bucketwarden_server/

consistency_model_support.rs

use super::*;

pub const CONSISTENCY_MODEL_STRONG_LOCAL: &str = "strong-local";
pub const CONSISTENCY_MODEL_EVENTUAL: &str = "eventual";
pub const CONSISTENCY_MODEL_SESSION: &str = "session";
pub const CONSISTENCY_MODEL_BOUNDED_STALENESS: &str = "bounded-staleness";

const CONSISTENCY_MODEL_CAPABILITIES: &[&str] = &[
    "read-after-write-consistency",
    "list-consistency",
    "overwrite-consistency",
    "delete-consistency",
    "metadata-consistency",
    "native-support-state",
    "semantic-parity",
    "configuration-admin-surface",
    "security-governance-impact",
    "observability-evidence",
    "failure-mode-behavior",
    "validation-test-coverage",
    "product-specific-caveats",
];

const CONSISTENCY_MODEL_CAVEATS: &[&str] = &[
    "BucketWarden supports strong local consistency inside a single runtime state authority.",
    "Reads, heads, lists, overwrites, deletes, and metadata reads observe committed local object state immediately.",
    "Eventual, session, and bounded-staleness consistency modes are tracked but fail closed outside the current runtime boundary.",
    "Strong local consistency does not claim distributed consensus, cross-region ordering, or multi-writer conflict semantics.",
];

const CONSISTENCY_MODEL_FAILURE_MODES: &[&str] = &[
    "unsupported-consistency-model-rejected",
    "invalid-consistency-policy-rejected",
    "stale-read-mode-rejected",
    "cross-region-consistency-out-of-bounds",
];

#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
pub struct ConsistencyModelSupportEntry {
    pub model: &'static str,
    pub native_support: bool,
    pub semantic_parity: &'static str,
    pub read_after_write: bool,
    pub list_consistency: bool,
    pub overwrite_consistency: bool,
    pub delete_consistency: bool,
    pub metadata_consistency: bool,
    pub failure_mode: &'static str,
    pub caveat: &'static str,
}

#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
pub struct ConsistencyModelSupportReport {
    pub active_model: &'static str,
    pub supported_models: Vec<&'static str>,
    pub unsupported_models: Vec<&'static str>,
    pub capabilities: Vec<&'static str>,
    pub failure_modes: Vec<&'static str>,
    pub caveats: Vec<&'static str>,
    pub entries: Vec<ConsistencyModelSupportEntry>,
}

#[derive(Clone, Debug, Default, Eq, PartialEq, Serialize)]
pub struct ConsistencyPolicy {
    pub model: String,
    pub stale_reads_allowed: bool,
    pub cross_region_ordering: bool,
}

impl BucketWarden {
    pub fn consistency_model_support_report(&self) -> ConsistencyModelSupportReport {
        ConsistencyModelSupportReport {
            active_model: CONSISTENCY_MODEL_STRONG_LOCAL,
            supported_models: vec![CONSISTENCY_MODEL_STRONG_LOCAL],
            unsupported_models: vec![
                CONSISTENCY_MODEL_EVENTUAL,
                CONSISTENCY_MODEL_SESSION,
                CONSISTENCY_MODEL_BOUNDED_STALENESS,
            ],
            capabilities: CONSISTENCY_MODEL_CAPABILITIES.to_vec(),
            failure_modes: CONSISTENCY_MODEL_FAILURE_MODES.to_vec(),
            caveats: CONSISTENCY_MODEL_CAVEATS.to_vec(),
            entries: vec![
                ConsistencyModelSupportEntry {
                    model: CONSISTENCY_MODEL_STRONG_LOCAL,
                    native_support: true,
                    semantic_parity: "Single runtime state authority provides immediate visibility for committed object mutations.",
                    read_after_write: true,
                    list_consistency: true,
                    overwrite_consistency: true,
                    delete_consistency: true,
                    metadata_consistency: true,
                    failure_mode: "Invalid stale-read or cross-region policy is rejected.",
                    caveat: "Strong local consistency is scoped to the local runtime and persisted snapshot/store boundary.",
                },
                ConsistencyModelSupportEntry {
                    model: CONSISTENCY_MODEL_EVENTUAL,
                    native_support: false,
                    semantic_parity: "No delayed visibility or convergence-window semantics are claimed.",
                    read_after_write: false,
                    list_consistency: false,
                    overwrite_consistency: false,
                    delete_consistency: false,
                    metadata_consistency: false,
                    failure_mode: "Eventual consistency model selection is rejected as unsupported.",
                    caveat: "Eventual consistency requires explicit replication lag and convergence semantics.",
                },
                ConsistencyModelSupportEntry {
                    model: CONSISTENCY_MODEL_SESSION,
                    native_support: false,
                    semantic_parity: "No per-session read-your-writes token or causal session semantics are claimed.",
                    read_after_write: false,
                    list_consistency: false,
                    overwrite_consistency: false,
                    delete_consistency: false,
                    metadata_consistency: false,
                    failure_mode: "Session consistency model selection is rejected as unsupported.",
                    caveat: "Session consistency needs session-bound causal metadata before support.",
                },
                ConsistencyModelSupportEntry {
                    model: CONSISTENCY_MODEL_BOUNDED_STALENESS,
                    native_support: false,
                    semantic_parity: "No bounded stale read window, version lag, or timestamp lag semantics are claimed.",
                    read_after_write: false,
                    list_consistency: false,
                    overwrite_consistency: false,
                    delete_consistency: false,
                    metadata_consistency: false,
                    failure_mode: "Bounded-staleness consistency model selection is rejected as unsupported.",
                    caveat: "Bounded staleness needs explicit clock and replica lag contracts before support.",
                },
            ],
        }
    }

    pub fn ensure_consistency_model_supported(&self, model: &str) -> Result<(), RuntimeError> {
        let report = self.consistency_model_support_report();
        if report.supported_models.contains(&model) {
            Ok(())
        } else {
            Err(RuntimeError::UnsupportedConsistencyModel(model.to_string()))
        }
    }

    pub fn validate_consistency_policy(
        &self,
        policy: &ConsistencyPolicy,
    ) -> Result<(), RuntimeError> {
        self.ensure_consistency_model_supported(&policy.model)?;
        if policy.stale_reads_allowed {
            return Err(RuntimeError::InvalidConsistencyPolicy(
                "strong local consistency rejects stale-read mode".to_string(),
            ));
        }
        if policy.cross_region_ordering {
            return Err(RuntimeError::InvalidConsistencyPolicy(
                "cross-region ordering is outside the current consistency boundary".to_string(),
            ));
        }
        Ok(())
    }
}