feat(m7.2-D): drop transitional agent.db, add admin helpers #89

2026-06-17T13:05:53Z

sharang commented

2026-06-17 13:05:53 +00:00

Summary

Final slice of M7.2. Removes the transitional single-database handle that M7.2-A introduced alongside the pool, so compliance-agent now has a single source of truth for storage: every code path obtains a tenant-scoped Database from agent.db_pool.for_tenant_id(...) or for_tenant(&ctx). There is no shared "default" database anywhere.

Stacked on PR-C (#88) — diff shown is only D's changes.

Changes

ComplianceAgent.db: Database field removed. ComplianceAgent::new now takes only (config, db_pool). Verified by a grep during M7.2-C that no remaining call site reads agent.db.
main.rs stops constructing the legacy Database. Only the pool is built at startup.
TestServer same — drops Database::connect/ensure_indexes, builds only the pool. cleanup() now drops every <db_name>_* per-tenant database (no longer touches a bare <db_name>).
DatabasePool::list_tenant_db_names() — lists Mongo databases matching the pool's prefix. For admin endpoints + scheduler tenant enumeration in a future M7.3 (this PR keeps SCHEDULER_TENANT_IDS env config — registry integration is a separate concern).
DatabasePool::drop_tenant(&str) — idempotent tenant offboarding. Drops the per-tenant database and evicts the in-memory ensured marker so a later re-provision re-runs ensure_indexes. GDPR delete in one call.

Test plan

cargo fmt --all -- --check clean
cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean
cargo test -p compliance-core --lib — 7 pass
cargo test -p compliance-agent --lib — 228 pass
cargo test -p compliance-agent --test tenant_isolation — 6 pass including the new admin_helpers_list_and_drop_tenant_dbs which:
- provisions two tenants and writes data into each
- verifies list_tenant_db_names returns both
- drops one via drop_tenant
- verifies the dropped one is gone and the other survives
cargo test -p compliance-agent --test tenant_status_middleware — 6 pass

M7.2 closeout state after this lands

Slice	What	Status
M7.1	auth + status gate, JWKS refresh, smoke harness	done (#83, #84, #85)
M7.2-A	DatabasePool foundation	merged-pending (#86)
M7.2-B	API handlers	merged-pending (#87)
M7.2-C	scheduler + webhooks + agent helpers	merged-pending (#88)
M7.2-D	drop legacy db, admin helpers	this PR

Future M7.3 (not in this PR)

Scheduler pulls tenants from tenant-registry instead of SCHEDULER_TENANT_IDS env.
Cross-tenant admin HTTP endpoints built on list_tenant_db_names / drop_tenant (likely behind a separate auth path — service account, not customer JWT).
Tenant onboarding flow (creating a Keycloak realm + ensuring the tenant DB is provisioned + seeding initial data).

🤖 Generated with Claude Code

## Summary **Final slice of M7.2.** Removes the transitional single-database handle that M7.2-A introduced alongside the pool, so `compliance-agent` now has a **single source of truth** for storage: every code path obtains a tenant-scoped `Database` from `agent.db_pool.for_tenant_id(...)` or `for_tenant(&ctx)`. There is no shared "default" database anywhere. **Stacked on PR-C (#88)** — diff shown is only D's changes. ## Changes - **`ComplianceAgent.db: Database` field removed.** `ComplianceAgent::new` now takes only `(config, db_pool)`. Verified by a grep during M7.2-C that no remaining call site reads `agent.db`. - **`main.rs`** stops constructing the legacy `Database`. Only the pool is built at startup. - **`TestServer`** same — drops `Database::connect`/`ensure_indexes`, builds only the pool. `cleanup()` now drops every `<db_name>_*` per-tenant database (no longer touches a bare `<db_name>`). - **`DatabasePool::list_tenant_db_names()`** — lists Mongo databases matching the pool's prefix. For admin endpoints + scheduler tenant enumeration in a future M7.3 (this PR keeps `SCHEDULER_TENANT_IDS` env config — registry integration is a separate concern). - **`DatabasePool::drop_tenant(&str)`** — idempotent tenant offboarding. Drops the per-tenant database and evicts the in-memory `ensured` marker so a later re-provision re-runs `ensure_indexes`. GDPR delete in one call. ## Test plan - [x] `cargo fmt --all -- --check` clean - [x] `cargo clippy --workspace --exclude compliance-dashboard -- -D warnings` clean - [x] `cargo test -p compliance-core --lib` — 7 pass - [x] `cargo test -p compliance-agent --lib` — 228 pass - [x] `cargo test -p compliance-agent --test tenant_isolation` — **6 pass** including the new `admin_helpers_list_and_drop_tenant_dbs` which: - provisions two tenants and writes data into each - verifies `list_tenant_db_names` returns both - drops one via `drop_tenant` - verifies the dropped one is gone and the other survives - [x] `cargo test -p compliance-agent --test tenant_status_middleware` — 6 pass ## M7.2 closeout state after this lands | Slice | What | Status | |---|---|---| | M7.1 | auth + status gate, JWKS refresh, smoke harness | done (#83, #84, #85) | | M7.2-A | DatabasePool foundation | merged-pending (#86) | | M7.2-B | API handlers | merged-pending (#87) | | M7.2-C | scheduler + webhooks + agent helpers | merged-pending (#88) | | M7.2-D | drop legacy db, admin helpers | this PR | ## Future M7.3 (not in this PR) - Scheduler pulls tenants from tenant-registry instead of `SCHEDULER_TENANT_IDS` env. - Cross-tenant admin HTTP endpoints built on `list_tenant_db_names` / `drop_tenant` (likely behind a separate auth path — service account, not customer JWT). - Tenant onboarding flow (creating a Keycloak realm + ensuring the tenant DB is provisioned + seeding initial data). 🤖 Generated with [Claude Code](https://claude.com/claude-code)

sharang added 1 commit 2026-06-17 13:05:58 +00:00

feat(m7.2-D): drop transitional agent.db, add admin helpers

CI / Check (pull_request) Successful in 9m27s

Details

CI / Detect Changes (pull_request) Has been skipped

Details

CI / Deploy Agent (pull_request) Has been skipped

Details

CI / Deploy Dashboard (pull_request) Has been skipped

Details

CI / Deploy Docs (pull_request) Has been skipped

Details

CI / Deploy MCP (pull_request) Has been skipped

Details

08c4ec4cff

Final slice of M7.2. Removes the transitional single-database handle
that M7.2-A introduced alongside the pool, so the compliance-agent
now has a single source of truth for storage: every code path obtains
a tenant-scoped Database from `agent.db_pool.for_tenant_id(...)` or
`for_tenant(&ctx)`. There is no shared "default" database anywhere.

Changes
- ComplianceAgent: `db: Database` field removed. ComplianceAgent::new
  now takes only `(config, db_pool)`. Verified by an earlier grep
  during M7.2-C that no remaining call site reads `agent.db`.
- main.rs: stops constructing the legacy Database. Only the pool is
  built at startup.
- TestServer: same — drops Database::connect/ensure_indexes, builds
  only the pool. cleanup() now drops every `<db_name>_*` per-tenant
  database (no longer touches a bare `<db_name>`).
- DatabasePool::list_tenant_db_names() — lists Mongo databases
  matching the pool's prefix. For admin endpoints + scheduler tenant
  enumeration in a future M7.3 (this PR keeps SCHEDULER_TENANT_IDS
  env config — registry integration is a separate concern).
- DatabasePool::drop_tenant(&str) — idempotent tenant offboarding.
  Drops the per-tenant database and evicts the in-memory `ensured`
  marker so a later re-provision re-runs ensure_indexes.

Test plan
- cargo fmt --all clean
- cargo clippy --workspace --exclude compliance-dashboard
  -- -D warnings clean
- cargo test -p compliance-core --lib — 7 pass
- cargo test -p compliance-agent --lib — 228 pass
- cargo test -p compliance-agent --test tenant_isolation — 6 pass
  including new `admin_helpers_list_and_drop_tenant_dbs`
- cargo test -p compliance-agent --test tenant_status_middleware
  — 6 pass

M7.2 closeout state after this lands
- M7.1 (auth + status) — done
- M7.2-A (pool) — done
- M7.2-B (handlers) — done
- M7.2-C (background paths) — done
- M7.2-D (legacy db removed, admin helpers) — done (this PR)
- Future M7.3: scheduler pulls tenants from tenant-registry instead
  of SCHEDULER_TENANT_IDS env; cross-tenant admin HTTP endpoints
  built on list_tenant_db_names / drop_tenant.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

sharang commented

2026-06-18 09:32:19 +00:00

Superseded — the M7.2 stack was inadvertently included in PR #90 squash-merge (5648291) on main. The dashboard PR was branched off this PR's descendant and its full diff swept into main as one squash commit. M7.2-A through M7.2-D are all live on main and in production. Closing without merging.

Superseded — the M7.2 stack was inadvertently included in PR #90 squash-merge (`5648291`) on main. The dashboard PR was branched off this PR's descendant and its full diff swept into main as one squash commit. M7.2-A through M7.2-D are all live on main and in production. Closing without merging.

sharang closed this pull request

2026-06-18 09:32:21 +00:00

CI / Check (pull_request) Successful in 9m27s

Details

CI / Detect Changes (pull_request) Has been skipped

Details

CI / Deploy Agent (pull_request) Has been skipped

Details

CI / Deploy Dashboard (pull_request) Has been skipped

Details

CI / Deploy Docs (pull_request) Has been skipped

Details

CI / Deploy MCP (pull_request) Has been skipped

Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sharang/compliance-scanner-agent#89