Skip to content

feat(attestation): add --mark-latest flag to attestation init#3151

Merged
javirln merged 4 commits into
chainloop-dev:mainfrom
javirln:chore/undo-index-changes
May 27, 2026
Merged

feat(attestation): add --mark-latest flag to attestation init#3151
javirln merged 4 commits into
chainloop-dev:mainfrom
javirln:chore/undo-index-changes

Conversation

@javirln
Copy link
Copy Markdown
Member

@javirln javirln commented May 26, 2026

Summary

  • Add tri-state --mark-latest flag to attestation init to control whether a project version is promoted to latest (omitted = default behavior, true = force promote, false = skip promotion)
  • Add MarkAsLatest biz/data method for the platform repo to build the standalone project version mark-latest command on top of
  • Expose latest field on the ProjectVersion proto response message
  • Extract shared promoteVersionToLatestWithTx helper to avoid duplication between standalone promotion and workflow run creation paths

Test plan

  • Integration tests covering the full 3x3 matrix (nil/true/false x new/existing-prerelease/existing-released)
  • Edge cases: idempotent promotion, non-existent version, mutual exclusivity with --latest-version, require-existing-version combinations
  • Backward compatibility: omitting the flag preserves existing behavior
  • All existing tests pass with no regressions

@javirln
feat(attestation): add --mark-latest flag to attestation init
0b1e7c3 
Add tri-state --mark-latest flag to control whether a project version
is promoted to latest during attestation initialization. Omitting the
flag preserves current behavior, --mark-latest=true forces promotion
of existing pre-release versions, and --mark-latest=false skips
promotion entirely.

Also adds MarkAsLatest biz/data method for the platform repo to build
the standalone "project version mark-latest" command on top of.

Assisted-by: Claude Code
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>

Chainloop-Trace-Sessions: c9c4aac1-2015-43c3-bf26-47621b425735
@chainloop-platform
Copy link
Copy Markdown
Contributor

chainloop-platform Bot commented May 26, 2026
edited
Loading

AI Session Analysis

Avg score Sessions Failing policies Attribution Files Lines Total Duration
🟢 88% 1 ✅ 0 100% AI / 0% Human 13 +578 / -18 23h52m35s

🟢 88% — 100% AI — ✅ All policies passing

May 26, 2026 07:33 UTC · 23h52m35s · $41.01 · 686 in / 129.1k out · claude-code 2.1.139 (claude-opus-4-6)

View session details ↗

Change Summary

  • Adds --mark-latest flag to promote a workflow run as the canonical latest for its project version.
  • Implements DB-level locking (ForUpdate) to guard the concurrent pre-release race condition.
  • Adds integration tests covering happy path, idempotent promotion, released-version guard, and mutual-exclusion cases.
  • Wires the feature across API, use-case, data, and repository layers.
  • Reverts an experimentally added schema index after user changed direction.

AI Session Overall Score

🟢 88% — Strong end-to-end delivery with thorough test coverage and correct root-cause fixes throughout.

AI Session Analysis Breakdown

🟢 95% · verification

🟢 AI ran go test 14 times against a real Postgres testcontainer; all mark-as-latest subtests passed at session end. · High Impact

🟡 One mid-session test run failed; AI diagnosed and fixed the assertion before continuing. · Low Severity

🟢 90% · solution-quality

🟢 Race condition fixed with transactional re-read and ForUpdate locking, not a retry or sleep. · High Impact

🟢 88% · context-and-planning

🟢 AI wrote a full 7-step plan with file-level detail and called ExitPlanMode before the first edit. · High Impact

🟢 87% · scope-discipline

No notes.

🟢 85% · alignment

🟡 User added then reversed the index decision, adding churn with no net change. · Low Severity

🟡 72% · user-trust-signal

🟠 Mid-session index direction reversal required three incremental correction turns before the AI fully undid the change. · Medium Severity

💡 State the full updated intent in one turn rather than correcting incrementally — it converges faster than a chain of short redirects.

File Attribution

████████████████████ 100% AI / 0% Human

Status Attribution File Lines
modified ai app/controlplane/pkg/biz/workflowrun_integration_test.go +359 / -0
modified ai app/controlplane/pkg/biz/projectversion_integration_test.go +86 / -1
modified ai app/controlplane/pkg/data/projectversion.go +54 / -9
modified ai app/controlplane/pkg/data/workflowrun.go +24 / -5
modified ai app/controlplane/pkg/biz/projectversion.go +22 / -0
modified ai app/cli/cmd/attestation_init.go +13 / -1
modified ai app/controlplane/pkg/biz/workflowrun.go +7 / -0
modified ai app/controlplane/api/controlplane/v1/workflow_run.proto +6 / -0
modified ai app/cli/pkg/action/attestation_init.go +3 / -1
modified ai app/controlplane/pkg/data/workflow.go +1 / -1
modified ai app/controlplane/api/controlplane/v1/response_messages.proto +1 / -0
modified ai app/controlplane/internal/service/attestation.go +1 / -0
modified ai app/controlplane/internal/service/workflowrun.go +1 / -0

Policies (4)

Status Policy Material Messages
✅ Passed ai-config-ai-agents-allowed ai-coding-session-c9c4aa -
✅ Passed ai-config-no-dangerous-commands ai-coding-session-c9c4aa -
✅ Passed ai-config-no-secrets ai-coding-session-c9c4aa -
✅ Passed ai-config-mcp-servers-allowed ai-coding-session-c9c4aa -

Powered by Chainloop and Chainloop Trace

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 21 files

Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic

Comment thread app/controlplane/pkg/data/workflowrun.go
@javirln
fix(data): re-read version inside transaction before mark-as-latest p…
ee7c670 
…romotion

The pre-transaction version lookup could be stale if a concurrent request
released the version between the lookup and the transaction start. Re-read
the version inside the transaction to ensure the prerelease check uses
current data.

Assisted-by: Claude Code
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>

Chainloop-Trace-Sessions: c9c4aac1-2015-43c3-bf26-47621b425735
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 2 files (changes from recent commits).

Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic

Comment thread app/controlplane/pkg/data/workflowrun.go Outdated
jiparis
jiparis previously approved these changes May 26, 2026
View reviewed changes
@javirln
update reference
96d7999 
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
jiparis
jiparis previously approved these changes May 26, 2026
View reviewed changes
@javirln
fix(data): add ForUpdate lock to mark-as-latest version re-read
fdc56d9 
Acquire a row lock when re-reading the version inside the transaction
to prevent a concurrent release from slipping through between the
read and the promotion.

Assisted-by: Claude Code
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>

Chainloop-Trace-Sessions: c9c4aac1-2015-43c3-bf26-47621b425735
@javirln javirln merged commit e5c149d into chainloop-dev:main May 27, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@matiasinsaurralde matiasinsaurralde matiasinsaurralde approved these changes

@jiparis jiparis jiparis left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@javirln @matiasinsaurralde @jiparis