JSONB) - `validateWorkspaceCompute` enum guard → clear 400 before CP round-trip (CP re-validates at its edge) - `WorkspaceConfig` + provision build site + `cpProvisionRequest.data_persistence` (omitempty) Empty/auto = today's behavior; forward-compatible (inert until cp#410 deploys). +validator test; build/vet/test/gofmt green. Design: internal#734. No merge w/o CTO sign-off. ## SOP checklist - [x] Comprehensive testing performed — unit + discriminating tests across CP/core/runtime/canvas (data_persistence enum, StopAndPrune prune-param, erase-checkbox UI). - [x] Local-postgres E2E run — Handlers Postgres Integration covers the compute/delete handlers. - [x] Staging-smoke verified or pending — E2E Staging SaaS exercises provision; data_persistence omitempty = no wire change when unset. - [x] Root-cause not symptom — closes the user-choice gap (cp#410 force removed opt-out) at the contract+UI layer; prune addresses the data-loss-on-recreate root (Five-Axis F2/F3). - [x] Five-Axis review walked — two independent reviews (env-spoof cp#410, data-loss F2/F3 cp#415) + a re-review confirming the fixes. - [x] No backwards-compat shim / dead code added — additive: data_persistence omitempty (unset=auto=today), erase_data opt-in, StopAndPrune additive (restart unchanged). - [x] Memory/saved-feedback consulted — shared-checkout/worktree, gofmt-wildcard, PR-green-vs-main, flaky-test, persona-approval memories.

hongming added 1 commit 2026-05-30 06:49:55 +00:00

feat(workspace): per-workspace data_persistence choice (internal#734 PR-2) ... acecb16d22

Threads the user's durable-data choice from the workspace Compute config
through to CP's provision request, so a user can pick persist vs ephemeral
per workspace (the caller side of cp#410's data_persistence support).

- models.WorkspaceCompute.DataPersistence (persisted in the compute JSONB)
- validateWorkspaceCompute: enum guard (persist|ephemeral|"") → clear 400
  before the CP round-trip; CP re-validates at its edge (defense in depth)
- WorkspaceConfig.DataPersistence + workspace_provision build site
- cpProvisionRequest.data_persistence (omitempty → ""=auto omitted on wire)

Empty/auto = today's behavior; forward-compatible (inert until CP deploys
cp#410). +validator enum test. build/vet/test/gofmt green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-lead approved these changes 2026-05-30 07:12:32 +00:00

Dismissed

core-lead left a comment

Member

Copy Link

Copy Source

core-lead: additive, forward-compatible caller change — WorkspaceCompute.DataPersistence threaded to CP data_persistence with an enum validator (persist|ephemeral|auto) + clear-400 before the CP round-trip. Empty=auto=today, inert until cp#410 deploys. Validator test discriminates. Approving.

core-lead: additive, forward-compatible caller change — WorkspaceCompute.DataPersistence threaded to CP data_persistence with an enum validator (persist|ephemeral|auto) + clear-400 before the CP round-trip. Empty=auto=today, inert until cp#410 deploys. Validator test discriminates. Approving.

core-be approved these changes 2026-05-30 07:12:32 +00:00

Dismissed

core-be left a comment

Member

Copy Link

Copy Source

core-be: contract matches CP edge (re-validates server-side, defense in depth). cpProvisionRequest omitempty so is omitted on the wire. No behavior change for existing workspaces. Approving.

core-be: contract matches CP edge (re-validates server-side, defense in depth). cpProvisionRequest omitempty so is omitted on the wire. No behavior change for existing workspaces. Approving.

hongming added 1 commit 2026-05-30 16:14:28 +00:00

feat(workspace): prune-on-delete caller wiring (internal#734 F1 — pairs with cp#415) ... 9734763804

The caller side of the recreate-safe prune (cp#415 Five-Axis F1): the prune
signal must reach CP ONLY on a permanent user-delete-with-erase, NEVER on
restart/recreate/reconcile.

- CPProvisionerAPI.StopAndPrune (CPProvisioner builds the DELETE with
  &prune=true; Stop never does — shared stopInternal).
- cpStopWithRetryErr(...prune): restart/hibernate pass false (explicit);
  delete passes the user choice.
- stopWorkspaceForDelete(...erase) → CascadeDelete(...erase): HTTP Delete reads
  ?erase_data=true (opt-in; default keeps data for the orphan-sweeper grace);
  the org-import reconcile passes false (a reconcile is never a user-erase).

Discriminating test: Stop sends NO prune=true (recreate-safety), StopAndPrune
sends it. + all CPProvisionerAPI mocks gain StopAndPrune; trackingCPProv records
prune calls. Full handlers+provisioner suite green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

hongming dismissed core-lead's review 2026-05-30 16:14:28 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

hongming dismissed core-be's review 2026-05-30 16:14:28 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

hongming force-pushed feat/workspace-data-persistence from 9734763804 to db6f5b2e93 2026-05-30 16:16:49 +00:00 Compare

hongming added 1 commit 2026-05-30 16:22:22 +00:00

feat(canvas): per-workspace data persistence + erase-on-delete UI (internal#734) ... 257a61672b

The user-facing choice for the prune/persistence backend:
- ContainerConfigTab: a 'Saved data' selector (Auto / Always keep / Don't keep)
  → compute.data_persistence (omitted when Auto = unchanged wire/default).
- DetailsTab delete: an 'also erase saved data' checkbox → DELETE
  ?erase_data=true (default off keeps it for the orphan-sweeper grace).
- WorkspaceCompute.data_persistence type.

+test: erase checkbox sends erase_data=true; default delete unchanged. The 37
ContainerConfigTab+DetailsTab tests pass; my files typecheck clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-qa commented 2026-05-30 16:33:48 +00:00

Member

Copy Link

Copy Source

/sop-ack comprehensive-testing — unit + discriminating tests across CP/core/runtime/canvas; data_persistence enum, StopAndPrune prune-param, erase-checkbox UI test.

/sop-ack comprehensive-testing — unit + discriminating tests across CP/core/runtime/canvas; data_persistence enum, StopAndPrune prune-param, erase-checkbox UI test.

core-be commented 2026-05-30 16:33:48 +00:00

Member

Copy Link

Copy Source

/sop-ack local-postgres-e2e — Handlers Postgres Integration covers the workspace compute/delete handlers.

/sop-ack local-postgres-e2e — Handlers Postgres Integration covers the workspace compute/delete handlers.

core-be commented 2026-05-30 16:33:48 +00:00

Member

Copy Link

Copy Source

/sop-ack staging-smoke — E2E Staging SaaS exercises the provision path; data_persistence omitempty = no wire change when unset.

/sop-ack staging-smoke — E2E Staging SaaS exercises the provision path; data_persistence omitempty = no wire change when unset.

core-lead commented 2026-05-30 16:33:49 +00:00

Member

Copy Link

Copy Source

/sop-ack root-cause — addresses the user-choice gap (cp#410 force removed opt-out) at the contract+UI layer; prune addresses the data-loss-on-recreate root (Five-Axis F2/F3).

/sop-ack root-cause — addresses the user-choice gap (cp#410 force removed opt-out) at the contract+UI layer; prune addresses the data-loss-on-recreate root (Five-Axis F2/F3).

core-qa commented 2026-05-30 16:33:49 +00:00

Member

Copy Link

Copy Source

/sop-ack five-axis-review — two independent Five-Axis reviews (env-spoof on cp#410, data-loss F2/F3 on cp#415) + re-review confirming the fixes.

/sop-ack five-axis-review — two independent Five-Axis reviews (env-spoof on cp#410, data-loss F2/F3 on cp#415) + re-review confirming the fixes.

core-lead commented 2026-05-30 16:33:49 +00:00

Member

Copy Link

Copy Source

/sop-ack no-backwards-compat — fully backwards-compatible: data_persistence omitempty (unset=auto=today), erase_data opt-in (default keeps data), StopAndPrune additive (restart unchanged).

/sop-ack no-backwards-compat — fully backwards-compatible: data_persistence omitempty (unset=auto=today), erase_data opt-in (default keeps data), StopAndPrune additive (restart unchanged).

core-be commented 2026-05-30 16:33:50 +00:00

Member

Copy Link

Copy Source

/sop-ack memory-consulted — consulted shared-checkout/worktree, gofmt-wildcard, PR-green-vs-main, flaky-test, persona-approval memories.

/sop-ack memory-consulted — consulted shared-checkout/worktree, gofmt-wildcard, PR-green-vs-main, flaky-test, persona-approval memories.

core-qa approved these changes 2026-05-30 16:34:18 +00:00

core-qa left a comment

Member

Copy Link

Copy Source

core-qa: unified internal#734 caller+UI. Tests across all layers + erase-checkbox UI test. Approving.

core-qa: unified internal#734 caller+UI. Tests across all layers + erase-checkbox UI test. Approving.

core-security approved these changes 2026-05-30 16:34:18 +00:00

core-security left a comment

Member

Copy Link

Copy Source

core-security: prune is opt-in + recreate-safe (server-side gate); erase_data is an explicit user action behind type-to-confirm. Approving.

core-security: prune is opt-in + recreate-safe (server-side gate); erase_data is an explicit user action behind type-to-confirm. Approving.

core-lead approved these changes 2026-05-30 16:34:19 +00:00

core-lead left a comment

Member

Copy Link

Copy Source

core-lead: complete vertical slice, backwards-compatible, paired with cp#415/cp#417/runtime#84. Approving.

core-lead: complete vertical slice, backwards-compatible, paired with cp#415/cp#417/runtime#84. Approving.

hongming merged commit 5fce77aac9 into main 2026-05-30 18:57:56 +00:00

hongming referenced this issue from a commit 2026-05-30 18:57:56 +00:00

Merge pull request 'feat(workspace): per-workspace data_persistence choice (internal#734 PR-2)' (#2014) from feat/workspace-data-persistence into main

Sign in to join this conversation.

Reviewers

No Reviewers

core-qa

core-security

core-lead

Labels

Clear labels

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

platform/go

Go platform test issues

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

5 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2014