Prevent wrong codeflow subscription configurations (#5205)

This PR implements validation to prevent misconfigured VMR codeflow
subscriptions that could lead to conflicts and operational issues, while
also improving the API design by unifying subscription querying methods.

## Problem

Currently, it's possible to create conflicting codeflow subscriptions
that can cause problems:

1. **Backflow conflicts**: Multiple VMR→repository subscriptions
targeting the same repository branch
2. **Forward flow conflicts**: Multiple repository→VMR subscriptions
flowing into the same VMR branch and target directory

These misconfigurations can lead to race conditions, merge conflicts,
and unexpected behavior in the dependency flow system.

## Solution

### Comprehensive Validation
Added validation with a shared service architecture:

- **`ICodeflowSubscriptionValidationService`**: Common interface in
`Maestro.Common`
- **`CodeflowSubscriptionValidationService`**: Single implementation
containing all validation logic
- **Server-side validation**: SubscriptionsController validates on
`Create()` and `UpdateSubscription()`
- **Client-side validation**: DARC CLI validates in
`AddSubscriptionOperation` and `UpdateSubscriptionOperation`
- **Shared base class**: `SubscriptionOperationBase` eliminates
duplication between Add/Update operations

### Validation Rules

**Backflow subscriptions** (VMR → repository, `sourceDirectory` set):
- Only one backflow subscription allowed per target repository + target
branch combination

**Forward flow subscriptions** (repository → VMR, `targetDirectory`
set):
- Only one forward flow subscription allowed per VMR repository + VMR
branch + target directory combination

### API Improvement

Replaced the specific `GetCodeflowSubscriptionsAsync` method with a more
generic `GetSubscriptionsAsync` that accepts additional optional
parameters:

```csharp
Task<IEnumerable<Subscription>> GetSubscriptionsAsync(
    string sourceRepo = null,
    string targetRepo = null,
    int? channelId = null,
    bool? sourceEnabled = null,        // New
    string sourceDirectory = null,     // New
    string targetDirectory = null);    // New
```

This provides a cleaner, more flexible API that supports both general
subscription filtering and specific codeflow validation needs without
code duplication.

## Error Messages

Clear, actionable error messages help users understand and resolve
conflicts:

```
A backflow subscription 'abc123' already exists for the same target repository and branch. 
Only one backflow subscription is allowed per target repository and branch combination.
```

## Benefits

- **Maintainable**: Validation logic exists in one place
- **Consistent**: Same validation behavior across all entry points
- **Clean API**: Generic subscription querying without method
duplication
- **No breaking changes**: Existing functionality remains unaffected

Fixes #5204.

<!-- START COPILOT CODING AGENT TIPS -->
---

✨ Let Copilot coding agent [set things up for
you](https://github.com/dotnet/arcade-services/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: premun <[email protected]>
Co-authored-by: dkurepa <[email protected]>

Author: 3 people

src/Maestro/Maestro.DataProviders/SqlBarClient.cs

@@ -342,7 +342,13 @@ private static BuildRef ToClientModelBuildDependency(Data.Models.BuildDependency
     private static SubscriptionPolicy ToClientModelSubscriptionPolicy(Data.Models.SubscriptionPolicy other)
         => new(other.Batchable, (UpdateFrequency)other.UpdateFrequency);
 
-    public async Task<IEnumerable<Subscription>> GetSubscriptionsAsync(string sourceRepo = null, string targetRepo = null, int? channelId = null)
+    public async Task<IEnumerable<Subscription>> GetSubscriptionsAsync(
+        string sourceRepo = null, 
+        string targetRepo = null, 
+        int? channelId = null,
+        bool? sourceEnabled = null,
+        string sourceDirectory = null,
+        string targetDirectory = null)
     {
         IQueryable<Data.Models.Subscription> query = _context.Subscriptions
             .Include(s => s.Channel)
@@ -363,6 +369,21 @@ public async Task<IEnumerable<Subscription>> GetSubscriptionsAsync(string source
             query = query.Where(sub => sub.ChannelId == channelId.Value);
         }
 
+        if (sourceEnabled.HasValue)
+        {
+            query = query.Where(sub => sub.SourceEnabled == sourceEnabled.Value);
+        }
+
+        if (!string.IsNullOrEmpty(sourceDirectory))
+        {
+            query = query.Where(sub => sub.SourceDirectory == sourceDirectory);
+        }
+
+        if (!string.IsNullOrEmpty(targetDirectory))
+        {
+            query = query.Where(sub => sub.TargetDirectory == targetDirectory);
+        }
+
         List<Data.Models.Subscription> results = await query.ToListAsync();
 
         return results.Select(ToClientModelSubscription);

src/Microsoft.DotNet.Darc/Darc/Operations/AddSubscriptionOperation.cs

@@ -19,11 +19,9 @@
 
 namespace Microsoft.DotNet.Darc.Operations;
 
-internal class AddSubscriptionOperation : Operation
+internal class AddSubscriptionOperation : SubscriptionOperationBase
 {
     private readonly AddSubscriptionCommandLineOptions _options;
-    private readonly ILogger<AddSubscriptionOperation> _logger;
-    private readonly IBarApiClient _barClient;
     private readonly IRemoteFactory _remoteFactory;
     private readonly IGitRepoFactory _gitRepoFactory;
 
@@ -32,11 +30,9 @@ public AddSubscriptionOperation(
         ILogger<AddSubscriptionOperation> logger,
         IBarApiClient barClient,
         IRemoteFactory remoteFactory,
-        IGitRepoFactory gitRepoFactory)
+        IGitRepoFactory gitRepoFactory) : base(barClient, logger)
     {
         _options = options;
-        _logger = logger;
-        _barClient = barClient;
         _remoteFactory = remoteFactory;
         _gitRepoFactory = gitRepoFactory;
     }
@@ -295,6 +291,26 @@ public override async Task<int> ExecuteAsync()
                 return Constants.ErrorCode;
             }
 
+            // Check for codeflow subscription conflicts (source-enabled subscriptions)
+            if (sourceEnabled)
+            {
+                try
+                {
+                    await ValidateCodeflowSubscriptionConflicts(
+                        sourceRepository, 
+                        targetRepository, 
+                        targetBranch, 
+                        sourceDirectory, 
+                        targetDirectory, 
+                        existingSubscriptionId: null); // null for create (no existing subscription id)
+                }
+                catch (ArgumentException)
+                {
+                    Console.WriteLine("Aborting subscription creation.");
+                    return Constants.ErrorCode;
+                }
+            }
+
             Subscription newSubscription = await _barClient.CreateSubscriptionAsync(
                 channel,
                 sourceRepository,

src/Microsoft.DotNet.Darc/Darc/Operations/SubscriptionOperationBase.cs

@@ -0,0 +1,80 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.DotNet.DarcLib;
+using Microsoft.DotNet.ProductConstructionService.Client;
+using Microsoft.DotNet.ProductConstructionService.Client.Models;
+using Microsoft.Extensions.Logging;
+
+namespace Microsoft.DotNet.Darc.Operations;
+
+internal abstract class SubscriptionOperationBase : Operation
+{
+    protected readonly IBarApiClient _barClient;
+    protected readonly ILogger _logger;
+
+    protected SubscriptionOperationBase(IBarApiClient barClient, ILogger logger)
+    {
+        _barClient = barClient;
+        _logger = logger;
+    }
+
+    /// <summary>
+    /// Validates that the codeflow subscription doesn't conflict with existing ones
+    /// </summary>
+    protected async Task ValidateCodeflowSubscriptionConflicts(
+        string sourceRepository,
+        string targetRepository,
+        string targetBranch,
+        string sourceDirectory,
+        string targetDirectory,
+        Guid? existingSubscriptionId)
+    {
+        // Check for backflow conflicts (source directory not empty)
+        if (!string.IsNullOrEmpty(sourceDirectory))
+        {
+            var backflowSubscriptions = await _barClient.GetSubscriptionsAsync(
+                targetRepo: targetRepository,
+                sourceEnabled: true);
+
+            var conflictingBackflowSubscription = backflowSubscriptions.FirstOrDefault(sub =>
+                !string.IsNullOrEmpty(sub.SourceDirectory) &&
+                sub.TargetRepository == targetRepository &&
+                sub.TargetBranch == targetBranch &&
+                sub.Id != existingSubscriptionId);
+
+            if (conflictingBackflowSubscription != null)
+            {
+                _logger.LogError($"A backflow subscription '{conflictingBackflowSubscription.Id}' already exists for the same target repository and branch. " +
+                               "Only one backflow subscription is allowed per target repository and branch combination.");
+                throw new ArgumentException("Codeflow subscription conflict detected.");
+            }
+        }
+
+        // Check for forward flow conflicts (target directory not empty)
+        if (!string.IsNullOrEmpty(targetDirectory))
+        {
+            var forwardFlowSubscriptions = await _barClient.GetSubscriptionsAsync(
+                targetRepo: targetRepository,
+                sourceEnabled: true,
+                targetDirectory: targetDirectory);
+
+            var conflictingForwardFlowSubscription = forwardFlowSubscriptions.FirstOrDefault(sub =>
+                !string.IsNullOrEmpty(sub.TargetDirectory) &&
+                sub.TargetRepository == targetRepository &&
+                sub.TargetBranch == targetBranch &&
+                sub.TargetDirectory == targetDirectory &&
+                sub.Id != existingSubscriptionId);
+
+            if (conflictingForwardFlowSubscription != null)
+            {
+                _logger.LogError($"A forward flow subscription '{conflictingForwardFlowSubscription.Id}' already exists for the same VMR repository, branch, and target directory. " +
+                               "Only one forward flow subscription is allowed per VMR repository, branch, and target directory combination.");
+                throw new ArgumentException("Codeflow subscription conflict detected.");
+            }
+        }
+    }
+}

src/Microsoft.DotNet.Darc/Darc/Operations/UpdateSubscriptionOperation.cs

@@ -19,23 +19,19 @@
 
 namespace Microsoft.DotNet.Darc.Operations;
 
-internal class UpdateSubscriptionOperation : Operation
+internal class UpdateSubscriptionOperation : SubscriptionOperationBase
 {
     private readonly UpdateSubscriptionCommandLineOptions _options;
-    private readonly IBarApiClient _barClient;
     private readonly IGitRepoFactory _gitRepoFactory;
-    private readonly ILogger<UpdateSubscriptionOperation> _logger;
 
     public UpdateSubscriptionOperation(
         UpdateSubscriptionCommandLineOptions options,
         IBarApiClient barClient,
         IGitRepoFactory gitRepoFactory,
-        ILogger<UpdateSubscriptionOperation> logger)
+        ILogger<UpdateSubscriptionOperation> logger) : base(barClient, logger)
     {
         _options = options;
-        _barClient = barClient;
         _gitRepoFactory = gitRepoFactory;
-        _logger = logger;
     }
 
     /// <summary>
@@ -273,6 +269,26 @@ public override async Task<int> ExecuteAsync()
 
             subscriptionToUpdate.Policy.MergePolicies = mergePolicies;
 
+            // Check for codeflow subscription conflicts (source-enabled subscriptions)
+            if (sourceEnabled)
+            {
+                try
+                {
+                    await ValidateCodeflowSubscriptionConflicts(
+                        subscriptionToUpdate.SourceRepository, 
+                        subscription.TargetRepository, 
+                        subscription.TargetBranch, 
+                        sourceDirectory, 
+                        targetDirectory, 
+                        subscription.Id); // existing subscription id for updates
+                }
+                catch (ArgumentException)
+                {
+                    Console.WriteLine("Aborting subscription update.");
+                    return Constants.ErrorCode;
+                }
+            }
+
             var updatedSubscription = await _barClient.UpdateSubscriptionAsync(
                 _options.Id,
                 subscriptionToUpdate);

src/Microsoft.DotNet.Darc/DarcLib/BarApiClient.cs

@@ -309,16 +309,25 @@ public Task<Subscription> UpdateSubscriptionAsync(string subscriptionId, Subscri
     /// <param name="sourceRepo">Filter by the source repository of the subscription.</param>
     /// <param name="targetRepo">Filter by the target repository of the subscription.</param>
     /// <param name="channelId">Filter by the source channel id of the subscription.</param>
+    /// <param name="sourceEnabled">Filter by source-enabled subscriptions.</param>
+    /// <param name="sourceDirectory">Filter by source directory.</param>
+    /// <param name="targetDirectory">Filter by target directory.</param>
     /// <returns>Set of subscription.</returns>
     public async Task<IEnumerable<Subscription>> GetSubscriptionsAsync(
         string? sourceRepo = null,
         string? targetRepo = null,
-        int? channelId = null)
+        int? channelId = null,
+        bool? sourceEnabled = null,
+        string? sourceDirectory = null,
+        string? targetDirectory = null)
     {
         return await _barClient.Subscriptions.ListSubscriptionsAsync(
             sourceRepository: sourceRepo,
             targetRepository: targetRepo,
-            channelId: channelId);
+            channelId: channelId,
+            sourceEnabled: sourceEnabled,
+            sourceDirectory: sourceDirectory,
+            targetDirectory: targetDirectory);
     }
 
     /// <summary>

src/Microsoft.DotNet.Darc/DarcLib/IBasicBarClient.cs

@@ -37,11 +37,17 @@ public interface IBasicBarClient
     /// <param name="sourceRepo">Filter by the source repository of the subscription.</param>
     /// <param name="targetRepo">Filter by the target repository of the subscription.</param>
     /// <param name="channelId">Filter by the source channel id of the subscription.</param>
+    /// <param name="sourceEnabled">Filter by source-enabled subscriptions.</param>
+    /// <param name="sourceDirectory">Filter by source directory.</param>
+    /// <param name="targetDirectory">Filter by target directory.</param>
     /// <returns>Set of subscription.</returns>
     Task<IEnumerable<Subscription>> GetSubscriptionsAsync(
         string sourceRepo = null,
         string targetRepo = null,
-        int? channelId = null);
+        int? channelId = null,
+        bool? sourceEnabled = null,
+        string sourceDirectory = null,
+        string targetDirectory = null);
 
     #endregion
 

src/ProductConstructionService/ProductConstructionService.Api/Api/v2020_02_20/Controllers/SubscriptionsController.cs

@@ -294,6 +294,13 @@ public async Task<IActionResult> UpdateSubscription(Guid id, [FromBody] Subscrip
                         }));
             }
 
+            // Check for codeflow subscription conflicts
+            var conflictError = await ValidateCodeflowSubscriptionConflicts(subscription);
+            if (conflictError != null)
+            {
+                return Conflict(new ApiError("the request is invalid", new[] { conflictError }));
+            }
+
             _context.Subscriptions.Update(subscription);
             await _context.SaveChangesAsync();
         }
@@ -438,6 +445,13 @@ public async Task<IActionResult> Create([FromBody, Required] SubscriptionData su
                     }));
         }
 
+        // Check for codeflow subscription conflicts
+        var conflictError = await ValidateCodeflowSubscriptionConflicts(subscriptionModel);
+        if (conflictError != null)
+        {
+            return BadRequest(new ApiError("The request is invalid", new[] { conflictError }));
+        }
+
         if (!string.IsNullOrEmpty(subscriptionModel.PullRequestFailureNotificationTags)
             && !await AllNotificationTagsValid(subscriptionModel.PullRequestFailureNotificationTags))
         {
@@ -457,6 +471,43 @@ public async Task<IActionResult> Create([FromBody, Required] SubscriptionData su
             new Subscription(subscriptionModel));
     }
 
+    /// <summary>
+    ///     Validates codeflow subscription conflicts
+    /// </summary>
+    /// <param name="subscription">Subscription to validate</param>
+    /// <returns>Error message if conflict found, null if no conflicts</returns>
+    private async Task<string?> ValidateCodeflowSubscriptionConflicts(Maestro.Data.Models.Subscription subscription)
+    {
+        if (!subscription.SourceEnabled)
+        {
+            return null;
+        }
+
+        // Check for backflow conflicts (source directory not empty)
+        if (!string.IsNullOrEmpty(subscription.SourceDirectory))
+        {
+            var conflictingBackflowSubscription = await FindConflictingBackflowSubscription(subscription);
+            if (conflictingBackflowSubscription != null)
+            {
+                return $"A backflow subscription '{conflictingBackflowSubscription.Id}' already exists for the same target repository and branch. " +
+                       "Only one backflow subscription is allowed per target repository and branch combination.";
+            }
+        }
+
+        // Check for forward flow conflicts (target directory not empty)
+        if (!string.IsNullOrEmpty(subscription.TargetDirectory))
+        {
+            var conflictingForwardFlowSubscription = await FindConflictingForwardFlowSubscription(subscription);
+            if (conflictingForwardFlowSubscription != null)
+            {
+                return $"A forward flow subscription '{conflictingForwardFlowSubscription.Id}' already exists for the same VMR repository, branch, and target directory. " +
+                       "Only one forward flow subscription is allowed per VMR repository, branch, and target directory combination.";
+            }
+        }
+
+        return null;
+    }
+
     /// <summary>
     ///     Find an existing subscription in the database with the same key data as the subscription we are adding/updating
     ///     
@@ -475,4 +526,31 @@ await _context.Subscriptions.FirstOrDefaultAsync(sub =>
                 && sub.SourceDirectory == updatedOrNewSubscription.SourceDirectory
                 && sub.TargetDirectory == updatedOrNewSubscription.TargetDirectory
                 && sub.Id != updatedOrNewSubscription.Id);
+
+    /// <summary>
+    ///     Find a conflicting backflow subscription (different subscription targeting same repo/branch)
+    /// </summary>
+    /// <param name="updatedOrNewSubscription">Subscription model with updated data.</param>
+    /// <returns>Conflicting subscription if found, null otherwise</returns>
+    private async Task<Maestro.Data.Models.Subscription?> FindConflictingBackflowSubscription(Maestro.Data.Models.Subscription updatedOrNewSubscription) =>
+        await _context.Subscriptions.FirstOrDefaultAsync(sub =>
+            sub.SourceEnabled == true
+                && !string.IsNullOrEmpty(sub.SourceDirectory) // Backflow subscription
+                && sub.TargetRepository == updatedOrNewSubscription.TargetRepository
+                && sub.TargetBranch == updatedOrNewSubscription.TargetBranch
+                && sub.Id != updatedOrNewSubscription.Id);
+
+    /// <summary>
+    ///     Find a conflicting forward flow subscription (different subscription targeting same VMR branch/directory)
+    /// </summary>
+    /// <param name="updatedOrNewSubscription">Subscription model with updated data.</param>
+    /// <returns>Conflicting subscription if found, null otherwise</returns>
+    private async Task<Maestro.Data.Models.Subscription?> FindConflictingForwardFlowSubscription(Maestro.Data.Models.Subscription updatedOrNewSubscription) =>
+        await _context.Subscriptions.FirstOrDefaultAsync(sub =>
+            sub.SourceEnabled == true
+                && !string.IsNullOrEmpty(sub.TargetDirectory) // Forward flow subscription
+                && sub.TargetRepository == updatedOrNewSubscription.TargetRepository
+                && sub.TargetBranch == updatedOrNewSubscription.TargetBranch
+                && sub.TargetDirectory == updatedOrNewSubscription.TargetDirectory
+                && sub.Id != updatedOrNewSubscription.Id);
 }

test/Microsoft.DotNet.Darc.Tests/Operations/GetBuildOperationTests.cs

@@ -78,7 +78,7 @@ public async Task GetBuildOperationShouldHandleDuplicateBuilds()
             build
         ];
 
-        _barMock.Setup(t => t.GetSubscriptionsAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<int?>()))
+        _barMock.Setup(t => t.GetSubscriptionsAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<int?>(), It.IsAny<bool?>(), It.IsAny<string>(), It.IsAny<string>()))
             .ReturnsAsync(subscriptions.AsEnumerable());
         _barMock.Setup(t => t.GetBuildsAsync(It.IsAny<string>(), It.IsAny<string>()))
             .ReturnsAsync(builds.AsEnumerable());