budgetkernel 0.1.2

A small, auditable, deterministic budget accounting kernel with zero heap allocation on the hot path.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

//! The outcome of a charge.
//!
//! A [`Verdict`] has exactly three shapes: the charge was accepted and
//! the budget has headroom ([`Verdict::Continue`]); the charge was
//! accepted but a dimension has crossed its warn threshold
//! ([`Verdict::Warn`]); the charge pushed a dimension past its limit
//! ([`Verdict::Exhausted`]).
//!
//! ## Firing semantics
//!
//! [`Verdict::Warn`] is returned on every charge where a dimension's
//! running total exceeds its warn threshold but has not exceeded its
//! limit. It is **not** one-shot. [`Verdict::Warn`] may still be
//! returned at `spent == limit`; exhaustion begins only when
//! `spent > limit`. The kernel deliberately holds no
//! suppression state: if it did, `Verdict` would depend on prior calls
//! and break determinism. Callers who want one-shot warning behavior
//! (warn once per run, then suppress) track that in their adapter.
//!
//! ## Priority
//!
//! When a charge simultaneously crosses a warn threshold and exhausts a
//! limit, [`Verdict::Exhausted`] wins. The kernel checks exhaustion
//! first and never reports `Warn` for a charge that also exhausted.

use crate::Dim;

/// The outcome of a single [`charge`](crate::Budget::charge) call.
#[derive(Copy, Clone, Eq, PartialEq, Debug)]
pub enum Verdict {
    /// The charge was accepted and no threshold was crossed.
    Continue,

    /// The charge was accepted, but the named dimension's running total
    /// now exceeds its configured warn threshold. The budget is not
    /// exhausted — the caller may continue, but should consider this
    /// a preemption signal.
    Warn(Dim),

    /// The charge pushed the named dimension's running total past its
    /// configured limit. Inclusive: a charge that brings `spent` exactly
    /// to `limit` returns [`Verdict::Continue`] (or [`Verdict::Warn`]);
    /// a charge that brings `spent` to `limit + 1` or beyond returns
    /// `Exhausted`.
    Exhausted(Dim),
}

impl Verdict {
    /// Return the worse of two verdicts.
    ///
    /// Severity order is:
    ///
    /// 1. [`Verdict::Exhausted`]
    /// 2. [`Verdict::Warn`]
    /// 3. [`Verdict::Continue`]
    ///
    /// If both verdicts have the same severity, this method is
    /// left-biased: `self` wins. This is useful when reducing several
    /// sequential single-dimension charges into one branch decision.
    ///
    /// This does **not** make multiple charges atomic. It only combines
    /// their already-returned verdicts.
    #[must_use]
    pub const fn worst(self, other: Self) -> Self {
        match (self, other) {
            (Self::Exhausted(dim), _) | (_, Self::Exhausted(dim)) => Self::Exhausted(dim),
            (Self::Warn(dim), _) | (_, Self::Warn(dim)) => Self::Warn(dim),
            (Self::Continue, Self::Continue) => Self::Continue,
        }
    }

    /// `true` if this verdict indicates the budget has headroom
    /// (i.e., not `Exhausted`). Convenience for the common
    /// `while budget.charge(...).is_continuing() { ... }` pattern.
    #[must_use]
    pub const fn is_continuing(self) -> bool {
        !matches!(self, Self::Exhausted(_))
    }

    /// `true` if this verdict is `Exhausted`.
    #[must_use]
    pub const fn is_exhausted(self) -> bool {
        matches!(self, Self::Exhausted(_))
    }

    /// The dimension that triggered the verdict, if any. `Continue`
    /// returns `None`; `Warn` and `Exhausted` return the dimension.
    #[must_use]
    pub const fn dimension(self) -> Option<Dim> {
        match self {
            Self::Continue => None,
            Self::Warn(d) | Self::Exhausted(d) => Some(d),
        }
    }
}

#[cfg(test)]
#[allow(clippy::indexing_slicing)]
mod tests {
    use super::*;

    #[test]
    fn continue_is_continuing_and_not_exhausted() {
        let v = Verdict::Continue;
        assert!(v.is_continuing());
        assert!(!v.is_exhausted());
        assert_eq!(v.dimension(), None);
    }

    #[test]
    fn warn_is_continuing_and_not_exhausted() {
        let v = Verdict::Warn(Dim::Tokens);
        assert!(v.is_continuing());
        assert!(!v.is_exhausted());
        assert_eq!(v.dimension(), Some(Dim::Tokens));
    }

    #[test]
    fn exhausted_is_not_continuing() {
        let v = Verdict::Exhausted(Dim::Millis);
        assert!(!v.is_continuing());
        assert!(v.is_exhausted());
        assert_eq!(v.dimension(), Some(Dim::Millis));
    }

    #[test]
    fn worst_prefers_exhausted_over_warn_and_continue() {
        assert_eq!(
            Verdict::Continue.worst(Verdict::Exhausted(Dim::Tokens)),
            Verdict::Exhausted(Dim::Tokens)
        );
        assert_eq!(
            Verdict::Warn(Dim::Millis).worst(Verdict::Exhausted(Dim::Bytes)),
            Verdict::Exhausted(Dim::Bytes)
        );
    }

    #[test]
    fn worst_prefers_warn_over_continue() {
        assert_eq!(
            Verdict::Continue.worst(Verdict::Warn(Dim::Tokens)),
            Verdict::Warn(Dim::Tokens)
        );
        assert_eq!(
            Verdict::Warn(Dim::Millis).worst(Verdict::Continue),
            Verdict::Warn(Dim::Millis)
        );
    }

    #[test]
    fn worst_is_left_biased_for_same_severity() {
        assert_eq!(
            Verdict::Warn(Dim::Tokens).worst(Verdict::Warn(Dim::Millis)),
            Verdict::Warn(Dim::Tokens)
        );
        assert_eq!(
            Verdict::Exhausted(Dim::Calls).worst(Verdict::Exhausted(Dim::Bytes)),
            Verdict::Exhausted(Dim::Calls)
        );
    }
}