Merge branch 'claude/add-protection-lease-J8jl0' into 'master'

feat: add protection lease concept for time-limited clone protection

Closes #669

See merge request postgres-ai/database-lab!1088

Author: agneum

engine/api/swagger-spec/dblab_openapi.yaml

@@ -1516,6 +1516,16 @@ components:
           type: array
           items:
             $ref: '#/components/schemas/Clone'
+        protectionLeaseDurationMinutes:
+          type: integer
+          format: int64
+          minimum: 0
+          description: Default protection lease duration in minutes
+        protectionMaxDurationMinutes:
+          type: integer
+          format: int64
+          minimum: 0
+          description: Maximum allowed protection duration in minutes
     Retrieving:
       type: object
       properties:
@@ -1631,6 +1641,10 @@ components:
         protected:
           type: boolean
           default: false
+        protectedTill:
+          type: string
+          format: date-time
+          description: Time when the protection lease expires
         deleteAt:
           type: string
           format: date-time
@@ -1658,6 +1672,16 @@ components:
         maxIdleMinutes:
           type: integer
           format: int64
+        protectionLeaseDurationMinutes:
+          type: integer
+          format: int64
+          minimum: 0
+          description: Protection lease duration in minutes
+        protectionMaxDurationMinutes:
+          type: integer
+          format: int64
+          minimum: 0
+          description: Maximum allowed protection duration in minutes
     CreateClone:
       type: object
       properties:
@@ -1673,6 +1697,11 @@ components:
         protected:
           type: boolean
           default:
+        protectionDurationMinutes:
+          type: integer
+          format: int64
+          minimum: 0
+          description: Protection duration in minutes. 0 means forever, omit for default duration.
         db:
           type: object
           properties:
@@ -1703,6 +1732,11 @@ components:
         protected:
           type: boolean
           default: false
+        protectionDurationMinutes:
+          type: integer
+          format: int64
+          minimum: 0
+          description: Protection duration in minutes. 0 means forever, omit for default duration.
     StartObservationRequest:
       type: object
       properties:

engine/api/swagger-spec/dblab_server_swagger.yaml

@@ -947,6 +947,16 @@ components:
           type: "array"
           items:
             $ref: "#/components/schemas/Clone"
+        protectionLeaseDurationMinutes:
+          type: "integer"
+          format: "int64"
+          minimum: 0
+          description: "Default protection lease duration in minutes"
+        protectionMaxDurationMinutes:
+          type: "integer"
+          format: "int64"
+          minimum: 0
+          description: "Maximum allowed protection duration in minutes"
 
     Retrieving:
       type: "object"
@@ -1065,6 +1075,10 @@ components:
         protected:
           type: "boolean"
           default: false
+        protectedTill:
+          type: "string"
+          format: "date-time"
+          description: "Time when the protection lease expires"
         deleteAt:
           type: "string"
           format: "date-time"
@@ -1093,6 +1107,16 @@ components:
         maxIdleMinutes:
           type: "integer"
           format: "int64"
+        protectionLeaseDurationMinutes:
+          type: "integer"
+          format: "int64"
+          minimum: 0
+          description: "Protection lease duration in minutes"
+        protectionMaxDurationMinutes:
+          type: "integer"
+          format: "int64"
+          minimum: 0
+          description: "Maximum allowed protection duration in minutes"
 
     CreateClone:
       type: "object"
@@ -1107,6 +1131,11 @@ components:
         protected:
           type: "boolean"
           default: false
+        protectionDurationMinutes:
+          type: "integer"
+          format: "int64"
+          minimum: 0
+          description: "Protection duration in minutes. 0 means forever, omit for default duration."
         db:
           type: "object"
           properties:
@@ -1136,6 +1165,11 @@ components:
         protected:
           type: "boolean"
           default: false
+        protectionDurationMinutes:
+          type: "integer"
+          format: "int64"
+          minimum: 0
+          description: "Protection duration in minutes. 0 means forever, omit for default duration."
 
     StartObservationRequest:
       type: "object"

engine/cmd/cli/commands/clone/actions.go

@@ -12,6 +12,7 @@ import (
 	"net/url"
 	"os"
 	"path"
+	"strconv"
 	"strings"
 	"sync"
 
@@ -25,6 +26,33 @@ import (
 	"gitlab.com/postgres-ai/database-lab/v3/pkg/models"
 )
 
+// parseProtectedFlag parses the --protected flag value.
+// Returns (isProtected, durationMinutes, error).
+// durationMinutes is nil if default duration should be used.
+func parseProtectedFlag(cliCtx *cli.Context) (bool, *uint, error) {
+	if !cliCtx.IsSet("protected") {
+		return false, nil, nil
+	}
+
+	value := cliCtx.String("protected")
+
+	switch strings.ToLower(value) {
+	case "", "true":
+		return true, nil, nil
+	case "false":
+		return false, nil, nil
+	default:
+		duration, err := strconv.ParseUint(value, 10, 32)
+		if err != nil {
+			return false, nil, errors.Errorf("invalid --protected value: %q (use 'true', 'false', or minutes)", value)
+		}
+
+		d := uint(duration)
+
+		return true, &d, nil
+	}
+}
+
 // list runs a request to list clones of an instance.
 func list(cliCtx *cli.Context) error {
 	dblabClient, err := commands.ClientByCLIContext(cliCtx)
@@ -96,9 +124,15 @@ func create(cliCtx *cli.Context) error {
 		return err
 	}
 
+	isProtected, protectionDuration, err := parseProtectedFlag(cliCtx)
+	if err != nil {
+		return err
+	}
+
 	cloneRequest := types.CloneCreateRequest{
-		ID:        cliCtx.String("id"),
-		Protected: cliCtx.Bool("protected"),
+		ID:                        cliCtx.String("id"),
+		Protected:                 isProtected,
+		ProtectionDurationMinutes: protectionDuration,
 		DB: &types.DatabaseRequest{
 			Username:   cliCtx.String("username"),
 			Password:   cliCtx.String("password"),
@@ -184,8 +218,14 @@ func update(cliCtx *cli.Context) error {
 		return err
 	}
 
+	isProtected, protectionDuration, err := parseProtectedFlag(cliCtx)
+	if err != nil {
+		return err
+	}
+
 	updateRequest := types.CloneUpdateRequest{
-		Protected: cliCtx.Bool("protected"),
+		Protected:                 isProtected,
+		ProtectionDurationMinutes: protectionDuration,
 	}
 
 	cloneID := cliCtx.Args().First()

engine/cmd/cli/commands/clone/command_list.go

@@ -68,9 +68,9 @@ func CommandList() []*cli.Command {
 						Name:  "branch",
 						Usage: "branch name (optional)",
 					},
-					&cli.BoolFlag{
+					&cli.StringFlag{
 						Name:    "protected",
-						Usage:   "mark instance as protected from deletion",
+						Usage:   "enable deletion protection: 'true' for default duration, minutes for custom, 0=forever",
 						Aliases: []string{"p"},
 					},
 					&cli.BoolFlag{
@@ -91,9 +91,9 @@ func CommandList() []*cli.Command {
 				Before:    checkCloneIDBefore,
 				Action:    update,
 				Flags: []cli.Flag{
-					&cli.BoolFlag{
+					&cli.StringFlag{
 						Name:    "protected",
-						Usage:   "mark instance as protected from deletion",
+						Usage:   "deletion protection: 'true' for default, minutes for custom, 0=forever, 'false' to disable",
 						Aliases: []string{"p"},
 					},
 				},

engine/configs/config.example.logical_generic.yml

@@ -146,6 +146,9 @@ retrieval:  # Data retrieval: initial sync and ongoing updates. Two methods:
 cloning:
   accessHost: "localhost" # Host that will be specified in database connection info for all clones (only used to inform users)
   maxIdleMinutes: 120 # Automatically delete clones after the specified minutes of inactivity; 0 - disable automatic deletion
+  protectionLeaseDurationMinutes: 1440 # Default protection duration in minutes (default: 1 day); 0 - infinite protection
+  protectionMaxDurationMinutes: 10080 # Maximum allowed protection duration in minutes (default: 7 days); 0 - no limit
+  protectionExpiryWarningMinutes: 1440 # Send warning webhook N minutes before expiry (default: 24 hours)
 
 diagnostic:
   logsRetentionDays: 7 # How many days to keep logs

engine/configs/config.example.logical_rds_iam.yml

@@ -146,6 +146,9 @@ retrieval:  # Data retrieval: initial sync and ongoing updates. Two methods:
 cloning:
   accessHost: "localhost" # Host that will be specified in database connection info for all clones (only used to inform users)
   maxIdleMinutes: 120 # Automatically delete clones after the specified minutes of inactivity; 0 - disable automatic deletion
+  protectionLeaseDurationMinutes: 1440 # Default protection duration in minutes (default: 1 day); 0 - infinite protection
+  protectionMaxDurationMinutes: 10080 # Maximum allowed protection duration in minutes (default: 7 days); 0 - no limit
+  protectionExpiryWarningMinutes: 1440 # Send warning webhook N minutes before expiry (default: 24 hours)
 
 diagnostic:
   logsRetentionDays: 7 # How many days to keep logs

engine/configs/config.example.physical_generic.yml

@@ -114,6 +114,9 @@ retrieval:  # Data retrieval: initial sync and ongoing updates. Two methods:
 cloning:
   accessHost: "localhost" # Host that will be specified in database connection info for all clones (only used to inform users)
   maxIdleMinutes: 120 # Automatically delete clones after the specified minutes of inactivity; 0 - disable automatic deletion
+  protectionLeaseDurationMinutes: 1440 # Default protection duration in minutes (default: 1 day); 0 - infinite protection
+  protectionMaxDurationMinutes: 10080 # Maximum allowed protection duration in minutes (default: 7 days); 0 - no limit
+  protectionExpiryWarningMinutes: 1440 # Send warning webhook N minutes before expiry (default: 24 hours)
 
 diagnostic:
   logsRetentionDays: 7 # How many days to keep logs

engine/configs/config.example.physical_pgbackrest.yml

@@ -144,6 +144,9 @@ retrieval:  # Data retrieval: initial sync and ongoing updates. Two methods:
 cloning:
   accessHost: "localhost" # Host that will be specified in database connection info for all clones (only used to inform users)
   maxIdleMinutes: 120 # Automatically delete clones after the specified minutes of inactivity; 0 - disable automatic deletion
+  protectionLeaseDurationMinutes: 1440 # Default protection duration in minutes (default: 1 day); 0 - infinite protection
+  protectionMaxDurationMinutes: 10080 # Maximum allowed protection duration in minutes (default: 7 days); 0 - no limit
+  protectionExpiryWarningMinutes: 1440 # Send warning webhook N minutes before expiry (default: 24 hours)
 
 diagnostic:
   logsRetentionDays: 7 # How many days to keep logs

engine/configs/config.example.physical_walg.yml

@@ -117,6 +117,9 @@ retrieval:  # Data retrieval: initial sync and ongoing updates. Two methods:
 cloning:
   accessHost: "localhost" # Host that will be specified in database connection info for all clones (only used to inform users)
   maxIdleMinutes: 120 # Automatically delete clones after the specified minutes of inactivity; 0 - disable automatic deletion
+  protectionLeaseDurationMinutes: 1440 # Default protection duration in minutes (default: 1 day); 0 - infinite protection
+  protectionMaxDurationMinutes: 10080 # Maximum allowed protection duration in minutes (default: 7 days); 0 - no limit
+  protectionExpiryWarningMinutes: 1440 # Send warning webhook N minutes before expiry (default: 24 hours)
 
 diagnostic:
   logsRetentionDays: 7 # How many days to keep logs