feat: add requireVerificationPassed to EnvironmentProgressionRule

apps/api/openapi/openapi.json

@@ -1007,6 +1007,11 @@
                   "minimum": 0,
                   "type": "number"
                },
+               "requireVerificationPassed": {
+                  "default": false,
+                  "description": "If true, jobs must also have passed verification to count toward the success percentage",
+                  "type": "boolean"
+               },
                "successStatuses": {
                   "items": {
                      "$ref": "#/components/schemas/JobStatus"

apps/api/openapi/schemas/policies.jsonnet

@@ -181,6 +181,12 @@ local openapi = import '../lib/openapi.libsonnet';
         minimum: 0,
         description: 'Maximum age of dependency deployment before blocking progression (prevents stale promotions)',
       },
+
+      requireVerificationPassed: {
+        type: 'boolean',
+        default: false,
+        description: 'If true, jobs must also have passed verification to count toward the success percentage',
+      },
     },
   },
 

apps/api/src/routes/v1/workspaces/policies.ts

@@ -83,6 +83,8 @@ const insertPolicyRules = async (tx: Tx, policyId: string, rules: any[]) => {
         minimumSuccessPercentage:
           rule.environmentProgression.minimumSuccessPercentage,
         successStatuses: rule.environmentProgression.successStatuses,
+        requireVerificationPassed:
+          rule.environmentProgression.requireVerificationPassed ?? false,
       });
 
     if (rule.gradualRollout != null)
@@ -196,6 +198,7 @@ const formatPolicy = (p: PolicyRow) => {
           ...(r.successStatuses != null && {
             successStatuses: r.successStatuses,
           }),
+          requireVerificationPassed: r.requireVerificationPassed,
         },
       }),
     ),

apps/api/src/types/openapi.ts

@@ -1410,6 +1410,11 @@ export interface components {
              * @default 100
              */
             minimumSuccessPercentage: number;
+            /**
+             * @description If true, jobs must also have passed verification to count toward the success percentage
+             * @default false
+             */
+            requireVerificationPassed: boolean;
             successStatuses?: components["schemas"]["JobStatus"][];
         };
         EnvironmentRequestAccepted: {

apps/web/app/api/openapi.ts

@@ -1410,6 +1410,11 @@ export interface components {
              * @default 100
              */
             minimumSuccessPercentage: number;
+            /**
+             * @description If true, jobs must also have passed verification to count toward the success percentage
+             * @default false
+             */
+            requireVerificationPassed: boolean;
             successStatuses?: components["schemas"]["JobStatus"][];
         };
         EnvironmentRequestAccepted: {

apps/workspace-engine/oapi/openapi.json

@@ -621,6 +621,11 @@
                   "minimum": 0,
                   "type": "number"
                },
+               "requireVerificationPassed": {
+                  "default": false,
+                  "description": "If true, jobs must also have passed verification to count toward the success percentage",
+                  "type": "boolean"
+               },
                "successStatuses": {
                   "items": {
                      "$ref": "#/components/schemas/JobStatus"

apps/workspace-engine/oapi/spec/schemas/policy.jsonnet

@@ -163,6 +163,12 @@ local openapi = import '../lib/openapi.libsonnet';
         minimum: 0,
         description: 'Maximum age of dependency deployment before blocking progression (prevents stale promotions)',
       },
+
+      requireVerificationPassed: {
+        type: 'boolean',
+        default: false,
+        description: 'If true, jobs must also have passed verification to count toward the success percentage',
+      },
     },
   },
 

apps/workspace-engine/pkg/db/convert.go

@@ -141,6 +141,7 @@ func ToOapiPolicyWithRules(row ListPoliciesWithRulesByWorkspaceIDRow) *oapi.Poli
 		MinimumSoakTimeMinutes       *int32    `json:"minimumSoakTimeMinutes"`
 		MinimumSuccessPercentage     *float32  `json:"minimumSuccessPercentage"`
 		SuccessStatuses              *[]string `json:"successStatuses"`
+		RequireVerificationPassed    *bool     `json:"requireVerificationPassed"`
 	}
 	var progs []progressionJSON
 	_ = json.Unmarshal(row.EnvironmentProgressionRules, &progs)
@@ -150,6 +151,7 @@ func ToOapiPolicyWithRules(row ListPoliciesWithRulesByWorkspaceIDRow) *oapi.Poli
 			MaximumAgeHours:              pr.MaximumAgeHours,
 			MinimumSoakTimeMinutes:       pr.MinimumSoakTimeMinutes,
 			MinimumSuccessPercentage:     pr.MinimumSuccessPercentage,
+			RequireVerificationPassed:    pr.RequireVerificationPassed,
 		}
 		if pr.SuccessStatuses != nil {
 			statuses := make([]oapi.JobStatus, len(*pr.SuccessStatuses))

apps/workspace-engine/pkg/db/queries/job_verification_metric.sql

@@ -130,6 +130,22 @@ FROM job_verification_metric jvm
 WHERE jvm.job_id = @job_id
 ORDER BY jvm.id;
 
+-- name: ListVerificationMetricsWithMeasurementsByJobIDs :many
+-- Returns verification metrics with their individual measurement statuses for a batch of jobs.
+-- Used to compute verification status in Go via JobVerification.Status().
+SELECT
+  jvm.job_id,
+  jvm.id AS metric_id,
+  jvm.count,
+  jvm.failure_threshold,
+  jvm.success_threshold,
+  mm.status AS measurement_status
+FROM job_verification_metric jvm
+LEFT JOIN job_verification_metric_measurement mm
+  ON mm.job_verification_metric_status_id = jvm.id
+WHERE jvm.job_id = ANY(@job_ids::uuid[])
+ORDER BY jvm.job_id, jvm.id, mm.measured_at ASC;
+
 -- name: GetJobDispatchContext :one
 SELECT j.dispatch_context
 FROM job j

apps/workspace-engine/pkg/db/queries/policies.sql

@@ -30,7 +30,7 @@ SELECT
   COALESCE((SELECT json_agg(json_build_object('id', r.id, 'minApprovals', r.min_approvals)) FROM policy_rule_any_approval r WHERE r.policy_id = p.id), '[]'::json) AS approval_rules,
   COALESCE((SELECT json_agg(json_build_object('id', r.id, 'allowWindow', r.allow_window, 'durationMinutes', r.duration_minutes, 'rrule', r.rrule, 'timezone', r.timezone)) FROM policy_rule_deployment_window r WHERE r.policy_id = p.id), '[]'::json) AS deployment_window_rules,
   COALESCE((SELECT json_agg(json_build_object('id', r.id, 'dependsOn', r.depends_on)) FROM policy_rule_deployment_dependency r WHERE r.policy_id = p.id), '[]'::json) AS deployment_dependency_rules,
-  COALESCE((SELECT json_agg(json_build_object('id', r.id, 'dependsOnEnvironmentSelector', r.depends_on_environment_selector, 'maximumAgeHours', r.maximum_age_hours, 'minimumSoakTimeMinutes', r.minimum_soak_time_minutes, 'minimumSuccessPercentage', r.minimum_success_percentage, 'successStatuses', r.success_statuses)) FROM policy_rule_environment_progression r WHERE r.policy_id = p.id), '[]'::json) AS environment_progression_rules,
+  COALESCE((SELECT json_agg(json_build_object('id', r.id, 'dependsOnEnvironmentSelector', r.depends_on_environment_selector, 'maximumAgeHours', r.maximum_age_hours, 'minimumSoakTimeMinutes', r.minimum_soak_time_minutes, 'minimumSuccessPercentage', r.minimum_success_percentage, 'successStatuses', r.success_statuses, 'requireVerificationPassed', r.require_verification_passed)) FROM policy_rule_environment_progression r WHERE r.policy_id = p.id), '[]'::json) AS environment_progression_rules,
   COALESCE((SELECT json_agg(json_build_object('id', r.id, 'rolloutType', r.rollout_type, 'timeScaleInterval', r.time_scale_interval)) FROM policy_rule_gradual_rollout r WHERE r.policy_id = p.id), '[]'::json) AS gradual_rollout_rules,
   COALESCE((SELECT json_agg(json_build_object('id', r.id, 'intervalSeconds', r.interval_seconds)) FROM policy_rule_version_cooldown r WHERE r.policy_id = p.id), '[]'::json) AS version_cooldown_rules,
   COALESCE((SELECT json_agg(json_build_object('id', r.id, 'description', r.description, 'selector', r.selector)) FROM policy_rule_version_selector r WHERE r.policy_id = p.id), '[]'::json) AS version_selector_rules
@@ -99,21 +99,24 @@ DELETE FROM policy_rule_deployment_window WHERE policy_id = $1;
 
 -- name: ListEnvironmentProgressionRulesByPolicyID :many
 SELECT id, policy_id, depends_on_environment_selector, maximum_age_hours,
-       minimum_soak_time_minutes, minimum_success_percentage, success_statuses, created_at
+       minimum_soak_time_minutes, minimum_success_percentage, success_statuses,
+       require_verification_passed, created_at
 FROM policy_rule_environment_progression
 WHERE policy_id = $1;
 
 -- name: UpsertEnvironmentProgressionRule :exec
 INSERT INTO policy_rule_environment_progression (
     id, policy_id, depends_on_environment_selector, maximum_age_hours,
-    minimum_soak_time_minutes, minimum_success_percentage, success_statuses, created_at
-) VALUES ($1, $2, $3, $4, $5, $6, $7, COALESCE(sqlc.narg('created_at')::timestamptz, NOW()))
+    minimum_soak_time_minutes, minimum_success_percentage, success_statuses,
+    require_verification_passed, created_at
+) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, COALESCE(sqlc.narg('created_at')::timestamptz, NOW()))
 ON CONFLICT (id) DO UPDATE
 SET depends_on_environment_selector = EXCLUDED.depends_on_environment_selector,
     maximum_age_hours = EXCLUDED.maximum_age_hours,
     minimum_soak_time_minutes = EXCLUDED.minimum_soak_time_minutes,
     minimum_success_percentage = EXCLUDED.minimum_success_percentage,
-    success_statuses = EXCLUDED.success_statuses;
+    success_statuses = EXCLUDED.success_statuses,
+    require_verification_passed = EXCLUDED.require_verification_passed;
 
 -- name: DeleteEnvironmentProgressionRulesByPolicyID :exec
 DELETE FROM policy_rule_environment_progression WHERE policy_id = $1;

apps/workspace-engine/pkg/db/queries/schema.sql

@@ -178,6 +178,7 @@ CREATE TABLE policy_rule_environment_progression (
     minimum_soak_time_minutes INTEGER,
     minimum_success_percentage REAL,
     success_statuses TEXT[],
+    require_verification_passed BOOLEAN NOT NULL DEFAULT FALSE,
     created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
 );
 

apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/environmentprogression/environmentprogression.go

@@ -304,7 +304,16 @@ func (e *EnvironmentProgressionEvaluator) evaluateJobSuccessCriteria(
 	ctx, span := tracer.Start(ctx, "EnvironmentProgressionEvaluator.evaluateJobSuccessCriteria")
 	defer span.End()
 
-	tracker := NewReleaseTargetJobTracker(ctx, e.getters, environment, version, successStatuses)
+	requireVerificationPassed := e.rule.RequireVerificationPassed != nil &&
+		*e.rule.RequireVerificationPassed
+	tracker := NewReleaseTargetJobTracker(
+		ctx,
+		e.getters,
+		environment,
+		version,
+		successStatuses,
+		requireVerificationPassed,
+	)
 	if len(tracker.ReleaseTargets) == 0 {
 		return results.NewAllowedResult("No release targets in dependency environment, defaulting to allowed").
 			WithSatisfiedAt(version.CreatedAt)