Add tdbg schedule audit command

[fretz12]

What changed?

Adds a new tdbg schedule audit subcommand under tdbg schedule. The command lists every schedule in the target namespace(s), computes the nominal fire times each spec should have produced inside a user-specified window, queries visibility for the workflows that actually ran, and emits a per-schedule classification of each expected fire:

• real_miss — expected fire with no matching workflow and nothing else from the schedule running to justify a skip
• skip_overlap — fire correctly skipped because a prior workflow was still running
• inconclusive_schedule_changed — schedule spec was modified during the audit window; historical spec can't be recovered
• unsupported_policy — schedule uses a policy this audit doesn't fully model (BUFFER_ALL, ALLOW_ALL, CANCEL_OTHER, TERMINATE_OTHER, KeepOriginalWorkflowId); surfaced rather than miscounted

Output is either a CSV bundle (summary.csv + per-namespace files) when --output-dir is set, or a single flat CSV stream to stdout when it isn't.

Why?

We've had several incidents where schedules silently missed fires, and answering "did the scheduler fire when it should have, during this window?" required ad-hoc visibility queries per schedule. This tool makes that question answerable in a single command across all schedules in many namespaces in parallel, and produces a machine-readable artifact that can be diffed across days to spot regressions.

How did you test it?

• built
• run locally and tested manually
• covered by existing tests
• added new unit test(s)
• added new functional test(s)

[chaptersix]

https://github.com/temporalio/api/blob/0a2f0c3aff1f58e9cec5877d2896bdff5985431d/temporal/api/schedule/v1/message.proto#L213

this is in the API but not currently supported. It won't be for quite some time.

[fretz12]

gotcha, changed comment

[chaptersix]

I think input and output should be json/josnl. we have jq available in our environments to process input and output.

[chaptersix]

could we support unix pipes instead of specifying an input file? the piped input could contain, namespace and schedule id (optional).

that way someone can stream the input from another process without writing a file and they ca cat a file into stdin.

[fretz12]

yup, that was on my todo list.

FILE FORMAT (for --file / stdin)
  One audit target per line as 'namespace[,schedule_id]'. Examples:
    checker-ses-northwest-prod.90d0d
    datastore-northwest-prod.90d0d,DeleteExpiredSecretsScheduledWorkflow--one
    synthetics-northwest-prod.90d0d,my-schedule
  Lines starting with '#' and blank lines are ignored. Schedule IDs must not contain commas.

EXAMPLES
  Single namespace, 1-day window, write CSV bundle:
    tdbg schedule audit --namespace my-ns --start 2026-05-19T00:00:00Z --end 2026-05-20T00:00:00Z --output-dir ./audit-out

  Many targets from a file:
    tdbg schedule audit -f ./targets.csv --start 2026-05-01T19:30:00Z --end 2026-05-02T10:00:00Z \
      --output-dir ./audit-out

  Pipe targets from stdin (cat, psql, awk, etc.):
    cat ./targets.csv | tdbg schedule audit -f - --start 2026-05-01T00:00:00Z --end 2026-05-02T00:00:00Z

[chaptersix]

post jitter?

[fretz12]

Actually pre-jitter is intentional...workflows started by the scheduler carry TemporalScheduledStartTime set to the nominal (pre-jitter) time, so the audit needs nominal to match the fired vs expected. I found this to be most reliable. I actually removed the jitterseed as it's not relaly needed and in mislead. Added comment as well.

[chaptersix]

I think this should be overridable. some ns may have schedules that run once a year.

[fretz12]

ah yea good point. Turned it into a flag, and added warning if exceeds 7days