feat(server): add tenant scaffolding and targets schema (1/7)#178
Draft
abhinav-galileo wants to merge 1 commit intomainfrom
Draft
feat(server): add tenant scaffolding and targets schema (1/7)#178abhinav-galileo wants to merge 1 commit intomainfrom
abhinav-galileo wants to merge 1 commit intomainfrom
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This was referenced Apr 20, 2026
Additive, behavior-preserving. tenant_id defaults to 'default-tenant' and is inert in this phase; new target tables exist but are not yet wired into runtime resolution or management APIs.
abhinav-galileo
force-pushed
the
abhi/rfc-1-1-pr1-tenant-targets
branch
from
a79bcbb to
6ea16b3
Compare
abhinav-galileo
changed the title
abhinav-galileo
changed the title
abhinav-galileo
changed the title
abhinav-galileo
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
tenant_idscaffolding (String(64), default"default-tenant") toagents,controls,policies,agent_controls,agent_policies, with DB-levelserver_defaultso unscoped writes keep working.targetsandtarget_controlstables for attaching controls to typed, tenant-scoped targets (e.g. a log stream).NOT NULL.Intentional deviations and decisions
target_typeinstead of baretypefor clarity and to avoid shadowing Python's builtin.policy_controls.tenant_idomitted: tenant scope is inherited transitively viapolicy_id/control_id.tenant_idindexes omitted: read paths are unscoped in this phase, so an index would carry write cost for no benefit. Add alongside the PR that introduces tenant-scoped reads.target_controls:target_idusesON DELETE CASCADE(attachment has no meaning without the target);control_iduses the default restrictive behavior so control deletion does not silently fan into attachments.Deferrals
updated_aton new tables: omitted - no live repo pattern for automatic maintenance. Defer until a pattern is chosen repo-wide.control_execution_events.tenant_id: deferred; observability tables are out of scope here.tenantstable,target_targetsDAG, tenant-scoped uniqueness on agent/control/policy names, lazy target upsert, runtime resolution, SDK/UI changes: all deferred to follow-up PRs.Test plan
make checkclean locally (lint + mypy + tests across all packages)server_defaultbehavior, downgrade completenessTarget/TargetControlround-trip,(tenant_id, target_type, external_id)uniqueness,(target_id, control_id)uniqueness,ON DELETE CASCADEbehavior, implicit default tenant on unscoped writes for Agent / Control / Policy