docs(standards): make SettingsWatcher mandatory for multi-tenant services

[jeffersonrodrigues92]

Summary

Makes SettingsWatcher the mandatory standard for PostgreSQL connection pool settings revalidation in multi-tenant services. Decoupled from the RabbitMQ consumer — works for any service with PostgreSQL.

Changes

multi-tenant.md

• New section: SettingsWatcher (MANDATORY) with bootstrap pattern, anti-rationalization table, detection commands
• MULTI_TENANT_CACHE_TTL_SEC and MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC marked as Required
• 10 canonical env vars (was 8)
• MongoDB excluded from watcher (driver doesn't support pool resize)
• Checklist updated with SettingsWatcher items

SKILL.md

• New audit check A10: SettingsWatcher compliance
• Gate 4: SettingsWatcher instantiation as MANDATORY task
• HARD GATE updated to include SettingsWatcher verification

standards-coverage-table.md

• Added SettingsWatcher row

backend-engineer-golang.md

• Section count updated

Context

lib-commons PRs:

• #394 — CacheTTL + StatementTimeout + change detection (merged)
• #395 — SettingsWatcher standalone component (open)

🤖 Generated with Claude Code

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a9912719-b82f-4c9b-b41e-8f7507f10c82

📥 Commits

Reviewing files that changed from the base of the PR and between 914c1a6 and 470f28e.

📒 Files selected for processing (2)

• dev-team/docs/standards/golang/multi-tenant.md
• dev-team/skills/dev-multi-tenant/SKILL.md

---

Walkthrough

The pull request makes a SettingsWatcher component mandatory (PostgreSQL-only) for multi-tenant Go services, updates documentation and checklists to increase section counts, and expands canonical multi-tenant env vars from 8 to 10 by adding MULTI_TENANT_CACHE_TTL_SEC and MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC (new defaults). It requires instantiation via tmwatcher.NewSettingsWatcher, Start(ctx)/Stop() lifecycle in bootstrap when cfg.MultiTenantEnabled, and shifts connection-pool settings revalidation responsibility to SettingsWatcher; test/gate checks and skill docs updated accordingly.

Sequence Diagram(s)

sequenceDiagram
    participant Service as Service
    participant SettingsWatcher as SettingsWatcher
    participant Postgres as Postgres
    participant ConnPool as ConnectionPool
    Service->>SettingsWatcher: tmwatcher.NewSettingsWatcher(cfg)
    Service->>SettingsWatcher: Start(ctx)
    loop every MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC
        SettingsWatcher->>Postgres: query tenant settings
        alt settings changed
            SettingsWatcher->>ConnPool: apply new connection settings (maxOpenConns, maxIdleConns, statementTimeout)
            ConnPool-->>SettingsWatcher: acknowledge applied settings
        else no change
            SettingsWatcher-->>SettingsWatcher: continue monitoring
        end
    end
    Service->>SettingsWatcher: Stop()
    SettingsWatcher-->>Service: stopped

Loading

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: establishing SettingsWatcher as mandatory for multi-tenant services.
Description check	✅ Passed	The description provides relevant context about the changes, explains the purpose of SettingsWatcher, lists modified files, and references supporting lib-commons PRs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@dev-team/docs/standards/golang/multi-tenant.md`:
- Around line 2308-2315: Update the mandatory requirement text so it is
conditional: state that instantiating SettingsWatcher (from
lib-commons/v4/commons/tenant-manager/watcher) is required for every
multi-tenant service that uses PostgreSQL connection pools, and explicitly
exempt services that use MongoDB (noting MongoDB driver cannot resize pools
after creation); revise the sentence that currently reads "Every multi-tenant
service MUST instantiate a SettingsWatcher" to clearly scope the MUST to
PostgreSQL-backed services and add a short explanatory note referencing the
watcher path and the MongoDB exclusion.

In `@dev-team/skills/dev-multi-tenant/SKILL.md`:
- Line 539: Update the dependency upgrade example that currently reads
"lib-commons v2 → v3 + lib-auth v2" to instead reference "lib-commons v2 → v4 +
lib-auth v2" so it matches the skill's mandated version and Gate 2 policy;
search for the exact string "lib-commons v2 → v3 + lib-auth v2" in SKILL.md and
replace v3 with v4, and scan nearby rows to ensure no other references to v3
remain inconsistent.
- Around line 722-725: Add the missing canonical env var
MULTI_TENANT_CACHE_TTL_SEC to the verification and hard-gate checks: update the
grep verification (where you check internal/bootstrap/config.go for
MULTI_TENANT_* vars) to include MULTI_TENANT_CACHE_TTL_SEC and ensure the
`.env.example` hard-gate check also requires MULTI_TENANT_CACHE_TTL_SEC to be
present; locate the verification logic referencing
MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC and MULTI_TENANT_SERVICE_API_KEY and
add the new symbol (MULTI_TENANT_CACHE_TTL_SEC) so the build/grep step and the
`.env.example` compliance gate validate all three variables.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: fb1ff8c7-56bb-49ee-94b0-b56b465a6c8f

📥 Commits

Reviewing files that changed from the base of the PR and between ad9b63c and 05eecf7.

📒 Files selected for processing (4)

• dev-team/agents/backend-engineer-golang.md
• dev-team/docs/standards/golang/multi-tenant.md
• dev-team/skills/dev-multi-tenant/SKILL.md
• dev-team/skills/shared-patterns/standards-coverage-table.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Gate logic incorrectly makes SettingsWatcher mandatory for non-PostgreSQL stacks.

A10 and the Gate 4 HARD GATE enforce SettingsWatcher unconditionally, but this same skill states SettingsWatcher is PostgreSQL-only. This will force false failures for MongoDB-only services.

Suggested fix

 A10. SettingsWatcher compliance:
-    - grep -rn "tmwatcher\|SettingsWatcher\|NewSettingsWatcher" internal/
-    - (no match = NON-COMPLIANT → Gate 4 MUST fix — SettingsWatcher MUST be instantiated in bootstrap)
-    - grep -rn "settingsWatcher.Start\|settingsWatcher.Stop" internal/
-    - (Start/Stop not called = NON-COMPLIANT → Gate 4 MUST fix — MUST start on init and stop on shutdown)
+    - IF PostgreSQL detected:
+      - grep -rn "tmwatcher\|SettingsWatcher\|NewSettingsWatcher" internal/
+      - (no match = NON-COMPLIANT → Gate 4 MUST fix — SettingsWatcher MUST be instantiated in bootstrap)
+      - grep -rn "settingsWatcher.Start\|settingsWatcher.Stop" internal/
+      - (Start/Stop not called = NON-COMPLIANT → Gate 4 MUST fix — MUST start on init and stop on shutdown)
+    - IF PostgreSQL not detected:
+      - mark N/A (SettingsWatcher is PostgreSQL-only)

-HARD GATE: CANNOT proceed without TenantMiddleware and SettingsWatcher.
+HARD GATE: CANNOT proceed without TenantMiddleware.
+IF PostgreSQL detected: CANNOT proceed without SettingsWatcher.

Also applies to: 762-762

[coderabbitai]

♻️ Duplicate comments (3)

dev-team/skills/dev-multi-tenant/SKILL.md (2)

725-727: ⚠️ Potential issue | 🟠 Major

Gate 3 verification is incomplete: missing MULTI_TENANT_CACHE_TTL_SEC.

You added 10 canonical vars, but verification and .env.example hard-gate checks still validate only two of the three newly critical keys (SERVICE_API_KEY, SETTINGS_CHECK_INTERVAL_SEC) and omit MULTI_TENANT_CACHE_TTL_SEC.

Proposed fix

-**Verification:** `grep "MULTI_TENANT_ENABLED" internal/bootstrap/config.go` + `grep "MULTI_TENANT_SERVICE_API_KEY" internal/bootstrap/config.go` + `grep "MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC" internal/bootstrap/config.go` + `go build ./...`
+**Verification:** `grep "MULTI_TENANT_ENABLED" internal/bootstrap/config.go` + `grep "MULTI_TENANT_SERVICE_API_KEY" internal/bootstrap/config.go` + `grep "MULTI_TENANT_CACHE_TTL_SEC" internal/bootstrap/config.go` + `grep "MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC" internal/bootstrap/config.go` + `go build ./...`

-**HARD GATE: `.env.example` compliance.** If the project has a `.env.example` file, MUST verify it includes `MULTI_TENANT_SERVICE_API_KEY` and `MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC`. If missing, add them.
+**HARD GATE: `.env.example` compliance.** If the project has a `.env.example` file, MUST verify it includes `MULTI_TENANT_SERVICE_API_KEY`, `MULTI_TENANT_CACHE_TTL_SEC`, and `MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC`. If missing, add them.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@dev-team/skills/dev-multi-tenant/SKILL.md` around lines 725 - 727, The
verification and hard-gate checks must be updated to include the missing
variable MULTI_TENANT_CACHE_TTL_SEC: add `MULTI_TENANT_CACHE_TTL_SEC` to the
grep/verification list that currently checks for MULTI_TENANT_ENABLED,
MULTI_TENANT_SERVICE_API_KEY and MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC (the
checks referencing internal/bootstrap/config.go), and ensure `.env.example`
contains an entry for MULTI_TENANT_CACHE_TTL_SEC alongside
MULTI_TENANT_SERVICE_API_KEY and MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC so the
hard-gate validation passes.

---

407-411: ⚠️ Potential issue | 🟠 Major

Make SettingsWatcher checks conditional on PostgreSQL detection.

A10 and Gate 4 currently enforce SettingsWatcher unconditionally. This conflicts with the PostgreSQL-only scope and will false-fail MongoDB-only services.

Proposed gate logic fix

 A10. SettingsWatcher compliance:
-    - grep -rn "tmwatcher\|SettingsWatcher\|NewSettingsWatcher" internal/
-    - (no match = NON-COMPLIANT → Gate 4 MUST fix — SettingsWatcher MUST be instantiated in bootstrap)
-    - grep -rn "settingsWatcher.Start\|settingsWatcher.Stop" internal/
-    - (Start/Stop not called = NON-COMPLIANT → Gate 4 MUST fix — MUST start on init and stop on shutdown)
+    - IF PostgreSQL detected:
+      - grep -rn "tmwatcher\|SettingsWatcher\|NewSettingsWatcher" internal/
+      - (no match = NON-COMPLIANT → Gate 4 MUST fix — SettingsWatcher MUST be instantiated in bootstrap)
+      - grep -rn "settingsWatcher.Start\|settingsWatcher.Stop" internal/
+      - (Start/Stop not called = NON-COMPLIANT → Gate 4 MUST fix — MUST start on init and stop on shutdown)
+    - IF PostgreSQL not detected:
+      - mark N/A (SettingsWatcher is PostgreSQL-only)

-HARD GATE: CANNOT proceed without TenantMiddleware and SettingsWatcher.
+HARD GATE: CANNOT proceed without TenantMiddleware.
+IF PostgreSQL detected: CANNOT proceed without SettingsWatcher.

Also applies to: 762-765

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@dev-team/skills/dev-multi-tenant/SKILL.md` around lines 407 - 411,
SettingsWatcher is being instantiated and started unconditionally; make these
actions conditional on PostgreSQL being enabled so MongoDB-only services don't
false-fail. Wrap the NewSettingsWatcher call and the settingsWatcher.Start /
settingsWatcher.Stop invocations behind a PostgreSQL-detection check (e.g.,
existing IsPostgresEnabled or DB type/config check) so NewSettingsWatcher,
settingsWatcher.Start and settingsWatcher.Stop only run when Postgres is active;
ensure the settingsWatcher variable is scoped/nullable and only referenced when
created. Update the bootstrap initialization and shutdown paths that call
NewSettingsWatcher, settingsWatcher.Start, and settingsWatcher.Stop accordingly.

dev-team/docs/standards/golang/multi-tenant.md (1)

2409-2415: ⚠️ Potential issue | 🟠 Major

Scope contradiction: SettingsWatcher is written as unconditional and PostgreSQL-only at the same time.

Line 2409 mandates SettingsWatcher for every multi-tenant service, while Line 2415 limits it to PostgreSQL and excludes MongoDB. This creates conflicting enforcement behavior.

Proposed wording fix

-**MANDATORY:** Every multi-tenant service MUST instantiate a `SettingsWatcher` in its bootstrap. This is not optional regardless of whether the service uses RabbitMQ, HTTP-only, or any other transport.
+**MANDATORY (when PostgreSQL is configured):** Every multi-tenant service using PostgreSQL MUST instantiate a `SettingsWatcher` in its bootstrap. This is transport-agnostic (RabbitMQ, HTTP-only, etc.).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@dev-team/docs/standards/golang/multi-tenant.md` around lines 2409 - 2415, The
doc text contradicts itself by mandating a SettingsWatcher for every
multi-tenant service while also stating it only applies to PostgreSQL; update
the mandate to be backend-specific: change the requirement so that only services
using PostgreSQL MUST instantiate SettingsWatcher (referencing SettingsWatcher
and lib-commons/v4/commons/tenant-manager/watcher) and explicitly state that
MongoDB-backed services are exempt because the Go MongoDB driver cannot resize
pools after connect; also adjust the "What It Does" paragraph to clarify the
watcher is PostgreSQL-only and that non-Postgres transports do not need it.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@dev-team/docs/standards/golang/multi-tenant.md`:
- Around line 2409-2415: The doc text contradicts itself by mandating a
SettingsWatcher for every multi-tenant service while also stating it only
applies to PostgreSQL; update the mandate to be backend-specific: change the
requirement so that only services using PostgreSQL MUST instantiate
SettingsWatcher (referencing SettingsWatcher and
lib-commons/v4/commons/tenant-manager/watcher) and explicitly state that
MongoDB-backed services are exempt because the Go MongoDB driver cannot resize
pools after connect; also adjust the "What It Does" paragraph to clarify the
watcher is PostgreSQL-only and that non-Postgres transports do not need it.

In `@dev-team/skills/dev-multi-tenant/SKILL.md`:
- Around line 725-727: The verification and hard-gate checks must be updated to
include the missing variable MULTI_TENANT_CACHE_TTL_SEC: add
`MULTI_TENANT_CACHE_TTL_SEC` to the grep/verification list that currently checks
for MULTI_TENANT_ENABLED, MULTI_TENANT_SERVICE_API_KEY and
MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC (the checks referencing
internal/bootstrap/config.go), and ensure `.env.example` contains an entry for
MULTI_TENANT_CACHE_TTL_SEC alongside MULTI_TENANT_SERVICE_API_KEY and
MULTI_TENANT_SETTINGS_CHECK_INTERVAL_SEC so the hard-gate validation passes.
- Around line 407-411: SettingsWatcher is being instantiated and started
unconditionally; make these actions conditional on PostgreSQL being enabled so
MongoDB-only services don't false-fail. Wrap the NewSettingsWatcher call and the
settingsWatcher.Start / settingsWatcher.Stop invocations behind a
PostgreSQL-detection check (e.g., existing IsPostgresEnabled or DB type/config
check) so NewSettingsWatcher, settingsWatcher.Start and settingsWatcher.Stop
only run when Postgres is active; ensure the settingsWatcher variable is
scoped/nullable and only referenced when created. Update the bootstrap
initialization and shutdown paths that call NewSettingsWatcher,
settingsWatcher.Start, and settingsWatcher.Stop accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 355fe1a4-f8bb-45ac-9d6a-0f5f7879d49a

📥 Commits

Reviewing files that changed from the base of the PR and between 05eecf7 and 914c1a6.

📒 Files selected for processing (3)

• dev-team/agents/backend-engineer-golang.md
• dev-team/docs/standards/golang/multi-tenant.md
• dev-team/skills/dev-multi-tenant/SKILL.md