batpak 0.7.0

Event sourcing with causal graphs and policy gates. Sync API, zero async.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341

//! Deterministic Batpak Substrate Closure subscriber frontier observations.
//!
//! This module reports structural delivery/frontier observations for lossy
//! subscribers and cursor-backed pull paths without imposing policy semantics.

use crate::store::Store;
use serde::{Deserialize, Serialize};

/// Report-body schema version for subscriber frontier evidence.
pub const SUBSCRIBER_FRONTIER_REPORT_SCHEMA_VERSION: u16 = 1;

/// Fixed-width hash used by subscriber frontier reports.
pub type SubscriberFrontierHash = [u8; 32];

/// Subscriber source lane being observed.
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum SubscriberFrontierSource {
    /// Push-based lossy subscription.
    LossyPush,
    /// Cursor-backed pull path.
    CursorBacked,
}

/// Coarse delivery state for subscriber frontier observations.
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum SubscriberDeliveryState {
    /// Subscriber is actively consuming.
    Active,
    /// Subscriber is behind available frontier.
    Lagging,
    /// Subscriber was dropped from a lossy path.
    Dropped,
    /// Delivery path disconnected.
    Disconnected,
    /// Caller could not determine the delivery state.
    Unknown,
}

/// Precision class for observed delivery loss.
#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
pub enum LossPrecision {
    /// Exact dropped ranges are available.
    ExactRange,
    /// Loss can be localized only after a consumed frontier.
    LossAfterFrontier,
    /// Subscriber was dropped from the lossy fanout path.
    SubscriberDropped,
    /// Caller could not determine loss precision.
    Unknown,
}

/// Request input for subscriber frontier observation.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct SubscriberFrontierRequest {
    /// Observed source lane.
    pub source: SubscriberFrontierSource,
    /// Last consumed global sequence if known.
    pub consumed_frontier_sequence: Option<u64>,
    /// Delivery state observed by caller.
    pub delivery_state: SubscriberDeliveryState,
    /// Loss precision observed by caller.
    pub loss_precision: LossPrecision,
    /// Exact dropped ranges when `loss_precision == ExactRange`.
    pub exact_dropped_ranges: Vec<(u64, u64)>,
}

impl SubscriberFrontierRequest {
    /// Build a lossy push observation request.
    #[must_use]
    pub fn lossy_push(
        consumed_frontier_sequence: Option<u64>,
        delivery_state: SubscriberDeliveryState,
        loss_precision: LossPrecision,
    ) -> Self {
        Self {
            source: SubscriberFrontierSource::LossyPush,
            consumed_frontier_sequence,
            delivery_state,
            loss_precision,
            exact_dropped_ranges: Vec::new(),
        }
    }

    /// Build a cursor-backed observation request.
    #[must_use]
    pub fn cursor_backed(
        consumed_frontier_sequence: Option<u64>,
        delivery_state: SubscriberDeliveryState,
        loss_precision: LossPrecision,
    ) -> Self {
        Self {
            source: SubscriberFrontierSource::CursorBacked,
            consumed_frontier_sequence,
            delivery_state,
            loss_precision,
            exact_dropped_ranges: Vec::new(),
        }
    }
}

/// Deterministic structural findings from subscriber frontier observation.
#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
pub enum SubscriberFrontierFinding {
    /// Consumed frontier was not provided.
    ConsumedFrontierUnknown,
    /// Delivery state was unknown.
    DeliveryStateUnknown,
    /// Subscriber lag is observed in event-sequence units.
    LagObserved {
        /// Number of events between available and consumed frontiers.
        lag_events: u64,
    },
    /// Caller-reported consumed frontier is ahead of the available frontier.
    ConsumedFrontierAheadOfAvailable {
        /// Caller-reported consumed sequence.
        consumed_sequence: u64,
        /// Available sequence for the observed source lane.
        available_sequence: u64,
    },
    /// Delivery path reported dropped subscriber state.
    DeliveryDropped,
    /// Delivery path reported disconnection.
    DeliveryDisconnected,
    /// Loss is observed with the given precision class.
    LossObserved {
        /// Precision class for loss observations.
        precision: LossPrecision,
    },
    /// Exact dropped range when precision is available.
    ExactDroppedRange {
        /// Inclusive range start.
        start_sequence: u64,
        /// Exclusive range end.
        end_sequence: u64,
    },
}

/// Deterministic report body for subscriber frontier evidence.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct SubscriberFrontierReportBody {
    /// Report-body schema version.
    pub schema_version: u16,
    /// Observed source lane.
    pub source: SubscriberFrontierSource,
    /// Last consumed frontier sequence.
    pub consumed_frontier_sequence: Option<u64>,
    /// Available frontier sequence relevant to the source lane.
    pub available_frontier_sequence: u64,
    /// Lag in events if consumed frontier is known.
    pub lag_events: Option<u64>,
    /// Coarse delivery state.
    pub delivery_state: SubscriberDeliveryState,
    /// Loss precision class.
    pub loss_precision: LossPrecision,
    /// Deterministic structural findings.
    pub findings: Vec<SubscriberFrontierFinding>,
}

/// Subscriber frontier evidence report.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct SubscriberFrontierEvidenceReport {
    /// Deterministic report body.
    pub body: SubscriberFrontierReportBody,
    /// Canonical hash of `body`.
    pub body_hash: SubscriberFrontierHash,
    /// Optional generation timestamp metadata outside deterministic identity.
    pub generated_at_unix_ms: Option<u64>,
    /// Optional producer version metadata outside deterministic identity.
    pub batpak_version: Option<String>,
    /// Optional diagnostics outside deterministic identity.
    pub diagnostics: Vec<String>,
}

/// Error returned when subscriber frontier report generation fails.
#[derive(Clone, Debug, PartialEq, Eq)]
#[non_exhaustive]
pub enum SubscriberFrontierReportError {
    /// Canonical report-body encoding failed.
    BodyEncoding {
        /// Human-readable encoding failure.
        message: String,
    },
}

impl std::fmt::Display for SubscriberFrontierReportError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::BodyEncoding { message } => {
                write!(
                    f,
                    "subscriber frontier report body encoding failed: {message}"
                )
            }
        }
    }
}

impl std::error::Error for SubscriberFrontierReportError {}

impl<State> Store<State> {
    /// Build a deterministic subscriber frontier evidence report.
    ///
    /// # Errors
    /// Returns [`SubscriberFrontierReportError::BodyEncoding`] when canonical
    /// encoding of the deterministic report body fails.
    pub fn subscriber_frontier_observation(
        &self,
        request: &SubscriberFrontierRequest,
    ) -> Result<SubscriberFrontierEvidenceReport, SubscriberFrontierReportError> {
        let frontier = self.frontier();
        let available_frontier_sequence = match request.source {
            SubscriberFrontierSource::LossyPush => frontier.emitted_hlc.global_sequence,
            SubscriberFrontierSource::CursorBacked => frontier.current_visible_hlc.global_sequence,
        };

        let lag_events = request
            .consumed_frontier_sequence
            .map(|consumed| available_frontier_sequence.saturating_sub(consumed));

        let mut findings = Vec::new();
        if request.consumed_frontier_sequence.is_none() {
            findings.push(SubscriberFrontierFinding::ConsumedFrontierUnknown);
        }
        if request.delivery_state == SubscriberDeliveryState::Unknown {
            findings.push(SubscriberFrontierFinding::DeliveryStateUnknown);
        }
        if let Some(lag) = lag_events {
            if lag > 0 {
                findings.push(SubscriberFrontierFinding::LagObserved { lag_events: lag });
            }
        }
        if let Some(consumed_sequence) = request.consumed_frontier_sequence {
            if consumed_sequence > available_frontier_sequence {
                findings.push(
                    SubscriberFrontierFinding::ConsumedFrontierAheadOfAvailable {
                        consumed_sequence,
                        available_sequence: available_frontier_sequence,
                    },
                );
            }
        }

        match request.delivery_state {
            SubscriberDeliveryState::Dropped => {
                findings.push(SubscriberFrontierFinding::DeliveryDropped)
            }
            SubscriberDeliveryState::Disconnected => {
                findings.push(SubscriberFrontierFinding::DeliveryDisconnected)
            }
            SubscriberDeliveryState::Active
            | SubscriberDeliveryState::Lagging
            | SubscriberDeliveryState::Unknown => {}
        }

        if request.loss_precision != LossPrecision::Unknown {
            findings.push(SubscriberFrontierFinding::LossObserved {
                precision: request.loss_precision,
            });
        }
        if request.loss_precision == LossPrecision::ExactRange {
            let mut ranges = request.exact_dropped_ranges.clone();
            ranges.sort_unstable();
            for (start_sequence, end_sequence) in ranges {
                findings.push(SubscriberFrontierFinding::ExactDroppedRange {
                    start_sequence,
                    end_sequence,
                });
            }
        }

        crate::evidence::sort_findings(&mut findings);

        let body = SubscriberFrontierReportBody {
            schema_version: SUBSCRIBER_FRONTIER_REPORT_SCHEMA_VERSION,
            source: request.source,
            consumed_frontier_sequence: request.consumed_frontier_sequence,
            available_frontier_sequence,
            lag_events,
            delivery_state: request.delivery_state,
            loss_precision: request.loss_precision,
            findings,
        };
        let body_hash = report_body_hash(&body)?;
        Ok(SubscriberFrontierEvidenceReport {
            body,
            body_hash,
            generated_at_unix_ms: None,
            batpak_version: None,
            diagnostics: Vec::new(),
        })
    }
}

fn report_body_hash(
    body: &SubscriberFrontierReportBody,
) -> Result<SubscriberFrontierHash, SubscriberFrontierReportError> {
    crate::evidence::report_body_hash(body, |message| {
        SubscriberFrontierReportError::BodyEncoding { message }
    })
}

#[cfg(test)]
mod tests {
    use super::{LossPrecision, SubscriberFrontierFinding};

    #[test]
    fn subscriber_frontier_findings_are_sorted_structurally() {
        let mut findings = vec![
            SubscriberFrontierFinding::ExactDroppedRange {
                start_sequence: 20,
                end_sequence: 30,
            },
            SubscriberFrontierFinding::ExactDroppedRange {
                start_sequence: 10,
                end_sequence: 15,
            },
            SubscriberFrontierFinding::LossObserved {
                precision: LossPrecision::Unknown,
            },
        ];
        crate::evidence::sort_findings(&mut findings);

        assert_eq!(
            findings,
            vec![
                SubscriberFrontierFinding::LossObserved {
                    precision: LossPrecision::Unknown,
                },
                SubscriberFrontierFinding::ExactDroppedRange {
                    start_sequence: 10,
                    end_sequence: 15,
                },
                SubscriberFrontierFinding::ExactDroppedRange {
                    start_sequence: 20,
                    end_sequence: 30,
                },
            ],
            "PROPERTY: subscriber frontier findings must be sorted in deterministic structural order"
        );
    }
}