Module pool 

BufferPool — slab allocator for [ZeroCopyBuffer] storage.

Allocation classes: 4 KiB, 64 KiB, 1 MiB, 10 MiB. Buffers larger than the largest class are direct-allocated (counted in the oversize_allocations_total metric).

Per-tenant accounting: every tenant carries a soft byte limit. Exceeding the limit does not block — it emits buffer_pool_soft_limit_exceeded_total{tenant_id=…} so operators can see which tenants are sustaining high multimodal throughput. The pool is global-per-process, not per-tenant, so a spike on tenant A doesn’t force a second pool allocation for tenant B.

The pool holds Vec<u8> slabs on its free lists. When a ZeroCopyBuffer allocated from the pool drops, the slab is reclaimed via the [PoolHandle] stored on its clone path. (11.b ships with a simpler model: slabs are requested on-demand and returned manually; a future revision wires the Drop impl to the pool once we’re confident in the ownership model.)

Structs

BufferPool

Slab-allocating pool. Shared across tenants; tenant accounting happens at the metrics layer only. Thread-safe via Mutex on the per-class free lists; metrics are lock-free atomics.

BufferPoolSnapshot

Point-in-time snapshot for metric export. Each field maps 1:1 to a Prometheus counter surfaced by the adopter’s observability layer.

Enums

PoolClass