AIN-291 W1 · 0033 training_runs table + ainfera_labs role

[hizrianraz]

Additive migration. CREATE TABLE training_runs + CREATE ROLE ainfera_labs (LOGIN, no password set — founder sets via ALTER ROLE from Doppler). Least-priv grants: SELECT on routing_outcomes/inferences/models/providers/agents; column-level UPDATE on judge_* + reward (AIN-290 cols); UPDATE on active_policy/active_policy_version; INSERT on training_runs; REVOKE DELETE everywhere. alembic upgrade 0032:0033 --sql renders cleanly. Disc #12 untouched.

🤖 Generated with Claude Code

---

Note

Medium Risk
New DB role can update judge labels and tenant routing policy versions (promotion path); scope is narrow and DELETE is revoked, but misconfiguration or compromised labs credentials could affect routing behavior.

Overview
Adds Alembic revision 20260528_0033 with two additive database changes for offline routing training (L14.2).

Introduces public.training_runs: one row per training tick (daily/manual/shadow), recording judge model, outcomes judged, policy version before/after, promotion flag and reason, replay-gate result, per-cell JSON, deltas, and optional ruleset hash—with indexes on run_at and (promoted, run_at).

Creates ainfera_labs as a LOGIN role (password not set in migration; founder sets via Doppler). Grants SELECT on routing_outcomes, inferences, models, providers, agents; INSERT/SELECT on training_runs (plus sequence usage when present); column-level UPDATE on AIN-290 judge fields on routing_outcomes and on active_policy / active_policy_version on tenant_routing_policies; and REVOKE DELETE on all public tables. Downgrade drops the role (with owned-object cleanup) then the table.

No application code changes; charter-scoped additive schema and privileges only.

^{Reviewed by Cursor Bugbot for commit bc108aa. Bugbot is set up for automated code reviews on this repo. Configure here.}

[linear-code]

AIN-291 [Labs] Define Ainfera Labs (full-cloud) + create ainfera-ai/research

Operationalizes the Spark-drop lock (AIN-284 / L7) into a concrete offline learning substrate, and creates the public research surface. Canonical: architecture/ainfera-labs-fullcloud.md (vault commit babf516).

Principle

Labs = the offline brain. NOT on the live request path. Online gateway serves traffic in ms + captures routing_outcomes; offline Labs judges + trains + promotes a versioned policy back behind a replay gate. Dropping Spark changed where offline compute runs, not the loop.

Substrate map (full cloud, no GPU box)

Stage	Cadence	Substrate	Cost
Capture → routing_outcomes	live	Supabase EU (built)	~$0
Judge (1–5)	async 1–5%	ainfera-inference → Opus 4.7	~$10–75/mo
Trainer (LinUCB → q_empirical)	weekly cron, CPU	GitHub Actions	$0
Replay / delta	weekly + pre-pub	GitHub Actions	$0
v2 fine-tune	burst GPU, later	DO H100 $1.90/hr (Hatch)	~$20–40/mo
Scale (post-Seed)	sustained	Nebius H100	reserved

Repo split (moat-safe)

• ainfera-ai/research (NEW, PUBLIC) — preprint, methodology, reproducible benchmark, synthetic datasets, delta writeup. Apache 2.0 / CC-BY 4.0 / CC0.
• ainfera-ai/api (PRIVATE) — operated judge worker, real corpus, judge prompts, anti-gaming, live q_empirical weights.
• Rule: publish method + result; never ship operated policy or real corpus. Per D-052.
• Benchmark runs on synthetic/public data ONLY.

Acceptance

• Vault doc linked from HQ/architecture index
• ainfera-ai/research created (README + preprint skeleton + benchmark harness + CITATION.cff + LICENSE)
• research README cross-links specs + routing
• Confirm no real corpus / judge prompt in the public repo (wall check)

Gate (blocks any Labs output)

Flywheel not turning: routing_outcomes = 6 rows vs 802 inferences (root cause AIN-285 — cron pins vendor slugs → passthrough → 0 labels).
Dependency order: AIN-285 → AIN-290 → AIN-246 → AIN-282 → AIN-288.

This ticket = the frame. Those tickets in order = the fill.

Review in Linear