awaken-server-contract 0.6.0

Server and store boundary contracts for Awaken
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260

//! Server-side staged checkpoint commit (ADR-0036 / ADR-0038).
//!
//! Canonical events and outbox rows committed atomically with a checkpoint are
//! kept off the runtime-facing [`ThreadCommit`] so the runtime never
//! names event/outbox vocabulary. They flow through [`ThreadCommitStagedWrites`]
//! and [`StagedCommitCoordinator::commit_checkpoint_staged`], which store
//! coordinators implement; the runtime-facing
//! [`CommitCoordinator::commit_checkpoint`] is equivalent to a staged commit
//! with no extra writes.

use crate::contract::outbox::OutboxMessageDraft;
use async_trait::async_trait;
use awaken_runtime_contract::contract::commit_coordinator::{
    CommitCoordinator, CommitError, StagedCanonicalEvent, ThreadCommit,
};
use awaken_runtime_contract::contract::event_store::{
    AppendOptions, CanonicalEventDraft, EventScope,
};
use serde::{Deserialize, Serialize};
use serde_json::Value;
use thiserror::Error;

/// Server-authored canonical event attached to the same thread commit as
/// the state transition that made the fact true.
#[derive(Debug, Clone, PartialEq)]
pub struct ServerCanonicalEvent {
    pub draft: CanonicalEventDraft,
    pub options: AppendOptions,
}

impl ServerCanonicalEvent {
    /// Construct a server-authored canonical event with default append options.
    #[must_use]
    pub fn new(draft: CanonicalEventDraft) -> Self {
        Self {
            draft,
            options: AppendOptions::default(),
        }
    }

    /// Attach append options (idempotency, expected cursors).
    #[must_use]
    pub fn with_options(mut self, options: AppendOptions) -> Self {
        self.options = options;
        self
    }
}

/// Outcome for advisory server canonical publication through an outbox.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum ServerEventPublishOutcome {
    Enqueued { dedupe_key: String },
}

/// Failure surface for advisory server canonical publication.
#[derive(Debug, Error, Clone, PartialEq, Eq)]
pub enum EventPublishError {
    #[error("validation error: {0}")]
    Validation(String),
    #[error("outbox enqueue failed: {0}")]
    Enqueue(#[from] crate::contract::outbox::OutboxError),
    #[error("serialization error: {0}")]
    Serialization(String),
}

/// Long-lived publisher for advisory server-authored canonical events.
#[async_trait]
pub trait OutboxServerEventPublisher: Send + Sync {
    async fn publish(
        &self,
        draft: CanonicalEventDraft,
        options: AppendOptions,
    ) -> Result<ServerEventPublishOutcome, EventPublishError>;
}

/// Non-replay diagnostic event.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct DiagnosticEvent {
    pub kind: String,
    #[serde(default)]
    pub payload: Value,
}

/// Fire-and-forget diagnostic event publisher.
pub trait DiagnosticEventPublisher: Send + Sync {
    fn record(&self, event: DiagnosticEvent);
}

/// Event/outbox writes committed atomically with a checkpoint, supplied by
/// server-side writers: the runtime tee's canonical drafts (drained from the
/// dispatch [`EventBuffer`](awaken_runtime_contract::contract::commit_coordinator::CanonicalEventStager)),
/// server-authored canonical events, and inline outbox rows.
#[derive(Debug, Clone, Default, PartialEq)]
pub struct ThreadCommitStagedWrites {
    pub canonical_drafts: Vec<StagedCanonicalEvent>,
    pub server_events: Vec<ServerCanonicalEvent>,
    pub additional_outbox: Vec<OutboxMessageDraft>,
}

/// Compatibility name retained for existing server/store call sites.
#[deprecated(since = "0.6.0", note = "Use `ThreadCommitStagedWrites`.")]
pub type CheckpointStagedWrites = ThreadCommitStagedWrites;

impl ThreadCommitStagedWrites {
    /// Whether there are no staged writes — a plain checkpoint.
    #[must_use]
    pub fn is_empty(&self) -> bool {
        self.canonical_drafts.is_empty()
            && self.server_events.is_empty()
            && self.additional_outbox.is_empty()
    }

    /// Attach staged canonical drafts (runtime tee).
    #[must_use]
    pub fn with_canonical_drafts(mut self, drafts: Vec<StagedCanonicalEvent>) -> Self {
        self.canonical_drafts = drafts;
        self
    }

    /// Attach server-authored canonical events.
    #[must_use]
    pub fn with_server_events(mut self, events: Vec<ServerCanonicalEvent>) -> Self {
        self.server_events = events;
        self
    }

    /// Attach inline-writer outbox rows.
    #[must_use]
    pub fn with_additional_outbox(mut self, rows: Vec<OutboxMessageDraft>) -> Self {
        self.additional_outbox = rows;
        self
    }

    /// Validate every staged write against the checkpoint's thread/run scope.
    /// Mirrors the invariants the runtime-facing plan used to enforce inline.
    pub fn validate(&self, thread_id: &str, run_id: &str) -> Result<(), CommitError> {
        for staged in &self.canonical_drafts {
            staged.draft.validate().map_err(CommitError::EventAppend)?;
            validate_event_scope_membership(&staged.draft, thread_id, run_id)?;
            staged
                .append_options
                .validate()
                .map_err(CommitError::EventAppend)?;
        }
        for event in &self.server_events {
            event.draft.validate().map_err(CommitError::EventAppend)?;
            validate_event_scope_membership(&event.draft, thread_id, run_id)?;
            event.options.validate().map_err(CommitError::EventAppend)?;
        }
        for row in &self.additional_outbox {
            row.validate().map_err(CommitError::OutboxInsert)?;
        }
        Ok(())
    }
}

/// Identifiers assigned by stores during a successful staged commit.
#[derive(Debug, Clone, Default, PartialEq)]
pub struct ThreadCommitStagedOutcome {
    /// Canonical event ids in the same order as the input
    /// `canonical_drafts`. Empty when the staged commit carried no events.
    pub canonical_event_ids: Vec<String>,
    /// Server-authored canonical event ids in the same order as the input
    /// `server_events`. Empty when the staged commit attached no server events.
    pub server_event_ids: Vec<String>,
    /// Outbox ids in the same order as `additional_outbox`. Empty when
    /// the staged commit attached no inline-writer outbox rows.
    pub additional_outbox_ids: Vec<String>,
}

fn validate_event_scope_membership(
    draft: &CanonicalEventDraft,
    thread_id: &str,
    run_id: &str,
) -> Result<(), CommitError> {
    for scope in &draft.scopes {
        match scope {
            EventScope::Thread {
                thread_id: scope_thread,
            } if scope_thread != thread_id => {
                return Err(CommitError::Validation(format!(
                    "event thread scope '{scope_thread}' must match thread commit thread_id '{thread_id}'"
                )));
            }
            EventScope::Run { run_id: scope_run } if scope_run != run_id => {
                return Err(CommitError::Validation(format!(
                    "event run scope '{scope_run}' must match thread commit run_projection.run_id '{run_id}'"
                )));
            }
            _ => {}
        }
    }
    Ok(())
}

/// A [`CommitCoordinator`] that can additionally commit staged event/outbox
/// writes atomically with the thread commit. Store coordinators implement this;
/// the runtime-facing [`CommitCoordinator::commit_checkpoint`] is equivalent to
/// a staged commit with [`ThreadCommitStagedWrites::default`].
#[async_trait]
pub trait StagedCommitCoordinator: CommitCoordinator {
    /// Commit a thread commit together with staged event/outbox writes in one
    /// transaction. See [`CommitCoordinator::commit_checkpoint`] for ordering
    /// and failure semantics.
    async fn commit_checkpoint_staged(
        &self,
        plan: ThreadCommit,
        staged: ThreadCommitStagedWrites,
    ) -> Result<ThreadCommitStagedOutcome, CommitError>;
}

#[cfg(test)]
mod tests {
    use super::*;
    use awaken_runtime_contract::contract::event_store::{CanonicalEventKind, EventVisibility};
    use serde_json::json;

    fn draft(kind: &str, thread_id: &str, run_id: &str) -> CanonicalEventDraft {
        let mut draft = CanonicalEventDraft::new(
            vec![EventScope::thread(thread_id), EventScope::run(run_id)],
            CanonicalEventKind::new(kind).unwrap(),
            json!({ "kind": kind }),
            "test",
        )
        .unwrap();
        draft.visibility = EventVisibility::Public;
        draft
    }

    #[test]
    fn empty_is_empty() {
        assert!(ThreadCommitStagedWrites::default().is_empty());
    }

    #[test]
    fn validate_accepts_matching_scope() {
        let staged = ThreadCommitStagedWrites::default().with_canonical_drafts(vec![
            StagedCanonicalEvent::new(draft("RunStarted", "t", "r")),
        ]);
        staged.validate("t", "r").unwrap();
    }

    #[test]
    fn validate_rejects_wrong_thread_scope() {
        let staged = ThreadCommitStagedWrites::default().with_canonical_drafts(vec![
            StagedCanonicalEvent::new(draft("RunStarted", "other", "r")),
        ]);
        let err = staged.validate("t", "r").unwrap_err();
        assert!(matches!(err, CommitError::Validation(m) if m.contains("thread scope")));
    }

    #[test]
    fn validate_rejects_wrong_run_scope() {
        let staged = ThreadCommitStagedWrites::default().with_server_events(vec![
            ServerCanonicalEvent::new(draft("RunSubmitted", "t", "other")),
        ]);
        let err = staged.validate("t", "r").unwrap_err();
        assert!(matches!(err, CommitError::Validation(m) if m.contains("run scope")));
    }
}