Skip to content

feat(canopy): bump bestool-canopy 0.7.0 / kopia 0.4.0 and thread run_id through restore runs#94

Merged
passcod merged 3 commits into
mainfrom
canopy-run-id
Jul 5, 2026
Merged

feat(canopy): bump bestool-canopy 0.7.0 / kopia 0.4.0 and thread run_id through restore runs#94
passcod merged 3 commits into
mainfrom
canopy-run-id

Conversation

@passcod

@passcod passcod commented Jul 5, 2026

Copy link
Copy Markdown
Member

🤖 Updates the bestool crates and threads a canopy run-uuid through restore runs.

Dependency bumps

  • bestool-canopy 0.6.1 → 0.7.0. 0.7.0 marks every generated schema struct #[non_exhaustive] with a bon-derived builder, so the IntentDescriptor / BTreeMapValue / RestoreCapabilitiesArgs / RestoreCredentialsArgs / VerificationArgs construction sites move from struct literals to builders.
  • bestool-kopia 0.3.4 → 0.4.0. Source-compatible; the proxy API is unchanged.

run_id threading

Canopy asks each restore run to carry a client-minted run-uuid on its credential requests and its verification report so it can correlate them. The field is optional today but is documented as becoming mandatory.

  • Mint a run_id when a canopy-backed restore Job is created and persist it on PostgresPhysicalRestoreStatus.runId.
  • Thread it to the run's credential requests via a PGRO_RUN_ID sidecar env, forwarded through the broker — whose creds cache is now keyed by run_id, so within-run STS refreshes still hit cache while each run gets its own attributed credentials.
  • Send it on the verification report.

Non-run credential fetches deliberately carry no run_id: the reconcile-time repo-password poll and the snapshot-list job are not restore runs, and minting throwaway uuids would create phantom runs in canopy. If canopy later requires a run_id on read-only credential fetches, that is a follow-up.

Regenerated crds.yaml for the new status field and updated the README status table.

passcod and others added 3 commits July 6, 2026 04:43
0.7.0 marks every generated schema struct #[non_exhaustive] with a
bon-derived builder, so switch the IntentDescriptor / BTreeMapValue /
RestoreCapabilitiesArgs / RestoreCredentialsArgs / VerificationArgs
construction sites from struct literals to builders.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Source-compatible; the proxy API pgro uses is unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Canopy asks each restore run to carry a client-minted run-uuid on its
credential requests and its verification report so it can correlate
them; the field is optional today but will be enforced.

Mint a run_id when a canopy-backed restore Job is created, persist it on
the restore status, and thread it to the run's credential requests (via
a PGRO_RUN_ID sidecar env forwarded through the broker, whose creds
cache is now keyed by run_id) and to the verification report.

Non-run credential fetches deliberately carry no run_id: the
reconcile-time repo-password poll and the snapshot-list job are not
restore runs, and minting throwaway uuids would create phantom runs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@passcod passcod enabled auto-merge July 5, 2026 17:08
@passcod passcod merged commit d73fbd6 into main Jul 5, 2026
19 checks passed
@passcod passcod deleted the canopy-run-id branch July 5, 2026 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant