feat: volume scopes redesign — replace shared/isolated with 6 scopes

Replace confusing shared/isolated volume modes with explicit scopes:
- instance: per-deploy isolated directory
- stage: shared within a stage across deploys
- project: shared across all stages
- project_named: named group within a project
- named: global named volume across projects
- ephemeral: tmpfs in-memory mount

Includes schema migration (shared→project, isolated→instance),
backward-compatible deployer resolution, scope metadata API endpoint,
and redesigned volume editor UI with scope guide cards and hints.

internal/api/router.go

@@ -192,6 +192,9 @@ func (s *Server) Router() chi.Router {
 			r.Get("/settings", s.getSettings)
 			r.Get("/settings/npm-certificates", s.listNpmCertificates)
 
+			// Volume scope metadata (read-only).
+			r.Get("/volumes/scopes", s.listVolumeScopes)
+
 			// Stale container endpoints (read).
 			r.Get("/containers/stale", s.listStaleContainers)
 

internal/api/volumes.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"errors"
+	"log/slog"
 	"net/http"
 	"path/filepath"
 	"strings"
@@ -21,26 +22,98 @@ func validateVolumePath(source string) bool {
 type volumeRequest struct {
 	Source string `json:"source"`
 	Target string `json:"target"`
-	Mode   string `json:"mode"`
+	Mode   string `json:"mode,omitempty"` // legacy — ignored if scope is set
+	Scope  string `json:"scope"`
+	Name   string `json:"name"`
+}
+
+// validScopes lists all accepted scope values.
+var validScopes = map[string]bool{
+	"instance": true, "stage": true, "project": true,
+	"project_named": true, "named": true, "ephemeral": true,
+}
+
+// validateVolumeScope validates the scope and name combination.
+func validateVolumeScope(scope, name string) string {
+	if !validScopes[scope] {
+		return "scope must be one of: instance, stage, project, project_named, named, ephemeral"
+	}
+	if (scope == "project_named" || scope == "named") && strings.TrimSpace(name) == "" {
+		return "name is required for " + scope + " scope"
+	}
+	return ""
+}
+
+// scopeDescriptions returns metadata about each scope for the UI.
+type scopeInfo struct {
+	Scope       string `json:"scope"`
+	Description string `json:"description"`
+	NeedsName   bool   `json:"needs_name"`
+	PathExample string `json:"path_example"`
+}
+
+// listVolumeScopes handles GET /api/volumes/scopes.
+// Returns all available scopes with descriptions for UI hints.
+func (s *Server) listVolumeScopes(w http.ResponseWriter, r *http.Request) {
+	scopes := []scopeInfo{
+		{
+			Scope:       "instance",
+			Description: "Each deploy gets its own isolated directory. Data is not shared between deploys.",
+			NeedsName:   false,
+			PathExample: "{base}/{project}/{stage}-{tag}/{source}",
+		},
+		{
+			Scope:       "stage",
+			Description: "All deploys within the same stage share this volume. Data persists across blue-green deployments.",
+			NeedsName:   false,
+			PathExample: "{base}/{project}/{stage}/{source}",
+		},
+		{
+			Scope:       "project",
+			Description: "Shared across all stages of the project. Good for common config or shared assets.",
+			NeedsName:   false,
+			PathExample: "{base}/{project}/{source}",
+		},
+		{
+			Scope:       "project_named",
+			Description: "A named volume within the project. Multiple stages can reference the same name to share data selectively.",
+			NeedsName:   true,
+			PathExample: "{base}/{project}/_named/{name}/{source}",
+		},
+		{
+			Scope:       "named",
+			Description: "A globally named volume shared across projects. Use for cross-project resources like shared databases.",
+			NeedsName:   true,
+			PathExample: "{base}/_named/{name}/{source}",
+		},
+		{
+			Scope:       "ephemeral",
+			Description: "In-memory tmpfs mount. Fast but data is lost when the container stops. Good for temp files and caches.",
+			NeedsName:   false,
+			PathExample: "(tmpfs — no host path)",
+		},
+	}
+	respondJSON(w, http.StatusOK, scopes)
 }
 
 // listVolumes handles GET /api/projects/{id}/volumes.
 func (s *Server) listVolumes(w http.ResponseWriter, r *http.Request) {
 	projectID := chi.URLParam(r, "id")
 
-	// Verify project exists.
 	if _, err := s.store.GetProjectByID(projectID); err != nil {
 		if errors.Is(err, store.ErrNotFound) {
 			respondNotFound(w, "project")
 			return
 		}
-		respondError(w, http.StatusInternalServerError, "failed to get project: "+err.Error())
+		slog.Error("failed to get project", "project_id", projectID, "error", err)
+		respondError(w, http.StatusInternalServerError, "failed to get project")
 		return
 	}
 
 	vols, err := s.store.GetVolumesByProjectID(projectID)
 	if err != nil {
-		respondError(w, http.StatusInternalServerError, "failed to list volumes: "+err.Error())
+		slog.Error("failed to list volumes", "project_id", projectID, "error", err)
+		respondError(w, http.StatusInternalServerError, "failed to list volumes")
 		return
 	}
 
@@ -51,13 +124,13 @@ func (s *Server) listVolumes(w http.ResponseWriter, r *http.Request) {
 func (s *Server) createVolume(w http.ResponseWriter, r *http.Request) {
 	projectID := chi.URLParam(r, "id")
 
-	// Verify project exists.
 	if _, err := s.store.GetProjectByID(projectID); err != nil {
 		if errors.Is(err, store.ErrNotFound) {
 			respondNotFound(w, "project")
 			return
 		}
-		respondError(w, http.StatusInternalServerError, "failed to get project: "+err.Error())
+		slog.Error("failed to get project", "project_id", projectID, "error", err)
+		respondError(w, http.StatusInternalServerError, "failed to get project")
 		return
 	}
 
@@ -66,27 +139,41 @@ func (s *Server) createVolume(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if req.Source == "" {
-		respondError(w, http.StatusBadRequest, "source is required")
-		return
+	// Ephemeral volumes don't need a source path.
+	if req.Scope != "ephemeral" {
+		if req.Source == "" {
+			respondError(w, http.StatusBadRequest, "source is required")
+			return
+		}
+		if !validateVolumePath(req.Source) {
+			respondError(w, http.StatusBadRequest, "source path must not contain '..'")
+			return
+		}
 	}
 	if req.Target == "" {
 		respondError(w, http.StatusBadRequest, "target is required")
 		return
 	}
-	if !validateVolumePath(req.Source) {
-		respondError(w, http.StatusBadRequest, "source path must not contain '..'")
-		return
-	}
 	if !validateVolumePath(req.Target) {
 		respondError(w, http.StatusBadRequest, "target path must not contain '..'")
 		return
 	}
-	if req.Mode == "" {
-		req.Mode = "shared"
+
+	// Resolve scope — support legacy mode field.
+	scope := req.Scope
+	if scope == "" {
+		switch req.Mode {
+		case "isolated":
+			scope = "instance"
+		case "shared":
+			scope = "project"
+		default:
+			scope = "project"
+		}
 	}
-	if req.Mode != "shared" && req.Mode != "isolated" {
-		respondError(w, http.StatusBadRequest, "mode must be 'shared' or 'isolated'")
+
+	if errMsg := validateVolumeScope(scope, req.Name); errMsg != "" {
+		respondError(w, http.StatusBadRequest, errMsg)
 		return
 	}
 
@@ -94,10 +181,12 @@ func (s *Server) createVolume(w http.ResponseWriter, r *http.Request) {
 		ProjectID: projectID,
 		Source:    req.Source,
 		Target:   req.Target,
-		Mode:     req.Mode,
+		Scope:    scope,
+		Name:     strings.TrimSpace(req.Name),
 	})
 	if err != nil {
-		respondError(w, http.StatusInternalServerError, "failed to create volume: "+err.Error())
+		slog.Error("failed to create volume", "project_id", projectID, "error", err)
+		respondError(w, http.StatusInternalServerError, "failed to create volume")
 		return
 	}
 	respondJSON(w, http.StatusCreated, vol)
@@ -113,7 +202,8 @@ func (s *Server) updateVolume(w http.ResponseWriter, r *http.Request) {
 			respondNotFound(w, "volume")
 			return
 		}
-		respondError(w, http.StatusInternalServerError, "failed to get volume: "+err.Error())
+		slog.Error("failed to get volume", "volume_id", volID, "error", err)
+		respondError(w, http.StatusInternalServerError, "failed to get volume")
 		return
 	}
 
@@ -124,21 +214,31 @@ func (s *Server) updateVolume(w http.ResponseWriter, r *http.Request) {
 
 	updated := existing
 	if req.Source != "" {
+		if !validateVolumePath(req.Source) {
+			respondError(w, http.StatusBadRequest, "source path must not contain '..'")
+			return
+		}
 		updated.Source = req.Source
 	}
 	if req.Target != "" {
-		updated.Target = req.Target
-	}
-	if req.Mode != "" {
-		if req.Mode != "shared" && req.Mode != "isolated" {
-			respondError(w, http.StatusBadRequest, "mode must be 'shared' or 'isolated'")
+		if !validateVolumePath(req.Target) {
+			respondError(w, http.StatusBadRequest, "target path must not contain '..'")
 			return
 		}
-		updated.Mode = req.Mode
+		updated.Target = req.Target
+	}
+	if req.Scope != "" {
+		if errMsg := validateVolumeScope(req.Scope, req.Name); errMsg != "" {
+			respondError(w, http.StatusBadRequest, errMsg)
+			return
+		}
+		updated.Scope = req.Scope
+		updated.Name = strings.TrimSpace(req.Name)
 	}
 
 	if err := s.store.UpdateVolume(updated); err != nil {
-		respondError(w, http.StatusInternalServerError, "failed to update volume: "+err.Error())
+		slog.Error("failed to update volume", "volume_id", volID, "error", err)
+		respondError(w, http.StatusInternalServerError, "failed to update volume")
 		return
 	}
 	respondJSON(w, http.StatusOK, updated)
@@ -152,7 +252,8 @@ func (s *Server) deleteVolume(w http.ResponseWriter, r *http.Request) {
 			respondNotFound(w, "volume")
 			return
 		}
-		respondError(w, http.StatusInternalServerError, "failed to delete volume: "+err.Error())
+		slog.Error("failed to delete volume", "volume_id", volID, "error", err)
+		respondError(w, http.StatusInternalServerError, "failed to delete volume")
 		return
 	}
 	respondJSON(w, http.StatusOK, map[string]string{"deleted": volID})