Expand description
Zero-downtime atomic binary handoff for long-running daemons.
See the crate-root ARCHITECTURE.md for the wire protocol, state machine,
and correctness invariants. This module re-exports the public surface.
Re-exports§
pub use drainable::DrainReport;pub use drainable::Drainable;pub use drainable::ReadinessSnapshot;pub use drainable::SealReport;pub use drainable::StateSnapshot;pub use error::Error;pub use error::Result;pub use fd::arrange_inherited_fds_on_spawn;pub use fd::pass_listener_fds_on_spawn;pub use incumbent::Incumbent;pub use lock::DataDirLock;pub use protocol::HandoffId;pub use role::BegunSuccessor;pub use role::HandshookSuccessor;pub use role::HeartbeatGuard;pub use role::InheritedListeners;pub use role::Role;pub use role::Successor;pub use role::detect_role;pub use supervisor::HandoffOutcome;pub use supervisor::SpawnSpec;pub use supervisor::Supervisor;
Modules§
- crash
- Crash-injection points for fault-tolerance testing.
- drainable
- The
Drainabletrait — the consumer contract for opaque handoff-side lifecycle hooks. The library calls these in a defined order over a handoff; the consumer (the primitive being handed off) implements them in terms of its own writer state, accept loop, and shard layout. - error
- Public error type for the
handoffcrate. - fd
- Parent-side FD inheritance helper.
- frame
- Length-prefixed framing over a sync byte stream (typically
UnixStream). - incumbent
- Incumbent-side control socket server.
- lock
DataDirLock— RAII flock on<data_dir>/.handoff.lock.- metrics
- Observability name constants.
- protocol
- Wire protocol message types and constants.
- role
- Successor detection via env vars + inherited listener handling.
- state
- Handoff state journal — persisted across supervisor restarts.
- supervisor
- Supervisor-side orchestration: spawn the successor, drive the protocol, handle abort/resume.
Macros§
- crash_
here - Inject a crash point at the call site. No-op without the
crash-pointsfeature.