feat(cli): redrive failed schema changes

[aparajon]

Why

Failed schema changes currently become terminal once their retry budget is exhausted, even when only part of the original work failed and the desired schema is still unchanged. A CLI-only redrive path lets an operator deliberately retry that same failed work without creating a replacement apply or replaying completed work.

What

• Add schemabot redrive <apply-id> as a guarded recovery command for terminal failed applies
• Reconstruct the remaining redrivable work from failed storage rows, then require a fresh plan to match it exactly
• Reopen the original apply only after the plan match succeeds; completed tasks and operations stay completed
• Require database lock ownership before re-planning, with --force matching existing lock takeover semantics
• Reject cancelled, stale, drifted, or concurrently active database work

Original apply state                  Redrive validation
────────────────────                  ──────────────────
completed task ───────────────┐       stored failed rows ─────┐
completed operation ──────────┼──▶    expected remaining work  ├── exact match? ── yes ──▶ reopen failed rows
failed task / operation ──────┘       fresh re-plan ───────────┘                    no  ──▶ leave failed

After successful redrive
────────────────────────
completed work        stays completed
failed tasks          failed_retryable
failed operations     failed_retryable
parent apply          failed_retryable with reset retry budget

Risk Assessment

Medium — this adds a new operator control path that can move terminal failed applies back to active retryable states. The path is CLI-only, guarded by lock ownership, freshness limits, active-apply checks, and exact re-plan matching before storage state changes.

Generated with Amp

[Copilot]

Pull request overview

Adds an operator-facing “redrive” control path that re-plans a recently failed apply and, when the plan still matches the remaining failed work, reopens the apply by moving failed tasks/operations back to retryable states under lock ownership.

Changes:

• Introduces schemabot redrive <apply-id> CLI + client call and a new POST /api/redrive endpoint/response type.
• Implements redrive planning/validation in the API service, including lock acquisition (and --force takeover semantics) plus plan equivalence gating.
• Adds storage support to transition a terminal failed apply back to failed_retryable, preserving completed work and guarding against concurrent active applies; includes new unit tests.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pkg/storage/storage.go	Adds redrive freshness constant and ApplyStore.RedriveFailed API.
pkg/storage/mysqlstore/applies.go	Implements RedriveFailed transition logic + active-apply checks.
pkg/storage/mysqlstore/applies_test.go	Adds MySQL store tests covering redrive happy-path and rejection cases.
pkg/storage/errors.go	Adds ErrApplyNotRedrivable.
pkg/cmd/main.go	Wires redrive into the CLI root command.
pkg/cmd/commands/redrive.go	Implements CLI redrive command behavior and output.
pkg/cmd/commands/common.go	Adds accepted/error wrapper for redrive responses.
pkg/cmd/client/client.go	Adds CallRedriveAPI and refactors control request helper for custom payloads.
pkg/apitypes/apitypes.go	Extends ControlRequest with force and adds RedriveResponse.
pkg/api/service.go	Registers /api/redrive route/handler.
pkg/api/redrive_handlers.go	Implements redrive handler + plan filtering/fingerprinting/equivalence check.
pkg/api/redrive_handlers_test.go	Adds unit tests for redrive plan matching, lock behavior, and filtering.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.