bucketwarden-server 0.1.0

BucketWarden storage server runtime.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

use super::*;

pub const CONSISTENCY_MODEL_STRONG_LOCAL: &str = "strong-local";
pub const CONSISTENCY_MODEL_EVENTUAL: &str = "eventual";
pub const CONSISTENCY_MODEL_SESSION: &str = "session";
pub const CONSISTENCY_MODEL_BOUNDED_STALENESS: &str = "bounded-staleness";

const CONSISTENCY_MODEL_CAPABILITIES: &[&str] = &[
    "read-after-write-consistency",
    "list-consistency",
    "overwrite-consistency",
    "delete-consistency",
    "metadata-consistency",
    "native-support-state",
    "semantic-parity",
    "configuration-admin-surface",
    "security-governance-impact",
    "observability-evidence",
    "failure-mode-behavior",
    "validation-test-coverage",
    "product-specific-caveats",
];

const CONSISTENCY_MODEL_CAVEATS: &[&str] = &[
    "BucketWarden supports strong local consistency inside a single runtime state authority.",
    "Reads, heads, lists, overwrites, deletes, and metadata reads observe committed local object state immediately.",
    "Eventual, session, and bounded-staleness consistency modes are tracked but fail closed outside the current runtime boundary.",
    "Strong local consistency does not claim distributed consensus, cross-region ordering, or multi-writer conflict semantics.",
];

const CONSISTENCY_MODEL_FAILURE_MODES: &[&str] = &[
    "unsupported-consistency-model-rejected",
    "invalid-consistency-policy-rejected",
    "stale-read-mode-rejected",
    "cross-region-consistency-out-of-bounds",
];

#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
pub struct ConsistencyModelSupportEntry {
    pub model: &'static str,
    pub native_support: bool,
    pub semantic_parity: &'static str,
    pub read_after_write: bool,
    pub list_consistency: bool,
    pub overwrite_consistency: bool,
    pub delete_consistency: bool,
    pub metadata_consistency: bool,
    pub failure_mode: &'static str,
    pub caveat: &'static str,
}

#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
pub struct ConsistencyModelSupportReport {
    pub active_model: &'static str,
    pub supported_models: Vec<&'static str>,
    pub unsupported_models: Vec<&'static str>,
    pub capabilities: Vec<&'static str>,
    pub failure_modes: Vec<&'static str>,
    pub caveats: Vec<&'static str>,
    pub entries: Vec<ConsistencyModelSupportEntry>,
}

#[derive(Clone, Debug, Default, Eq, PartialEq, Serialize)]
pub struct ConsistencyPolicy {
    pub model: String,
    pub stale_reads_allowed: bool,
    pub cross_region_ordering: bool,
}

impl BucketWarden {
    pub fn consistency_model_support_report(&self) -> ConsistencyModelSupportReport {
        ConsistencyModelSupportReport {
            active_model: CONSISTENCY_MODEL_STRONG_LOCAL,
            supported_models: vec![CONSISTENCY_MODEL_STRONG_LOCAL],
            unsupported_models: vec![
                CONSISTENCY_MODEL_EVENTUAL,
                CONSISTENCY_MODEL_SESSION,
                CONSISTENCY_MODEL_BOUNDED_STALENESS,
            ],
            capabilities: CONSISTENCY_MODEL_CAPABILITIES.to_vec(),
            failure_modes: CONSISTENCY_MODEL_FAILURE_MODES.to_vec(),
            caveats: CONSISTENCY_MODEL_CAVEATS.to_vec(),
            entries: vec![
                ConsistencyModelSupportEntry {
                    model: CONSISTENCY_MODEL_STRONG_LOCAL,
                    native_support: true,
                    semantic_parity: "Single runtime state authority provides immediate visibility for committed object mutations.",
                    read_after_write: true,
                    list_consistency: true,
                    overwrite_consistency: true,
                    delete_consistency: true,
                    metadata_consistency: true,
                    failure_mode: "Invalid stale-read or cross-region policy is rejected.",
                    caveat: "Strong local consistency is scoped to the local runtime and persisted snapshot/store boundary.",
                },
                ConsistencyModelSupportEntry {
                    model: CONSISTENCY_MODEL_EVENTUAL,
                    native_support: false,
                    semantic_parity: "No delayed visibility or convergence-window semantics are claimed.",
                    read_after_write: false,
                    list_consistency: false,
                    overwrite_consistency: false,
                    delete_consistency: false,
                    metadata_consistency: false,
                    failure_mode: "Eventual consistency model selection is rejected as unsupported.",
                    caveat: "Eventual consistency requires explicit replication lag and convergence semantics.",
                },
                ConsistencyModelSupportEntry {
                    model: CONSISTENCY_MODEL_SESSION,
                    native_support: false,
                    semantic_parity: "No per-session read-your-writes token or causal session semantics are claimed.",
                    read_after_write: false,
                    list_consistency: false,
                    overwrite_consistency: false,
                    delete_consistency: false,
                    metadata_consistency: false,
                    failure_mode: "Session consistency model selection is rejected as unsupported.",
                    caveat: "Session consistency needs session-bound causal metadata before support.",
                },
                ConsistencyModelSupportEntry {
                    model: CONSISTENCY_MODEL_BOUNDED_STALENESS,
                    native_support: false,
                    semantic_parity: "No bounded stale read window, version lag, or timestamp lag semantics are claimed.",
                    read_after_write: false,
                    list_consistency: false,
                    overwrite_consistency: false,
                    delete_consistency: false,
                    metadata_consistency: false,
                    failure_mode: "Bounded-staleness consistency model selection is rejected as unsupported.",
                    caveat: "Bounded staleness needs explicit clock and replica lag contracts before support.",
                },
            ],
        }
    }

    pub fn ensure_consistency_model_supported(&self, model: &str) -> Result<(), RuntimeError> {
        let report = self.consistency_model_support_report();
        if report.supported_models.contains(&model) {
            Ok(())
        } else {
            Err(RuntimeError::UnsupportedConsistencyModel(model.to_string()))
        }
    }

    pub fn validate_consistency_policy(
        &self,
        policy: &ConsistencyPolicy,
    ) -> Result<(), RuntimeError> {
        self.ensure_consistency_model_supported(&policy.model)?;
        if policy.stale_reads_allowed {
            return Err(RuntimeError::InvalidConsistencyPolicy(
                "strong local consistency rejects stale-read mode".to_string(),
            ));
        }
        if policy.cross_region_ordering {
            return Err(RuntimeError::InvalidConsistencyPolicy(
                "cross-region ordering is outside the current consistency boundary".to_string(),
            ));
        }
        Ok(())
    }
}