Skip to content

feat(backups): per-config opt-out of the retention floor#284

Merged
passcod merged 1 commit into
mainfrom
backups-retention-floor-optout
Jun 26, 2026
Merged

feat(backups): per-config opt-out of the retention floor#284
passcod merged 1 commit into
mainfrom
backups-retention-floor-optout

Conversation

@passcod

@passcod passcod commented Jun 26, 2026

Copy link
Copy Markdown
Member

🤖 The org retention floor (keep_daily 7 / weekly 4 / monthly 6) is right for the common case, but some backups are taken for data processing we're not authorised to keep beyond a few days. This drops the floor as an unconditional rule: it stays the default, but each retention config can opt out.

What changed

  • New allow_below_floor boolean on backup_type_defaults and server_group_backup_schedule (migration, defaults false).
  • When set, the floor is neither validated on write (set_type_default / set_schedule) nor enforced when the policy is resolved for kopia (resolve_policy). The flag travels with the winning retention source through resolution, so a dangerous override or dangerous default exempts only its own type — everything else still gets the floor.
  • Both retention UIs — the canopy-wide defaults editor and the per-(group,type) override editor — gain a 'dangerous' toggle that drops the floor validation and input minimums, with a warning, plus a 'below floor' chip on the summary.

Scope decisions

  • The floor constants stay as the default; the toggle is a per-row opt-out (not a global kill-switch).
  • The kopia layer is unchanged: per-source policies are set from the resolved (possibly un-floored) retention, and the global init baseline stays the strictest-across-types fallback.

Tests: scheduler unit tests for the new resolve path, private-server endpoint tests for accept-below-floor-with-flag on both endpoints, and Playwright coverage for both toggles.

Tag: TAM-6877

@passcod passcod enabled auto-merge June 26, 2026 06:26
@passcod @claude
feat(backups): per-config opt-out of the retention floor
7c6b4d3 
The org retention floor (keep_daily 7 / weekly 4 / monthly 6) is great for
the common case, but some backups are taken for data processing we're not
authorised to keep beyond a few days. Drop the floor as an unconditional rule:
it stays the default, but each retention config can opt out.

Adds an allow_below_floor flag to backup_type_defaults and
server_group_backup_schedule. When set, the floor is neither validated on
write (set_type_default / set_schedule) nor enforced when the policy is
resolved for kopia (resolve_policy). The flag travels with the winning
retention source through resolution, so a dangerous override or dangerous
default exempts its own type; everything else still gets the floor.

Both retention UIs (the canopy-wide defaults editor and the per-(group,type)
override editor) gain a 'dangerous' toggle that drops the floor validation and
input minimums, with a warning, and a 'below floor' chip on the summary.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@passcod passcod force-pushed the backups-retention-floor-optout branch from e5e468c to 7c6b4d3 Compare June 26, 2026 06:51
@passcod passcod added this pull request to the merge queue Jun 26, 2026
Merged via the queue into main with commit 3fb0297 Jun 26, 2026
7 checks passed
@passcod passcod deleted the backups-retention-floor-optout branch June 26, 2026 07:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@passcod