microsoft · pinodeca · May 26, 2026 · May 20, 2026 · May 20, 2026 · May 26, 2026
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -19,15 +19,6 @@
         "rust-analyzer.check.command": "clippy",
         "rust-analyzer.check.extraArgs": ["--features", "pg17"]
       }
-    },
-    "codespaces": {
-      "repositories": {
-        "microsoft/duroxide-pg-opt": {
-          "permissions": {
-            "contents": "read"
-          }
-        }
-      }
     }
   },
 

diff --git a/.devcontainer/onCreateCommand.sh b/.devcontainer/onCreateCommand.sh
@@ -56,99 +56,30 @@ else
     cargo pgrx init --pg17 download
 fi
 
-# ── Initialize private submodule (duroxide-pg-opt) ──────────────────
-# duroxide-pg-opt is a private repo.  Two auth mechanisms:
-#
-# 1. Prebuild phase: GH_PAT Codespace secret provides access.
-#    We use a temporary git insteadOf rewrite during submodule clone.
-#    The secret remains available in the Codespace environment, so there
-#    is no meaningful security benefit to trying to scrub local traces.
-#
-# 2. Interactive Codespace: devcontainer.json grants the built-in
-#    GITHUB_TOKEN read access via customizations.codespaces.repositories.
-#    The Codespace credential helper handles auth automatically.
-#
-# 3. Local Dev Container: user must have their own credentials.
-
-SUBMODULE_INITIALIZED=0
-
-if [ -n "$GH_PAT" ]; then
-    echo "GH_PAT detected — initializing submodule with PAT..."
-
-    # Temporarily rewrite GitHub HTTPS URLs to include the token.
-    PAT_REWRITE_URL="https://x-access-token:${GH_PAT}@github.com/"
-
-    cleanup_pat_rewrite() {
-        local rc=$?
-        # GH_PAT is still available in Codespace env vars; cleanup here ensures
-        # subsequent user git operations prefer devcontainer.json repo permissions
-        # and Codespaces credential helper instead of forcing PAT rewrite behavior.
-        git config --global --remove-section "url.${PAT_REWRITE_URL}" 2>/dev/null || true
-        return $rc
-    }
-
-    trap cleanup_pat_rewrite EXIT
-    git config --global url."${PAT_REWRITE_URL}".insteadOf "https://github.com/"
-
-    if [ "$SMOKE_MODE" = "1" ]; then
-        echo "Smoke mode: skipping git submodule update"
-        if [ -f "duroxide-pg-opt/Cargo.toml" ]; then
-            SUBMODULE_INITIALIZED=1
-        fi
-    elif git submodule update --init --recursive; then
-        echo "✅ Submodule initialized successfully (via PAT)"
-        SUBMODULE_INITIALIZED=1
-    else
-        echo "⚠️  Submodule initialization failed with PAT"
-    fi
-else
-    echo "GH_PAT not set — trying submodule init with default credentials..."
-    if [ "$SMOKE_MODE" = "1" ]; then
-        echo "Smoke mode: skipping git submodule update"
-        if [ -f "duroxide-pg-opt/Cargo.toml" ]; then
-            SUBMODULE_INITIALIZED=1
-        fi
-    elif git submodule update --init --recursive; then
-        echo "✅ Submodule initialized successfully"
-        SUBMODULE_INITIALIZED=1
-    else
-        echo "⚠️  Submodule initialization failed — skipping"
-        echo "   Set GH_PAT secret or ensure credentials for microsoft/duroxide-pg-opt"
-    fi
-fi
-
 # ── Build pg_durable ────────────────────────────────────────────────
-# Only build if the submodule is present (needed for compilation)
-if [ "$SUBMODULE_INITIALIZED" = "1" ] && [ -f "duroxide-pg-opt/Cargo.toml" ]; then
-    echo "Building pg_durable..."
-    if [ "$SMOKE_MODE" = "1" ]; then
-        echo "Smoke mode: skipping cargo build"
-    else
-        cargo build --features pg17,http-allow-test-domains
-        echo "✅ pg_durable built successfully"
-    fi
+# duroxide-pg is pulled as a crates.io dependency (see Cargo.toml).
+echo "Building pg_durable..."
+if [ "$SMOKE_MODE" = "1" ]; then
+    echo "Smoke mode: skipping cargo build"
+else
+    cargo build --features pg17,http-allow-test-domains
+    echo "✅ pg_durable built successfully"
 
     echo "Installing pg_durable into PostgreSQL ${PG_MAJOR}..."
-    if [ "$SMOKE_MODE" = "1" ]; then
-        echo "Smoke mode: skipping install/cluster bootstrap"
-    else
-        resolve_pgrx_environment "$PG_MAJOR"
-        cargo pgrx install --release --pg-config "$PG_CONFIG"
+    resolve_pgrx_environment "$PG_MAJOR"
+    cargo pgrx install --release --pg-config "$PG_CONFIG"
 
-        echo "Preparing PostgreSQL ${PG_MAJOR} cluster..."
-        recreate_local_cluster
-        start_local_postgres
-        ensure_compatible_roles
-        ensure_pg_durable_extension
+    echo "Preparing PostgreSQL ${PG_MAJOR} cluster..."
+    recreate_local_cluster
+    start_local_postgres
+    ensure_compatible_roles
+    ensure_pg_durable_extension
 
-        VERSION=$(pg_durable_version)
-        echo "✅ pg_durable ${VERSION} installed and verified"
+    VERSION=$(pg_durable_version)
+    echo "✅ pg_durable ${VERSION} installed and verified"
 
-        echo "Stopping PostgreSQL ${PG_MAJOR} after prebuild verification..."
-        stop_local_postgres
-    fi
-else
-    echo "⚠️  Submodule not available — skipping pg_durable build"
+    echo "Stopping PostgreSQL ${PG_MAJOR} after prebuild verification..."
+    stop_local_postgres
 fi
 
 echo ""

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -94,15 +94,15 @@ The new `.so` must work against **all** previous versions' schemas (same major v
 
 For Scenario A, treat the upgrade path as the contract for already-shipped versions: before release, fresh install for the new version should match what an existing customer gets by installing the previous version and applying the upgrade chain.
 
-**Updating duroxide-pg-opt dependency**: Update the submodule (`cd duroxide-pg-opt && git fetch && git checkout <new-ref>`), then rebuild. The BGW's embedded migration files update automatically via `include_dir!`. No changes to extension SQL, upgrade scripts, or any checked-in SQL copies are needed.
+**Updating duroxide-pg dependency**: Treat `duroxide` and `duroxide-pg` as a compatible pair. Before changing `duroxide-pg`, check the `duroxide-pg` release notes or compatibility matrix to determine whether `duroxide` must also be updated. Update the crates.io version(s) in [`Cargo.toml`](../Cargo.toml), then run `cargo update -p duroxide-pg` or `cargo update -p duroxide -p duroxide-pg` as appropriate and rebuild. The BGW's embedded migration files update automatically via `include_dir!`. No changes to extension SQL, upgrade scripts, or any checked-in SQL copies are needed.
 
 **Writing a spec or design doc:** Include an "Upgrade & Migration" section covering: backward compatibility impact (B1 — will the new `.so` work against all previous schemas?), upgrade script DDL needed, and any runtime schema detection required. See [docs/upgrade-testing.md](../docs/upgrade-testing.md) for the full upgrade testing strategy.
 
 ## Dependencies
 
 - **pgrx 0.16.1**: PostgreSQL extension framework (pinned version)
-- **duroxide**: Durable execution runtime
-- **duroxide-pg-opt**: duroxide provider/stores engine state in PostgreSQL (git submodule)
+- **duroxide**: Durable execution runtime (crates.io dependency pinned in [`Cargo.toml`](../Cargo.toml))
+- **duroxide-pg**: duroxide provider/stores engine state in PostgreSQL (crates.io dependency pinned in [`Cargo.toml`](../Cargo.toml)); keep pinned with `duroxide` as a compatible pair
 - **sqlx**: Async PostgreSQL from background worker
 - **tokio**: Async runtime for background worker
 

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,7 +21,6 @@ on:
 
 env:
   CARGO_TERM_COLOR: always
-  GITHUB_TOKEN: ${{ secrets.GH_PAT }}
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 
 concurrency:
@@ -59,7 +58,6 @@ jobs:
           rustup default nightly
 
       - name: Check formatting
-        # --all includes path dependencies; limit to our package to skip submodules
         run: cargo fmt --package pg_durable -- --check
 
   prepare:
@@ -96,9 +94,6 @@ jobs:
     continue-on-error: ${{ matrix.pg_version == 18 }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          submodules: true
-          token: ${{ secrets.GH_PAT }}
 
       - name: Free disk space and show usage
         run: |

diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
@@ -24,14 +24,6 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
-        with:
-          submodules: false
-
-      - name: Initialize private submodule duroxide-pg-opt
-        run: |
-          test -n "${{ secrets.DUROXIDE_PG_OPT_TOKEN }}"
-          git -c url."https://x-access-token:${{ secrets.DUROXIDE_PG_OPT_TOKEN }}@github.com/".insteadOf="https://github.com/" \
-            submodule update --init --recursive
 
       - name: Install Rust toolchain (stable)
         uses: dtolnay/rust-toolchain@stable

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -43,9 +43,6 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-        with:
-          submodules: true
-          token: ${{ secrets.GH_PAT }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -101,7 +98,6 @@ jobs:
 
       - name: Run E2E tests in Docker
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
           PG_DURABLE_LOG_DIR: /tmp/docker-logs
         run: ./scripts/test-e2e-docker.sh
 

diff --git a/.github/workflows/prebuild.yml b/.github/workflows/prebuild.yml
@@ -76,6 +76,5 @@ jobs:
           # Exercise script entrypoints without running heavy setup.
           export SKIP_APT_UPDATE=1
           export PG_DURABLE_SMOKE=1
-          export GH_PAT="smoke-test-token"
 
           bash .devcontainer/onCreateCommand.sh
diff --git a/.gitmodules b/.gitmodules