🗃️ db(database): add workspace_id columns to existing tables

[arvinxx]

💻 Change Type

• ✨ feat

🔀 Description of Change

Adds a nullable workspace_id text column to user-owned business tables (agents, sessions, topics, messages, files, tasks, RAG/eval, RBAC, devices, connectors, etc.) so records can later be scoped to a workspace. The workspace tables themselves already landed on canary via #15439 (0105_add_usage_agent_share_workspace).

Also folds in the additive device schema from #15356: the structured working_dirs jsonb column + WorkingDirEntry type (recent_cwds kept, now @deprecated).

Scope is deliberately column-only — the lowest-risk slice of the workspace DB work. FK constraints, btree indexes, and the per-user → workspace-scoped unique-constraint conversions are intentionally deferred to follow-up PRs, because each needs a production-safe execution path Drizzle's migration runner can't express (it wraps everything in one transaction):

Operation	Risk	Why deferred
ADD COLUMN … text (nullable)	🟢 none	metadata-only, ~ms AccessExclusive lock per table, online-safe — this PR
ADD FOREIGN KEY → workspaces	🟡 med	needs two-step NOT VALID + VALIDATE
CREATE INDEX … workspace_id	🟡 low–med	needs CREATE INDEX CONCURRENTLY (can't run in a txn)
convert unique constraints → workspace-scoped partials	🔴 high	needs concurrent build + atomic swap in a low-traffic window

Migration 0106_add_workspace_id_columns is pure ALTER TABLE … ADD COLUMN IF NOT EXISTS (71 statements: 70 workspace_id + 1 working_dirs), idempotent. No application code changes — every column is NULL/[], so existing queries are unaffected.

Scoping decisions for recently-added tables

After rebasing, I audited every table with a user_id but no workspace_id:

• Scoped (user-owned resources, same logic as api_keys / agent_bot_providers): devices, user_connectors, user_connector_tools.
• Left user/device-level: push_tokens — an Expo push token is one per physical app install and receives a person's notifications across all their workspaces; there is no per-workspace token.
• No column needed: agent_shares (no user_id; scoped transitively via agent_id → agents.workspace_id), auth/identity infra (accounts, nextauth_*, oidc_*, two_factor), personal memory (user_memories*), and notifications (user-level by existing design).

🧪 How to Test

• Tested locally
• Added/updated tests
• No tests needed

drizzle-kit generate reports No schema changes, nothing to migrate — schema TS, snapshot, journal, and SQL are fully consistent. Diff vs canary is pure additions (the only deletion is #15356 adding the @deprecated note above recent_cwds).

📝 Additional Information

Planned follow-ups (each its own PR, executed with the safe path above, lower-risk first):

• PR A — workspace_id foreign keys (NOT VALID + VALIDATE)
• PR B — workspace_id btree indexes (CREATE INDEX CONCURRENTLY, serial)
• PR C — unique-constraint conversions to workspace-scoped partials (concurrent build + atomic swap, low-peak window)

Supersedes the column/table half of the WIP in #15414, and the schema layer of #15356 (its model/tRPC/UI consumers in #15353 remain).

🤖 Generated with Claude Code

[sourcery-ai]

Sorry @arvinxx, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
lobehub	Ready	Preview, Comment	Jun 4, 2026 5:14am

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9f8ff9a036

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 70.88%. Comparing base (a3a08c2) to head (9f9a4f1).
⚠️ Report is 8 commits behind head on canary.

Additional details and impacted files

@@             Coverage Diff             @@
##           canary   #15446       +/-   ##
===========================================
- Coverage   89.70%   70.88%   -18.82%     
===========================================
  Files         862     3223     +2361     
  Lines      105731   319681   +213950     
  Branches    10246    29088    +18842     
===========================================
+ Hits        94841   226593   +131752     
- Misses      10714    92912    +82198     
  Partials      176      176               

Flag	Coverage Δ
app	61.58% <0.00%> (?)
database	92.49% <ø> (ø)
packages/agent-runtime	80.48% <ø> (ø)
packages/builtin-tool-lobe-agent	18.52% <ø> (ø)
packages/context-engine	84.17% <ø> (ø)
packages/conversation-flow	91.29% <ø> (ø)
packages/file-loaders	87.89% <ø> (ø)
packages/memory-user-memory	74.99% <ø> (ø)
packages/model-bank	99.99% <ø> (ø)
packages/model-runtime	84.51% <ø> (ø)
packages/prompts	72.49% <ø> (ø)
packages/python-interpreter	92.90% <ø> (ø)
packages/ssrf-safe-fetch	0.00% <ø> (ø)
packages/types	35.36% <ø> (ø)
packages/utils	88.77% <ø> (ø)
packages/web-crawler	88.08% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
Store	68.47% <0.00%> (∅)
Services	54.58% <ø> (∅)
Server	71.89% <ø> (∅)
Libs	57.01% <ø> (∅)
Utils	81.44% <ø> (-18.56%)	⬇️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.