RedHatInsights · RostyslavKachan · Feb 24, 2026 · Feb 27, 2026
diff --git a/manager/cve_handler.py b/manager/cve_handler.py
@@ -40,6 +40,7 @@
 from common.peewee_model import SystemCveData
 from common.peewee_model import SystemGroupSet
 from common.peewee_model import SystemPlatform
+from common.peewee_model import SystemTagSet
 from common.peewee_model import SystemVulnerabilities
 from common.peewee_model import SystemVulnerablePackage
 from common.peewee_model import VulnerablePackageCVE
@@ -265,7 +266,11 @@ def _full_query(rh_account_id, synopsis, parsed_args, filters, remediation_filte
             InsightsRule.resolution_text,
             InsightsRule.kbase_node_id,
             InsightsRule.more_info_text,
-            InventoryHosts.tags,
+            (
+                fn.COALESCE(SystemTagSet.tags, "[]").alias("tags")
+                if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT)
+                else InventoryHosts.tags
+            ),
             InventoryHosts.updated,
             InventoryHosts.insights_id,
             (
@@ -303,6 +308,7 @@ def _full_query(rh_account_id, synopsis, parsed_args, filters, remediation_filte
         if remediation_filter:
             subq = subq.where(SystemVulnerabilities.remediation_type_id << remediation_filter)
 
+        subq = subq.switch(SystemPlatform).join(SystemTagSet, JOIN.LEFT_OUTER)
         subq = cyndi_join(subq)
         return apply_filters(subq, parsed_args, filters, {})
 
@@ -338,7 +344,11 @@ def _unpatched_full_query(self, rh_account_id, synopsis, parsed_args, filters) -
                 Value(None).alias("resolution_text"),
                 Value(0).alias("kbase_node_id"),
                 Value(None).alias("more_info_text"),
-                InventoryHosts.tags,
+                (
+                    fn.COALESCE(SystemTagSet.tags, "[]").alias("tags")
+                    if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT)
+                    else InventoryHosts.tags
+                ),
                 InventoryHosts.updated,
                 InventoryHosts.insights_id,
                 (
@@ -370,6 +380,7 @@ def _unpatched_full_query(self, rh_account_id, synopsis, parsed_args, filters) -
             .where(system_is_active(image=None))
             .where(SystemVulnerablePackage.rh_account_id == rh_account_id)
         )
+        unfixed_subq = unfixed_subq.switch(SystemPlatform).join(SystemTagSet, JOIN.LEFT_OUTER)
         unfixed_subq = cyndi_join(unfixed_subq)
         unfixed_subq = apply_filters(unfixed_subq, parsed_args, filters, {"unfixed": [True]})
 
@@ -396,7 +407,11 @@ def _id_query(rh_account_id, synopsis, parsed_args, filters, remediation_filter=
                 SystemVulnerabilities.mitigation_reason,
                 SystemPlatform.display_name.alias("display_name"),
                 fn.COALESCE(SystemVulnerabilities.remediation_type_id, remediation.PLAYBOOK.value).alias("remediation"),
-                InventoryHosts.tags,
+                (
+                    fn.COALESCE(SystemTagSet.tags, "[]").alias("tags")
+                    if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT)
+                    else InventoryHosts.tags
+                ),
                 InventoryHosts.updated,
                 InventoryHosts.insights_id,
                 (
@@ -429,6 +444,7 @@ def _id_query(rh_account_id, synopsis, parsed_args, filters, remediation_filter=
         if remediation_filter:
             subq = subq.where(SystemVulnerabilities.remediation_type_id << remediation_filter)
 
+        subq = subq.switch(SystemPlatform).join(SystemTagSet, JOIN.LEFT_OUTER)
         subq = cyndi_join(subq)
         return apply_filters(subq, parsed_args, filters, {})
 
@@ -452,7 +468,11 @@ def _unpatched_id_query(self, rh_account_id, synopsis, parsed_args, filters) ->
                 Value(None).alias("mitigation_reason"),
                 SystemPlatform.display_name.alias("display_name"),
                 Value(remediation.NONE.value).alias("remediation"),
-                InventoryHosts.tags,
+                (
+                    fn.COALESCE(SystemTagSet.tags, "[]").alias("tags")
+                    if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT)
+                    else InventoryHosts.tags
+                ),
                 InventoryHosts.updated,
                 InventoryHosts.insights_id,
                 (
@@ -483,6 +503,7 @@ def _unpatched_id_query(self, rh_account_id, synopsis, parsed_args, filters) ->
             .where(system_is_active(image=None))
         )
 
+        unfixed_subq = unfixed_subq.switch(SystemPlatform).join(SystemTagSet, JOIN.LEFT_OUTER)
         unfixed_subq = cyndi_join(unfixed_subq)
         unfixed_subq = apply_filters(unfixed_subq, parsed_args, filters, {"unfixed": [True]})
 

diff --git a/manager/filters.py b/manager/filters.py
@@ -24,6 +24,7 @@
 from common.peewee_model import SystemCveData
 from common.peewee_model import SystemGroupSet
 from common.peewee_model import SystemPlatform
+from common.peewee_model import SystemTagSet
 from common.peewee_model import SystemVulnerabilities
 from common.peewee_model import SystemVulnerablePackage
 
@@ -353,8 +354,9 @@ def _filter_system_by_tags(query, args, _kwargs):
         object: Modified query with system CVE status filter applied
     """
     if "tags" in args and args["tags"]:
+        tags_column = SystemTagSet.tags if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT) else InventoryHosts.tags
         for tag in args["tags"]:
-            query = query.where(InventoryHosts.tags.contains([tag]))
+            query = query.where(tags_column.contains([tag]))
     return query
 
 
@@ -420,10 +422,17 @@ def _filter_system_by_sap_sids(query, args, _kwargs):
     """
     if "sap_sids" in args and args["sap_sids"]:
         sap_sids = copy(args["sap_sids"])
-        expr = InventoryHosts.system_profile.contains({"sap_sids": [sap_sids[0]]})
+        cyndi_replication_enabled = UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT)
+        if cyndi_replication_enabled:
+            expr = SystemPlatform.sap_ids.contains(sap_sids[0])
+        else:
+            expr = InventoryHosts.system_profile.contains({"sap_sids": [sap_sids[0]]})
         sap_sids.pop(0)
         for sap_sid in sap_sids:
-            expr |= InventoryHosts.system_profile.contains({"sap_sids": [sap_sid]})
+            if cyndi_replication_enabled:
+                expr |= SystemPlatform.sap_ids.contains(sap_sid)
+            else:
+                expr |= InventoryHosts.system_profile.contains({"sap_sids": [sap_sid]})
         query = query.where(expr)
     return query
 
@@ -567,9 +576,15 @@ def _filter_system_by_ansible(query, args, _kwargs):
     """
     if "ansible" in args and args["ansible"] is not None:
         if args["ansible"]:
-            expr = InventoryHosts.system_profile.has_key("ansible")
+            if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT):
+                expr = SystemPlatform.ansible
+            else:
+                expr = InventoryHosts.system_profile.has_key("ansible")
         else:
-            expr = ~(InventoryHosts.system_profile.has_key("ansible"))
+            if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT):
+                expr = ~SystemPlatform.ansible
+            else:
+                expr = ~(InventoryHosts.system_profile.has_key("ansible"))
         query = query.where(expr)
     return query
 
@@ -589,9 +604,15 @@ def _filter_system_by_mssql(query, args, _kwargs):
     """
     if "mssql" in args and args["mssql"] is not None:
         if args["mssql"]:
-            expr = InventoryHosts.system_profile.has_key("mssql")
+            if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT):
+                expr = SystemPlatform.mssql
+            else:
+                expr = InventoryHosts.system_profile.has_key("mssql")
         else:
-            expr = ~(InventoryHosts.system_profile.has_key("mssql"))
+            if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT):
+                expr = ~SystemPlatform.mssql
+            else:
+                expr = ~(InventoryHosts.system_profile.has_key("mssql"))
         query = query.where(expr)
     return query
 

diff --git a/manager/system_handler.py b/manager/system_handler.py
@@ -37,6 +37,7 @@
 from common.peewee_model import SystemCveData
 from common.peewee_model import SystemGroupSet
 from common.peewee_model import SystemPlatform
+from common.peewee_model import SystemTagSet
 from common.peewee_model import SystemVulnerabilities
 from common.peewee_model import SystemVulnerablePackage
 from common.peewee_model import VulnerablePackageCVE
@@ -523,7 +524,11 @@ def _full_query(rh_account_id):
             SystemPlatform.culled_timestamp,
             Case(None, (((SystemPlatform.opt_out == False), SystemPlatform.cve_count_cache),), None).alias("cve_count"),
             fn.COALESCE(SystemPlatform.host_type, HostType.RPMDNF).alias("host_type"),
-            InventoryHosts.tags,
+            (
+                fn.COALESCE(SystemTagSet.tags, "[]").alias("tags")
+                if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT)
+                else InventoryHosts.tags
+            ),
             InventoryHosts.updated,
             InventoryHosts.insights_id,
             OS_INFO_QUERY.alias("os"),
@@ -537,6 +542,8 @@ def _full_query(rh_account_id):
 
         return (
             SystemPlatform.select(*selectables)
+            .switch(SystemPlatform)
+            .join(SystemTagSet, JOIN.LEFT_OUTER)
             .where(SystemPlatform.rh_account_id == rh_account_id)
             .where(system_is_active(deleted=False, image=None, opt_out=None, stale=None))
             .where(SystemPlatform.last_evaluation.is_null(False) | SystemPlatform.advisor_evaluated.is_null(False))
@@ -827,7 +834,11 @@ def handle_get(cls, **kwargs):
                 SystemPlatform.last_upload,
                 SystemPlatform.stale,
                 fn.COALESCE(SystemPlatform.host_type, HostType.RPMDNF).alias("host_type"),
-                InventoryHosts.tags,
+                (
+                    fn.COALESCE(SystemTagSet.tags, "[]").alias("tags")
+                    if UNLEASH.is_enabled(CYNDI_REPLICATION_REPLACEMENT)
+                    else InventoryHosts.tags
+                ),
                 InventoryHosts.updated,
                 InventoryHosts.insights_id,
                 OS_INFO_QUERY.alias("os"),
@@ -848,6 +859,7 @@ def handle_get(cls, **kwargs):
                 .dicts()
             )
             query = apply_filters(query, args, [filter_types.SYSTEM_TAGS], {})
+            query = query.switch(SystemPlatform).join(SystemTagSet, JOIN.LEFT_OUTER)
             system = cyndi_join(query).get()
         except DoesNotExist as exc:
             raise ApplicationException("inventory_id must exist and inventory_id must be visible to user", 404) from exc