Support per-backend role and destination in replication engine

[maeldonn]

Read destination bucket and role from each backends[] entry instead of the shared top-level fields, so a single source object can be replicated to multiple CRR destinations with their own role. Legacy entries without per-backend fields keep working via top-level fallback in ObjectQueueEntry's site-aware getters; MongoQueueProcessor's oplog path now matches every applicable rule and dedups backends per the design's (site, destination, role) rule.

Issue: BB-762

[bert-e]

Hello maeldonn,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Incorrect fix version

The Fix Version/s in issue BB-762 contains:

• None

Considering where you are trying to merge, I ignored possible hotfix versions and I expected to find:

• 9.4.1

• 9.5.0

Please check the Fix Version/s of BB-762, or the target
branch of this pull request.

[codecov]

Codecov Report

❌ Patch coverage is 92.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.50%. Comparing base (c52fbcc) to head (3426739).

Files with missing lines	Patch %	Lines
extensions/mongoProcessor/MongoQueueProcessor.js	90.00%	1 Missing ⚠️
extensions/replication/tasks/ReplicateObject.js	91.66%	1 Missing ⚠️

Additional details and impacted files

Files with missing lines	Coverage Δ
...sions/replication/queueProcessor/QueueProcessor.js	72.94% <100.00%> (-0.59%)	⬇️
...xtensions/replication/tasks/MultipleBackendTask.js	55.44% <ø> (ø)
lib/models/ObjectQueueEntry.js	91.30% <ø> (ø)
extensions/mongoProcessor/MongoQueueProcessor.js	66.37% <90.00%> (-3.04%)	⬇️
extensions/replication/tasks/ReplicateObject.js	91.89% <91.66%> (+0.68%)	⬆️

... and 8 files with indirect coverage changes

Components	Coverage Δ
Bucket Notification	80.22% <ø> (ø)
Core Library	80.61% <ø> (-0.38%)	⬇️
Ingestion	70.66% <90.00%> (-0.58%)	⬇️
Lifecycle	79.06% <ø> (ø)
Oplog Populator	85.83% <ø> (ø)
Replication	59.65% <93.33%> (-0.14%)	⬇️
Bucket Scanner	85.76% <ø> (ø)

@@                 Coverage Diff                 @@
##           development/9.4    #2743      +/-   ##
===================================================
- Coverage            74.73%   74.50%   -0.23%     
===================================================
  Files                  199      199              
  Lines                13650    13630      -20     
===================================================
- Hits                 10201    10155      -46     
- Misses                3439     3465      +26     
  Partials                10       10              

Flag	Coverage Δ
api:retry	9.14% <0.00%> (+0.01%)	⬆️
api:routes	8.96% <0.00%> (+0.01%)	⬆️
bucket-scanner	85.76% <ø> (ø)
ft_test:queuepopulator	9.10% <0.00%> (-1.03%)	⬇️
lib	7.76% <0.00%> (-0.03%)	⬇️
lifecycle	18.93% <0.00%> (-0.07%)	⬇️
notification	1.02% <0.00%> (+<0.01%)	⬆️
oplogPopulator	0.14% <0.00%> (+<0.01%)	⬆️
unit	51.75% <80.00%> (+0.52%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[claude]

Rules.find() picks the first matching rule in the API response, but MongoQueueProcessor._updateReplicationInfo selects backends from the highest-priority rule (via .sort((a, b) => (b.priority || 0) - (a.priority || 0))). If multiple enabled rules match the same object prefix and target the same StorageClass with different Destination.Account values, and the API returns them in non-priority order, the expectedDestRole derived here may differ from the role stored in the entry, causing a spurious BadRole rejection.

— Claude Code

[claude]

• ReplicateObject.js:310 — Rule matching via Rules.find() does not consider priority, while MongoQueueProcessor sorts by priority descending. If multiple rules target the same site with different Destination.Account values, the derived expectedDestRole may not match the entry's role, causing a spurious BadRole error.
  - tests/unit/lib/models/ObjectQueueEntry.spec.js — File shows as a binary diff in this PR, which typically indicates a BOM or encoding issue. Verify the file is clean UTF-8.
  
  Review by Claude Code

[claude]

• Overall: well-structured refactor — per-backend roles/destinations are correctly propagated through MongoQueueProcessor, QueueProcessor, and the replication task chain. Legacy fallbacks tested. No critical issues found.
  - extensions/replication/tasks/ReplicateObject.js:270 — Minor: roles.length < 1 is unreachable because String.split(',') always returns an array with at least one element. Could simplify to roles.length > 2.
  - extensions/replication/tasks/MultipleBackendTask.js:59 — Note: entry.getReplicationRoles() is called without this.site, while the parent ReplicateObject._setupRolesOnce was updated to pass this.site. This appears intentional since cloud backends don't carry per-backend roles, but worth a comment or assertion to make the design choice explicit.
  
  LGTM
  
  Review by Claude Code

[claude]

Minor: roles.length < 1 is unreachable — String.split(',') always returns at least one element (''.split(',') → ['']). Could simplify to roles.length > 2.

Suggested change

	if (roles.length < 1 || roles.length > 2) {
	if (roles.length > 2) {

— Claude Code

[claude]

Arsenal is pinned to a raw commit SHA instead of a tag. The yarn.lock resolves this to version 8.4.2 — if the tag exists, pin to 8.4.2 for readability and consistency with other git-based deps in this file (e.g. breakbeat#v1.0.3, werelogs#8.2.2).

— Claude Code

[claude]

• package.json:57 — arsenal pinned to raw commit SHA instead of a tag; should use the resolved version tag (8.4.2) for consistency with other git-based deps
  
  The rest of the PR looks solid: per-backend role/destination plumbing is consistent across MongoQueueProcessor, QueueProcessor, ReplicateObject, and MultipleBackendTask. Legacy fallback paths are well-tested. The deletion of getLocationsFromStorageClass is safe — no remaining callers in production code.
  
  Review by Claude Code

[claude]

Arsenal is pinned to a commit hash instead of a tag. The yarn.lock shows this resolves to version 8.4.3. Per project conventions, git-based deps should be pinned to a tag for readability and consistency with the other deps (breakbeat#v1.0.3, bucketclient#8.2.4, etc.).

— Claude Code

[claude]

• package.json:57 — Arsenal is pinned to a commit hash (39c1a64...) instead of a tag. The yarn.lock resolves to version 8.4.3, so please pin to the tag for consistency with other git-based deps.
  - extensions/replication/tasks/MultipleBackendTask.js:59 — _setupRolesOnce calls getReplicationRoles() without this.site, unlike the parent ReplicateObject._setupRolesOnce which was updated to pass it. This works today because cloud backends don't carry per-backend roles, but consider passing this.site for forward-compatibility with multi-destination CRR on cloud targets.
  
  Review by Claude Code

[claude]

The matchingRule lookup here uses rule.Prefix, but the replicationEnabled check on line 258 uses rule.Filter?.Prefix ?? rule.Prefix ?? ''. For V2 replication rules that use Filter.Prefix instead of top-level Prefix, rule.Prefix will be undefined, causing startsWith(undefined) to always return false. The matching rule will never be found, and the code will silently fall back to roles[1] (the legacy destination role) instead of computing the per-account substituted role.

Suggested change

	entry.getObjectKey().startsWith(rule.Prefix) &&
	rule => rule.Status === 'Enabled' &&
	entry.getObjectKey().startsWith(
	rule.Filter?.Prefix ?? rule.Prefix ?? '') &&

— Claude Code

[claude]

Arsenal is pinned to a commit hash (39c1a642d77436d871305435dcf244a64423a4b8) instead of a tag. The yarn.lock resolves this to version 8.4.3 — if that tag exists, it should be used here to follow the project's dependency pinning convention.

— Claude Code

[claude]

• extensions/replication/tasks/ReplicateObject.js:298 — matchingRule lookup uses bare rule.Prefix but the replicationEnabled check above uses rule.Filter?.Prefix ?? rule.Prefix ?? ''. V2 rules with Filter.Prefix will never match, silently falling back to the legacy destination role instead of the per-account substituted role.
  - package.json:57 — Arsenal pinned to a commit hash instead of a tag (yarn.lock resolves to 8.4.3).
  
  Review by Claude Code