[LFXV2-2254] feat(lfx_one/scripts): add rename-project-slug Go migration script

[andrest50]

Summary

• Adds a reusable standalone Go script at lfx_one/scripts/rename-project-slug/ that renames a project slug across both LFX V2 data stores in one command, dry-run by default
• OpenSearch: dry-run audits the match count; apply runs the painless _update_by_query from LFXV2-2254 (rewrites data.project_slug, data.slug, tags, fulltext, name_and_aliases)
• NATS KV: scans committee-members, committees, committee-settings, projects, and project-settings buckets with per-bucket slug field mapping, skipping index keys, with optimistic-lock retry
• Includes pre-built binaries for darwin/arm64, darwin/amd64, and linux/amd64 so the script can be run without a Go toolchain

Ticket

LFXV2-2254

[coderabbitai]

Warning

Review limit reached

@andrest50, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 13 minutes and 30 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8dcc9684-722f-4e50-8030-cba9ac5814ff

📥 Commits

Reviewing files that changed from the base of the PR and between 39f9f13 and 225da11.

📒 Files selected for processing (4)

• lfx_one/scripts/rename-project-slug/bin/rename-project-slug-darwin-amd64
• lfx_one/scripts/rename-project-slug/bin/rename-project-slug-darwin-arm64
• lfx_one/scripts/rename-project-slug/bin/rename-project-slug-linux-amd64
• lfx_one/scripts/rename-project-slug/main.go

Walkthrough

Adds a new standalone Go CLI script rename-project-slug under lfx_one/scripts/ that renames a project slug across two LFX V2 data stores: OpenSearch (via update_by_query with an embedded Painless script) and NATS JetStream KV (concurrent per-bucket field rewrites with optimistic-lock retries). Includes unit tests, README, module manifest, and a .gitignore update.

Changes

rename-project-slug CLI tool

Layer / File(s)	Summary
Module manifest, CLI flags, and entrypoint lfx_one/scripts/rename-project-slug/go.mod, .gitignore, lfx_one/scripts/rename-project-slug/main.go	Defines the Go module with Go 1.25.0 toolchain and all direct/indirect dependencies. Registers CLI flags (--target, --dry-run, --debug, endpoint URLs, --buckets, --concurrency, --old-slug, --new-slug). Implements main() and run() to extract slug inputs from positional arguments or flag arguments, validate non-empty/different slugs and concurrency minimum, check --target value, and branch into runOpenSearch, runNATS, or both. Updates .gitignore to exclude lfx_one/scripts/*/bin/*.test binaries.
OpenSearch audit and update_by_query lfx_one/scripts/rename-project-slug/main.go	Implements OpenSearch slug migration: buildOSQuery constructs a bool/should query matching slug occurrences across multiple fields (data.project_slug, data.slug, tags, object_ref, parent_refs) in the resources index. In dry-run mode, osAudit issues a Search with track_total_hits to preview matched record count. In apply mode, osUpdateByQuery executes an embedded Painless script that rewrites slug values across data, tags, object_ref, parent_refs, fulltext, and name_and_aliases; uses ctx.op='noop' when no changes occur; handles conflicts with proceed strategy; and reports metrics (total examined, updated, noops, version_conflicts).
NATS JetStream KV concurrent migration lfx_one/scripts/rename-project-slug/main.go	Implements NATS KV slug migration: runNATS connects to NATS, creates JetStream context, and iterates configured KV buckets. migrateBucket opens each bucket, lists candidate keys (excluding lookup/ and slug/ prefixes), and dispatches concurrent workers via errgroup with per-bucket concurrency limit. processKVRecord unmarshals JSON entries, detects slug-field matches via bucketFieldsFor mapping (defaulting to project_slug), returns errSlugMismatch sentinel for skip tracking. In apply mode performs up to 3 optimistic-lock update retries: re-fetches the entry revision, aborts as mismatch if slug no longer matches oldSlug, updates only matching slug fields to newSlug, and refreshes updated_at when present. Aggregates per-bucket and grand totals, prints audit-vs-update summary, and fails on bucket-level errors or non-mismatch record failures.
Helper utilities and unit tests lfx_one/scripts/rename-project-slug/main.go, lfx_one/scripts/rename-project-slug/main_test.go	Adds utilities: bucketFieldsFor maps bucket names to slug-field lists with ["project_slug"] fallback, jsonBody marshals request payloads, parseBuckets splits and trims comma-separated bucket names, redactNATSURL removes credentials for safe logging, and getEnvOrDefault provides environment variable defaults. Unit test suite covers bucketFieldsFor with known and unknown bucket mappings (table-driven), parseBuckets CSV normalization, buildOSQuery bool/should structure validation, and includes a minimal generic assertEqual helper for slice equality without external dependencies.
README with usage and field mappings lfx_one/scripts/rename-project-slug/README.md	Comprehensive documentation covering prerequisites, Go 1.25+ build and pre-built binary setup, CLI arguments and flags, per-store configuration (OpenSearch base URL; NATS URL, bucket list, concurrency), audit vs apply usage examples with port-forward workflow, OpenSearch field pattern rewrites with noop and conflict handling, per-bucket NATS field mappings with skipped key prefixes and optimistic-lock retry semantics, and test invocation command.

Sequence Diagram(s)

sequenceDiagram
  participant Operator
  participant CLI as rename-project-slug CLI
  participant OS as OpenSearch resources index
  participant NATS as NATS JetStream KV

  Operator->>CLI: run --old-slug foo --new-slug bar --target both

  rect rgba(59, 130, 246, 0.5)
    note over CLI,OS: OpenSearch path
    CLI->>OS: POST _search (bool/should query, track_total_hits)
    OS-->>CLI: total matching hits
    alt apply mode
      CLI->>OS: POST _update_by_query (Painless script rewrite)
      OS-->>CLI: updated / noops / version_conflicts
    end
  end

  rect rgba(34, 197, 94, 0.5)
    note over CLI,NATS: NATS JetStream KV path
    CLI->>NATS: Connect + JetStream context
    loop each configured bucket
      loop concurrent workers per bucket
        CLI->>NATS: Keys() → candidate keys (exclude lookup/, slug/)
        CLI->>NATS: Get(key) → JSON + revision
        alt slug field matches
          CLI->>NATS: Update(key, rewritten JSON, revision)
          NATS-->>CLI: success or conflict
          note over CLI,NATS: retry up to 3x on conflict, abort if slug changed
        else no match
          note over CLI: skip (errSlugMismatch)
        end
      end
    end
  end

  CLI-->>Operator: totals (updated / skipped / failed)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 26.09% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a Go migration script for renaming project slugs in the LFX_one/scripts directory, with the ticket reference and feature indicator.
Description check	✅ Passed	The description is directly related to the changeset, detailing the purpose of the new script, its functionality across OpenSearch and NATS KV data stores, and inclusion of pre-built binaries.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/LFXV2-2254-rename-project-slug-script

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds a standalone rename-project-slug Go migration script under lfx_one/scripts/rename-project-slug/ to rename a project slug across OpenSearch (resources index) and NATS JetStream KV buckets, with dry-run behavior by default and bundled pre-built binaries.

Changes:

• Introduces a Go CLI (with tests) that can audit/apply slug rewrites in OpenSearch and NATS KV with configurable targeting and concurrency.
• Adds module metadata (go.mod/go.sum) and ships pre-built binaries for common OS/arch targets.
• Updates repo .gitignore to ignore Go test binaries generated under lfx_one/scripts/*/bin/.

Reviewed changes

Copilot reviewed 4 out of 9 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
lfx_one/scripts/rename-project-slug/README.md	Documents script purpose/usage and migration behavior (needs a couple doc alignment fixes).
lfx_one/scripts/rename-project-slug/main.go	Implements OpenSearch _update_by_query and NATS KV scanning/updating logic (found a few correctness/security/UX issues).
lfx_one/scripts/rename-project-slug/main_test.go	Adds basic unit tests for argument parsing, bucket field mapping, and query construction.
lfx_one/scripts/rename-project-slug/go.mod	Defines the standalone module and dependencies (currently has an invalid go directive format).
lfx_one/scripts/rename-project-slug/go.sum	Locks dependency checksums for the standalone module.
.gitignore	Ignores per-script bin/*.test artifacts.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[andrest50]

Review Feedback Addressed

Commit: 69ebe91

Changes Made

• main.go: reject mixed positional + flag slug args to prevent accidental runs (per copilot-pull-request-reviewer)
• main.go: redact credentials from nc.ConnectedUrl() before logging, using the existing redactNATSURL helper (per copilot-pull-request-reviewer)
• main.go: downgrade per-record match log from Info to Debug; progress summaries every 1000 records remain at Info (per copilot-pull-request-reviewer)
• README.md: fix --concurrency default from 10 to 50 to match the code (per copilot-pull-request-reviewer)
• README.md: add "Running the pre-built binary" section documenting all three platform binaries (per copilot-pull-request-reviewer)

No Change Needed

• go.mod (3 threads): The BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang expression is standard for golang.org/x/* packages — it is BSD-3-Clause with Google's explicit patent grant. Not a restrictive license. The repo license policy may need to allowlist this expression for Go module dependencies (flagged by github-license-compliance).

Threads Resolved

8 of 8 unresolved threads addressed in this iteration.

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@lfx_one/scripts/rename-project-slug/main.go`:
- Around line 365-371: The bucket migration failure handling in the loop
iterating through buckets (where migrateBucket is called) logs errors but
continues without tracking that a failure occurred, allowing the command to
return success despite incomplete migrations. Add a flag or error variable to
track whether any bucket migration has failed during the loop, and then check
this flag after the loop completes to ensure the overall command returns an
error if any bucket-level migration failure was encountered. This prevents
reporting success when cross-store rename operations are incomplete.
- Around line 196-202: The query in the should array includes search conditions
for object_ref and parent_refs fields containing the old slug pattern, but the
script does not include corresponding update operations to rewrite these fields.
Locate the update script logic (around lines 256-284) where other fields are
being rewritten and add update operations for both object_ref and parent_refs
fields that replace the old slug pattern (project: + oldSlug) with the new slug
pattern (project: + newSlug) to ensure these field references are properly
updated when the slug is renamed.
- Around line 105-113: The partitionArgs function currently only separates
tokens starting with "-" into the flags slice, but does not handle the values
that follow flag tokens. When a flag like "--target" is encountered, its
following value argument (like "nats") remains in the positional slice, causing
parsing failures. Modify the partitionArgs function to check if a flag argument
is followed by a value argument (one that does not start with "-"), and if so,
add both the flag and its value to the flags slice together. This ensures that
flag-value pairs are kept together in the flags slice and not split across
positional and flags slices.

In `@lfx_one/scripts/rename-project-slug/README.md`:
- Line 64: The README documentation table for the `--concurrency` parameter
shows an incorrect default value of `10`, while the actual default defined in
main.go is `50`. Update the documentation table entry for the `--concurrency`
parameter to change the default value from `10` to `50` to match the actual
implementation and ensure consistency between the documentation and the code.
- Around line 1-149: The README.md file contains 23 markdownlint MD060
validation errors caused by misaligned pipes and inconsistent spacing in
multiple Markdown tables throughout the document. Fix all tables in the file
including the "Required arguments" table, "Flags" table, "OpenSearch flags"
table, "NATS flags" table, and "NATS KV bucket mapping" table by ensuring pipes
are properly aligned vertically and have consistent spacing (one space on each
side of the pipe delimiter) in all rows and headers. Ensure every table follows
proper Markdown table formatting standards to resolve all validation errors.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fe8b8c87-a3f9-4f5c-b663-1d173a018c8b

📥 Commits

Reviewing files that changed from the base of the PR and between 1d98cd1 and 95593b6.

⛔ Files ignored due to path filters (1)

• lfx_one/scripts/rename-project-slug/go.sum is excluded by !**/*.sum

📒 Files selected for processing (8)

• .gitignore
• lfx_one/scripts/rename-project-slug/README.md
• lfx_one/scripts/rename-project-slug/bin/rename-project-slug-darwin-amd64
• lfx_one/scripts/rename-project-slug/bin/rename-project-slug-darwin-arm64
• lfx_one/scripts/rename-project-slug/bin/rename-project-slug-linux-amd64
• lfx_one/scripts/rename-project-slug/go.mod
• lfx_one/scripts/rename-project-slug/main.go
• lfx_one/scripts/rename-project-slug/main_test.go

[andrest50]

Review Feedback Addressed (iteration 2)

Commit: f603bcf

Changes Made

• main.go (painless script): added object_ref and parent_refs rewrites — these fields were matched by the query but never rewritten, leaving stale slug references after a run (per coderabbitai)
• main.go (runNATS): bucket-level failures now increment a bucketErrors counter and cause the command to exit with an error after all buckets are attempted — previously a failed bucket was silently skipped, allowing a false-success exit (per coderabbitai)

No Change Needed

• README.md (MD060 markdownlint errors): The project uses markdownlint configured via .markdownlint.json (line length 120, tables exempt). Running it from the repo root passes cleanly. MD060 is a markdownlint-cli2-specific rule not present in this repo's toolchain (flagged by coderabbitai).

Threads Resolved

3 of 3 unresolved threads addressed in this iteration.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 9 changed files in this pull request and generated 6 comments.

[andrest50]

Review Feedback Addressed

Commit: 39f9f13

Changes Made

• main.go: replaced partitionArgs with flag.Parse() + flag.Args() — space-separated flag forms (--target opensearch, --nats-url nats://...) now parse correctly (per copilot-pull-request-reviewer)
• main.go: run() now returns an error when more than 2 positional arguments are provided, preventing silent discard of extra args (per copilot-pull-request-reviewer)
• main.go: dry-run grand total summary now prints "NATS KV Audit (dry-run, no writes)" header and "Would update:" label instead of "Updated:" (per copilot-pull-request-reviewer)
• main.go: per-bucket summary also uses "Would update:" in dry-run mode (per copilot-pull-request-reviewer)
• main.go: runNATS now checks errors.Is(err, jetstream.ErrBucketNotFound) — missing buckets are logged at WARN level and skipped; other bucket errors remain at ERROR level, matching the README (per copilot-pull-request-reviewer)
• main_test.go: removed TestPartitionArgs_* tests (function removed)
• README.md: updated Go requirement from "1.24+" to "1.25+" to match the go.mod directive (go mod tidy with the local Go 1.25 toolchain keeps the directive at 1.25.0)
• bin/: rebuilt all three platform binaries

Threads Resolved

6 of 6 unresolved threads addressed in this iteration.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 9 changed files in this pull request and generated 4 comments.

[andrest50]

Review Feedback Addressed

Commit: 225da11

Changes Made

• main.go: added redactURL() helper; runOpenSearch now logs redactURL(*opensearchURL) instead of the raw value; redactNATSURL delegates to it to avoid duplication (per copilot-pull-request-reviewer)
• main.go: ErrBucketNotFound no longer increments bucketErrors — missing buckets warn-and-continue without contributing to the non-zero exit condition (per copilot-pull-request-reviewer)
• main.go: added defer keys.Stop() on the KeyLister so the underlying watcher is always cleaned up (per copilot-pull-request-reviewer)
• bin/: rebuilt all three platform binaries

No Change Needed

• main.go:434 (streaming keys): batch key accumulation is intentional — it enables accurate total counts and clean progress logging. Expected bucket sizes (low thousands of records) make memory impact negligible. Explained in thread. (flagged by copilot-pull-request-reviewer)

Note on keys.Error()

The KeyLister interface in nats.go v1.43.0 only exposes Keys() and Stop() — Error() is not part of the interface. defer keys.Stop() handles cleanup; error signals come from the initial ListKeys() call and per-record errgroup results.

Threads Resolved

4 of 4 unresolved threads addressed in this iteration.