fix(iac): persist apply state per action

[intel352]

Summary

• persist v2 IaC apply state at each successful mutation boundary via ApplyPlanWithHooks
• make delete-state pruning action-safe and cancellation-resistant across v2 and legacy apply paths
• compensate create/replacement persistence failures while preserving existing resources on update failures
• reject provider-owned replace before mutation when delete-state hooks need engine-owned delete visibility
• keep sensitive-output routing and ProviderID/output identity validation from leaving orphaned cloud resources or partial state

Review notes

• No provider-specific or DigitalOcean-specific logic is added.
• Provider-owned ResourceReplacer remains allowed when no delete-state hook is active; with delete hooks active it aborts before any mutation because callback ordering is not enforceable generically.
• Legacy providers do not expose per-action success evidence, so any ApplyResult.Errors disables inferred delete-state pruning.

Verification

• GOWORK=off go test ./iac/wfctlhelpers ./iac/sensitive ./interfaces ./cmd/wfctl -run 'TestApplyPlanWithHooks|TestDoReplace|TestRoute_|TestApplyWithProvider_|TestApplyWithProviderAndStore_V2|TestInfraApplyPrecomputedPlan|TestApply_V2_LoaderSeamDispatch_EndToEnd|TestApplyWithProviderAndStore_ProtectedReplace_WithAllowReplace_Proceeds|TestPersistResourceWithSecretRouting|TestRequireSecretsProviderForSensitiveOutputs' -count=1
• git diff --check

Antagonistic review

Multiple adversarial review rounds were run. Final targeted review returned SHIP-IT after checking:

• legacy sensitive outputs/no secrets do not partially save state
• replace preflight/delete hooks abort before mutation
• identity validation compensation treats any successful candidate delete as success
• update paths do not compensate by deleting existing resources
• failed/partial legacy delete results do not infer delete success
• no provider-specific branches in touched runtime logic

[Copilot]

Pull request overview

This PR strengthens wfctl’s IaC apply flow by persisting state at per-action mutation boundaries (v2 apply path), making delete-state pruning more cancellation-resistant, and adding compensation logic to avoid orphaned resources or partial state when persistence/routing/validation fails.

Changes:

• Add wfctlhelpers.ApplyPlanWithHooks (+ hook plumbing in replace/default replace) so wfctl can persist state immediately after each successful cloud mutation.
• Update wfctl infra apply to use action-boundary hooks for v2 providers, and add safer delete-state pruning + compensation behavior across v2 and legacy paths.
• Enhance sensitive-output routing to return partially-hydrated results on failure, enabling cleanup/compensation.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
iac/wfctlhelpers/apply.go	Introduces apply hooks, integrates delete/apply callbacks, and guards provider-owned replace when delete hooks are active.
iac/wfctlhelpers/apply_replacer_dispatch_test.go	Extends replace dispatch tests to cover hook-driven replacer restrictions and preflight behavior.
iac/wfctlhelpers/apply_hooks_test.go	Adds tests validating hook ordering, delete-hook semantics, and JIT-output map updates after delete.
iac/sensitive/route.go	Returns partial hydrated map on routing errors to support compensating cleanup of partial writes.
iac/sensitive/route_test.go	Adds coverage for partial-hydration behavior on provider.Set errors.
cmd/wfctl/infra_validation.go	Refactors ProviderID validation to allow validating with an already-resolved driver.
cmd/wfctl/infra_apply.go	Wires v2 apply through ApplyPlanWithHooks, adds action-boundary persistence hooks, delete-state timeout deletion, and enhanced compensation/identity validation.
cmd/wfctl/infra_apply_v2_test.go	Adds extensive v2 apply behavior tests (early persistence, delete cancellation, sensitive routing rollback, identity normalization, update non-compensation).
cmd/wfctl/infra_apply_v2_loader_test.go	Ensures loader-seam v2 apply persists real state to disk (end-to-end).
cmd/wfctl/infra_apply_test.go	Adds legacy-path tests for update non-compensation, delete pruning behavior under partial failure, and cancellation-safe pruning.
cmd/wfctl/infra_apply_sensitive_routing_test.go	Expands compensation coverage when routing/persistence fails (including no-secrets-provider cases).
cmd/wfctl/infra_apply_plan_test.go	Adds precomputed-plan v2 hook persistence + drift-report test and delete-state retention test.
cmd/wfctl/infra_apply_allow_replace_test.go	Updates v2 dispatch seam usage to the new ApplyPlan-with-hooks seam.

[github-actions]

⏱ Benchmark Results

✅ No significant performance regressions detected.

benchstat comparison (baseline → PR)

## benchstat: baseline → PR
baseline-bench.txt:262: parsing iteration count: invalid syntax
baseline-bench.txt:339449: parsing iteration count: invalid syntax
baseline-bench.txt:648456: parsing iteration count: invalid syntax
baseline-bench.txt:948526: parsing iteration count: invalid syntax
baseline-bench.txt:1285289: parsing iteration count: invalid syntax
baseline-bench.txt:1564083: parsing iteration count: invalid syntax
benchmark-results.txt:262: parsing iteration count: invalid syntax
benchmark-results.txt:281927: parsing iteration count: invalid syntax
benchmark-results.txt:611805: parsing iteration count: invalid syntax
benchmark-results.txt:947794: parsing iteration count: invalid syntax
benchmark-results.txt:1255631: parsing iteration count: invalid syntax
benchmark-results.txt:1582857: parsing iteration count: invalid syntax
goos: linux
goarch: amd64
pkg: github.com/GoCodeAlone/workflow/dynamic
cpu: AMD EPYC 9V74 80-Core Processor                
                            │ benchmark-results.txt │
                            │        sec/op         │
InterpreterCreation-4                  6.098m ± 66%
ComponentLoad-4                        3.502m ±  2%
ComponentExecute-4                     1.854µ ±  1%
PoolContention/workers-1-4             1.018µ ±  1%
PoolContention/workers-2-4             1.032µ ±  1%
PoolContention/workers-4-4             1.027µ ±  1%
PoolContention/workers-8-4             1.020µ ±  4%
PoolContention/workers-16-4            1.038µ ±  1%
ComponentLifecycle-4                   3.585m ±  2%
SourceValidation-4                     2.099µ ±  0%
RegistryConcurrent-4                   762.7n ±  3%
LoaderLoadFromString-4                 3.564m ±  2%
geomean                                17.67µ

                            │ benchmark-results.txt │
                            │         B/op          │
InterpreterCreation-4                  2.027Mi ± 0%
ComponentLoad-4                        2.180Mi ± 0%
ComponentExecute-4                     1.203Ki ± 0%
PoolContention/workers-1-4             1.203Ki ± 0%
PoolContention/workers-2-4             1.203Ki ± 0%
PoolContention/workers-4-4             1.203Ki ± 0%
PoolContention/workers-8-4             1.203Ki ± 0%
PoolContention/workers-16-4            1.203Ki ± 0%
ComponentLifecycle-4                   2.183Mi ± 0%
SourceValidation-4                     1.984Ki ± 0%
RegistryConcurrent-4                   1.133Ki ± 0%
LoaderLoadFromString-4                 2.182Mi ± 0%
geomean                                15.25Ki

                            │ benchmark-results.txt │
                            │       allocs/op       │
InterpreterCreation-4                   15.68k ± 0%
ComponentLoad-4                         18.02k ± 0%
ComponentExecute-4                       25.00 ± 0%
PoolContention/workers-1-4               25.00 ± 0%
PoolContention/workers-2-4               25.00 ± 0%
PoolContention/workers-4-4               25.00 ± 0%
PoolContention/workers-8-4               25.00 ± 0%
PoolContention/workers-16-4              25.00 ± 0%
ComponentLifecycle-4                    18.07k ± 0%
SourceValidation-4                       32.00 ± 0%
RegistryConcurrent-4                     2.000 ± 0%
LoaderLoadFromString-4                  18.06k ± 0%
geomean                                  183.3

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                            │ baseline-bench.txt │
                            │       sec/op       │
InterpreterCreation-4              3.325m ± 175%
ComponentLoad-4                    3.511m ±   3%
ComponentExecute-4                 1.878µ ±   1%
PoolContention/workers-1-4         1.218µ ±   3%
PoolContention/workers-2-4         1.185µ ±   3%
PoolContention/workers-4-4         1.184µ ±   2%
PoolContention/workers-8-4         1.210µ ±   2%
PoolContention/workers-16-4        1.196µ ±   2%
ComponentLifecycle-4               3.543m ±  25%
SourceValidation-4                 2.487µ ±   4%
RegistryConcurrent-4               883.4n ±   7%
LoaderLoadFromString-4             3.810m ±  15%
geomean                            18.50µ

                            │ baseline-bench.txt │
                            │        B/op        │
InterpreterCreation-4               2.027Mi ± 0%
ComponentLoad-4                     2.180Mi ± 0%
ComponentExecute-4                  1.203Ki ± 0%
PoolContention/workers-1-4          1.203Ki ± 0%
PoolContention/workers-2-4          1.203Ki ± 0%
PoolContention/workers-4-4          1.203Ki ± 0%
PoolContention/workers-8-4          1.203Ki ± 0%
PoolContention/workers-16-4         1.203Ki ± 0%
ComponentLifecycle-4                2.183Mi ± 0%
SourceValidation-4                  1.984Ki ± 0%
RegistryConcurrent-4                1.133Ki ± 0%
LoaderLoadFromString-4              2.182Mi ± 0%
geomean                             15.25Ki

                            │ baseline-bench.txt │
                            │     allocs/op      │
InterpreterCreation-4                15.68k ± 0%
ComponentLoad-4                      18.02k ± 0%
ComponentExecute-4                    25.00 ± 0%
PoolContention/workers-1-4            25.00 ± 0%
PoolContention/workers-2-4            25.00 ± 0%
PoolContention/workers-4-4            25.00 ± 0%
PoolContention/workers-8-4            25.00 ± 0%
PoolContention/workers-16-4           25.00 ± 0%
ComponentLifecycle-4                 18.07k ± 0%
SourceValidation-4                    32.00 ± 0%
RegistryConcurrent-4                  2.000 ± 0%
LoaderLoadFromString-4               18.06k ± 0%
geomean                               183.3

pkg: github.com/GoCodeAlone/workflow/middleware
cpu: AMD EPYC 9V74 80-Core Processor                
                                  │ benchmark-results.txt │
                                  │        sec/op         │
CircuitBreakerDetection-4                     302.2n ± 2%
CircuitBreakerExecution_Success-4             22.68n ± 2%
CircuitBreakerExecution_Failure-4             71.05n ± 0%
geomean                                       78.68n

                                  │ benchmark-results.txt │
                                  │         B/op          │
CircuitBreakerDetection-4                    144.0 ± 0%
CircuitBreakerExecution_Success-4            0.000 ± 0%
CircuitBreakerExecution_Failure-4            0.000 ± 0%
geomean                                                 ¹
¹ summaries must be >0 to compute geomean

                                  │ benchmark-results.txt │
                                  │       allocs/op       │
CircuitBreakerDetection-4                    1.000 ± 0%
CircuitBreakerExecution_Success-4            0.000 ± 0%
CircuitBreakerExecution_Failure-4            0.000 ± 0%
geomean                                                 ¹
¹ summaries must be >0 to compute geomean

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                  │ baseline-bench.txt │
                                  │       sec/op       │
CircuitBreakerDetection-4                  469.9n ± 1%
CircuitBreakerExecution_Success-4          59.77n ± 0%
CircuitBreakerExecution_Failure-4          64.90n ± 0%
geomean                                    122.2n

                                  │ baseline-bench.txt │
                                  │        B/op        │
CircuitBreakerDetection-4                 144.0 ± 0%
CircuitBreakerExecution_Success-4         0.000 ± 0%
CircuitBreakerExecution_Failure-4         0.000 ± 0%
geomean                                              ¹
¹ summaries must be >0 to compute geomean

                                  │ baseline-bench.txt │
                                  │     allocs/op      │
CircuitBreakerDetection-4                 1.000 ± 0%
CircuitBreakerExecution_Success-4         0.000 ± 0%
CircuitBreakerExecution_Failure-4         0.000 ± 0%
geomean                                              ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/module
cpu: AMD EPYC 9V74 80-Core Processor                
                                 │ benchmark-results.txt │
                                 │        sec/op         │
JQTransform_Simple-4                        823.1n ± 25%
JQTransform_ObjectConstruction-4            1.405µ ±  1%
JQTransform_ArraySelect-4                   3.394µ ±  0%
JQTransform_Complex-4                       41.41µ ±  0%
JQTransform_Throughput-4                    1.705µ ±  1%
SSEPublishDelivery-4                        64.63n ±  1%
geomean                                     1.617µ

                                 │ benchmark-results.txt │
                                 │         B/op          │
JQTransform_Simple-4                      1.273Ki ± 0%
JQTransform_ObjectConstruction-4          1.773Ki ± 0%
JQTransform_ArraySelect-4                 2.625Ki ± 0%
JQTransform_Complex-4                     16.22Ki ± 0%
JQTransform_Throughput-4                  1.984Ki ± 0%
SSEPublishDelivery-4                        0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

                                 │ benchmark-results.txt │
                                 │       allocs/op       │
JQTransform_Simple-4                        10.00 ± 0%
JQTransform_ObjectConstruction-4            15.00 ± 0%
JQTransform_ArraySelect-4                   30.00 ± 0%
JQTransform_Complex-4                       324.0 ± 0%
JQTransform_Throughput-4                    17.00 ± 0%
SSEPublishDelivery-4                        0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                 │ baseline-bench.txt │
                                 │       sec/op       │
JQTransform_Simple-4                     980.6n ± 25%
JQTransform_ObjectConstruction-4         1.521µ ±  2%
JQTransform_ArraySelect-4                3.384µ ±  8%
JQTransform_Complex-4                    36.26µ ±  1%
JQTransform_Throughput-4                 1.901µ ±  6%
SSEPublishDelivery-4                     77.53n ±  1%
geomean                                  1.732µ

                                 │ baseline-bench.txt │
                                 │        B/op        │
JQTransform_Simple-4                   1.273Ki ± 0%
JQTransform_ObjectConstruction-4       1.773Ki ± 0%
JQTransform_ArraySelect-4              2.625Ki ± 0%
JQTransform_Complex-4                  16.22Ki ± 0%
JQTransform_Throughput-4               1.984Ki ± 0%
SSEPublishDelivery-4                     0.000 ± 0%
geomean                                             ¹
¹ summaries must be >0 to compute geomean

                                 │ baseline-bench.txt │
                                 │     allocs/op      │
JQTransform_Simple-4                     10.00 ± 0%
JQTransform_ObjectConstruction-4         15.00 ± 0%
JQTransform_ArraySelect-4                30.00 ± 0%
JQTransform_Complex-4                    324.0 ± 0%
JQTransform_Throughput-4                 17.00 ± 0%
SSEPublishDelivery-4                     0.000 ± 0%
geomean                                             ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/schema
cpu: AMD EPYC 9V74 80-Core Processor                
                                    │ benchmark-results.txt │
                                    │        sec/op         │
SchemaValidation_Simple-4                      1.080µ ±  2%
SchemaValidation_AllFields-4                   1.641µ ± 14%
SchemaValidation_FormatValidation-4            1.582µ ±  2%
SchemaValidation_ManySchemas-4                 1.606µ ±  3%
geomean                                        1.456µ

                                    │ benchmark-results.txt │
                                    │         B/op          │
SchemaValidation_Simple-4                      0.000 ± 0%
SchemaValidation_AllFields-4                   0.000 ± 0%
SchemaValidation_FormatValidation-4            0.000 ± 0%
SchemaValidation_ManySchemas-4                 0.000 ± 0%
geomean                                                   ¹
¹ summaries must be >0 to compute geomean

                                    │ benchmark-results.txt │
                                    │       allocs/op       │
SchemaValidation_Simple-4                      0.000 ± 0%
SchemaValidation_AllFields-4                   0.000 ± 0%
SchemaValidation_FormatValidation-4            0.000 ± 0%
SchemaValidation_ManySchemas-4                 0.000 ± 0%
geomean                                                   ¹
¹ summaries must be >0 to compute geomean

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                    │ baseline-bench.txt │
                                    │       sec/op       │
SchemaValidation_Simple-4                   1.047µ ± 37%
SchemaValidation_AllFields-4                1.549µ ±  5%
SchemaValidation_FormatValidation-4         1.518µ ±  2%
SchemaValidation_ManySchemas-4              1.507µ ±  1%
geomean                                     1.388µ

                                    │ baseline-bench.txt │
                                    │        B/op        │
SchemaValidation_Simple-4                   0.000 ± 0%
SchemaValidation_AllFields-4                0.000 ± 0%
SchemaValidation_FormatValidation-4         0.000 ± 0%
SchemaValidation_ManySchemas-4              0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

                                    │ baseline-bench.txt │
                                    │     allocs/op      │
SchemaValidation_Simple-4                   0.000 ± 0%
SchemaValidation_AllFields-4                0.000 ± 0%
SchemaValidation_FormatValidation-4         0.000 ± 0%
SchemaValidation_ManySchemas-4              0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/store
cpu: AMD EPYC 9V74 80-Core Processor                
                                   │ benchmark-results.txt │
                                   │        sec/op         │
EventStoreAppend_InMemory-4                   1.096µ ± 25%
EventStoreAppend_SQLite-4                     1.076m ±  6%
GetTimeline_InMemory/events-10-4              13.67µ ±  2%
GetTimeline_InMemory/events-50-4              68.22µ ± 14%
GetTimeline_InMemory/events-100-4             119.9µ ±  4%
GetTimeline_InMemory/events-500-4             618.4µ ±  3%
GetTimeline_InMemory/events-1000-4            1.257m ±  2%
GetTimeline_SQLite/events-10-4                89.94µ ±  2%
GetTimeline_SQLite/events-50-4                237.8µ ±  2%
GetTimeline_SQLite/events-100-4               413.0µ ±  1%
GetTimeline_SQLite/events-500-4               1.809m ±  2%
GetTimeline_SQLite/events-1000-4              3.525m ±  3%
geomean                                       205.8µ

                                   │ benchmark-results.txt │
                                   │         B/op          │
EventStoreAppend_InMemory-4                     746.0 ± 9%
EventStoreAppend_SQLite-4                     1.984Ki ± 1%
GetTimeline_InMemory/events-10-4              7.953Ki ± 0%
GetTimeline_InMemory/events-50-4              46.62Ki ± 0%
GetTimeline_InMemory/events-100-4             94.48Ki ± 0%
GetTimeline_InMemory/events-500-4             472.8Ki ± 0%
GetTimeline_InMemory/events-1000-4            944.3Ki ± 0%
GetTimeline_SQLite/events-10-4                16.74Ki ± 0%
GetTimeline_SQLite/events-50-4                87.14Ki ± 0%
GetTimeline_SQLite/events-100-4               175.4Ki ± 0%
GetTimeline_SQLite/events-500-4               846.1Ki ± 0%
GetTimeline_SQLite/events-1000-4              1.639Mi ± 0%
geomean                                       67.02Ki

                                   │ benchmark-results.txt │
                                   │       allocs/op       │
EventStoreAppend_InMemory-4                     7.000 ± 0%
EventStoreAppend_SQLite-4                       53.00 ± 0%
GetTimeline_InMemory/events-10-4                125.0 ± 0%
GetTimeline_InMemory/events-50-4                653.0 ± 0%
GetTimeline_InMemory/events-100-4              1.306k ± 0%
GetTimeline_InMemory/events-500-4              6.514k ± 0%
GetTimeline_InMemory/events-1000-4             13.02k ± 0%
GetTimeline_SQLite/events-10-4                  382.0 ± 0%
GetTimeline_SQLite/events-50-4                 1.852k ± 0%
GetTimeline_SQLite/events-100-4                3.681k ± 0%
GetTimeline_SQLite/events-500-4                18.54k ± 0%
GetTimeline_SQLite/events-1000-4               37.29k ± 0%
geomean                                        1.162k

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                   │ baseline-bench.txt │
                                   │       sec/op       │
EventStoreAppend_InMemory-4                1.185µ ± 23%
EventStoreAppend_SQLite-4                  920.9µ ± 17%
GetTimeline_InMemory/events-10-4           13.80µ ±  2%
GetTimeline_InMemory/events-50-4           81.76µ ± 26%
GetTimeline_InMemory/events-100-4          124.9µ ±  5%
GetTimeline_InMemory/events-500-4          620.4µ ±  6%
GetTimeline_InMemory/events-1000-4         1.343m ±  5%
GetTimeline_SQLite/events-10-4             82.96µ ±  1%
GetTimeline_SQLite/events-50-4             251.2µ ± 15%
GetTimeline_SQLite/events-100-4            453.9µ ±  3%
GetTimeline_SQLite/events-500-4            1.941m ±  2%
GetTimeline_SQLite/events-1000-4           3.719m ±  8%
geomean                                    213.1µ

                                   │ baseline-bench.txt │
                                   │        B/op        │
EventStoreAppend_InMemory-4                 786.0 ± 10%
EventStoreAppend_SQLite-4                 1.984Ki ±  1%
GetTimeline_InMemory/events-10-4          7.953Ki ±  0%
GetTimeline_InMemory/events-50-4          46.62Ki ±  0%
GetTimeline_InMemory/events-100-4         94.48Ki ±  0%
GetTimeline_InMemory/events-500-4         472.8Ki ±  0%
GetTimeline_InMemory/events-1000-4        944.3Ki ±  0%
GetTimeline_SQLite/events-10-4            16.74Ki ±  0%
GetTimeline_SQLite/events-50-4            87.14Ki ±  0%
GetTimeline_SQLite/events-100-4           175.4Ki ±  0%
GetTimeline_SQLite/events-500-4           846.1Ki ±  0%
GetTimeline_SQLite/events-1000-4          1.639Mi ±  0%
geomean                                   67.31Ki

                                   │ baseline-bench.txt │
                                   │     allocs/op      │
EventStoreAppend_InMemory-4                  7.000 ± 0%
EventStoreAppend_SQLite-4                    53.00 ± 0%
GetTimeline_InMemory/events-10-4             125.0 ± 0%
GetTimeline_InMemory/events-50-4             653.0 ± 0%
GetTimeline_InMemory/events-100-4           1.306k ± 0%
GetTimeline_InMemory/events-500-4           6.514k ± 0%
GetTimeline_InMemory/events-1000-4          13.02k ± 0%
GetTimeline_SQLite/events-10-4               382.0 ± 0%
GetTimeline_SQLite/events-50-4              1.852k ± 0%
GetTimeline_SQLite/events-100-4             3.681k ± 0%
GetTimeline_SQLite/events-500-4             18.54k ± 0%
GetTimeline_SQLite/events-1000-4            37.29k ± 0%
geomean                                     1.162k

Benchmarks run with go test -bench=. -benchmem -count=6.
Regressions ≥ 20% are flagged. Results compared via benchstat.

[codecov]

Codecov Report

❌ Patch coverage is 77.12418% with 70 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
cmd/wfctl/infra_apply.go	75.31%	37 Missing and 22 partials ⚠️
iac/wfctlhelpers/apply.go	81.96%	7 Missing and 4 partials ⚠️

📢 Thoughts on this report? Let us know!